#!/bin/bash ########################################################################## # Script : deploy secure fw # Autor : Jobst Heinermann # Copyright : macenterprise gmbh, 2020 ########################################################################## #Prüfung Zielordner if [[ ! -d /usr/local/scripts ]]; then mkdir -p /usr/local/scripts fi #Erstellung des Scripts read -d '' SCRIPT<<"EOS" #!/bin/bash ########################################################################## # Script : enable pf firewall if external # Autor : Jobst Heinermann # Copyright : macenterprise gmbh, 2020 ########################################################################## #Logging LOG='/var/log/ing.log' if [[ ! -f $LOG ]] then touch $LOG /bin/echo "*****" $(date +%d.%m.%Y" - "%H:%M:%S) "*****" >> $LOG /bin/echo "Logfile erstellt" >> $LOG fi #pf.conf configure_pg (){ /bin/echo " #ING block in log block out log " >> /etc/pf.conf /bin/echo "*****" $(date +%d.%m.%Y" - "%H:%M:%S) "*****" >> $LOG /bin/echo "pf config erstellt" >> $LOG } # pf config PF_CONFIG=$(cat /etc/pf.conf | grep "#ING" &>/dev/null; /bin/echo $?) if [[ $PF_CONFIG -gt 0 ]] then configure_pg fi test_ip(){ HOST1='216.58.205.227' HOST2='193.99.144.80' HOST3='217.13.69.39' EX1=$(/sbin/ping -t 1 -c 1 "$HOST1" &> /dev/null; /bin/echo $?) EX2=$(/sbin/ping -t 1 -c 1 "$HOST2" &> /dev/null; /bin/echo $?) EX3=$(/sbin/ping -t 1 -c 1 "$HOST3" &> /dev/null; /bin/echo $?) } #Variabeln # ping zu darf nicht erfolgreich sein ≠ 0 test_ip while [ "$EX1" -eq 0 ] || [ "$EX2" -eq 0 ] || [ "$EX3" -eq 0 ] do /sbin/pfctl -E /bin/echo "*****" $(date +%d.%m.%Y" - "%H:%M:%S) "*****" >> $LOG /bin/echo "EXTERN - pf aktiv" >> $LOG /bin/echo "EXTERN - pf aktiv" sleep 5 /sbin/pfctl -d test_ip done /sbin/pfctl -d /bin/echo "*****" $(date +%d.%m.%Y" - "%H:%M:%S) "*****" >> $LOG /bin/echo "INTERN - pf deaktiviert" >> $LOG /bin/echo "INTERN - pf deaktiviert" exit 0 EOS /bin/echo "$SCRIPT" > /usr/local/scripts/de.ing.secure_fw.sh #Funktionen function LaunchDaemon(){ /bin/cat < /Library/LaunchDaemons/de.ing.secure_fw.plist Disabled KeepAlive Label de.ing.secure_fw Program /usr/local/scripts/de.ing.secure_fw.sh RunAtLoad WatchPaths /var/run/resolv.conf /Library/Preferences/SystemConfiguration/preferences.plist EOD } function SetPermissions(){ chown root:wheel /Library/LaunchDaemons/de.ing.secure_fw.plist chmod 700 /usr/local/scripts chmod 644 /Library/LaunchDaemons/de.ing.secure_fw.plist chmod u+x /usr/local/scripts/de.ing.secure_fw.sh } function LoadDaemon(){ launchctl load /Library/LaunchDaemons/de.ing.secure_fw.plist } # LaunchDaemon schreiben, laden, Script schreiben LaunchDaemon SetPermissions LoadDaemon exit 0