130 lines
3.0 KiB
Bash
130 lines
3.0 KiB
Bash
#!/bin/bash
|
|
|
|
|
|
##########################################################################
|
|
# Script : deploy secure fw
|
|
# Autor : Jobst Heinermann
|
|
# Copyright : macenterprise gmbh, 2020
|
|
##########################################################################
|
|
|
|
|
|
#Prüfung Zielordner
|
|
if [[ ! -d /usr/local/scripts ]]; then
|
|
mkdir -p /usr/local/scripts
|
|
fi
|
|
|
|
#Erstellung des Scripts
|
|
read -d '' SCRIPT<<"EOS"
|
|
#!/bin/bash
|
|
|
|
##########################################################################
|
|
# Script : enable pf firewall if external
|
|
# Autor : Jobst Heinermann
|
|
# Copyright : macenterprise gmbh, 2020
|
|
##########################################################################
|
|
|
|
#Logging
|
|
LOG='/var/log/ing.log'
|
|
if [[ ! -f $LOG ]]
|
|
then
|
|
touch $LOG
|
|
/bin/echo "*****" $(date +%d.%m.%Y" - "%H:%M:%S) "*****" >> $LOG
|
|
/bin/echo "Logfile erstellt" >> $LOG
|
|
fi
|
|
|
|
#pf.conf
|
|
configure_pg (){
|
|
/bin/echo "
|
|
#ING
|
|
block in log
|
|
block out log
|
|
" >> /etc/pf.conf
|
|
/bin/echo "*****" $(date +%d.%m.%Y" - "%H:%M:%S) "*****" >> $LOG
|
|
/bin/echo "pf config erstellt" >> $LOG
|
|
}
|
|
# pf config
|
|
PF_CONFIG=$(cat /etc/pf.conf | grep "#ING" &>/dev/null; /bin/echo $?)
|
|
if [[ $PF_CONFIG -gt 0 ]]
|
|
then
|
|
configure_pg
|
|
fi
|
|
|
|
test_ip(){
|
|
HOST1='216.58.205.227'
|
|
HOST2='193.99.144.80'
|
|
HOST3='217.13.69.39'
|
|
EX1=$(/sbin/ping -t 1 -c 1 "$HOST1" &> /dev/null; /bin/echo $?)
|
|
EX2=$(/sbin/ping -t 1 -c 1 "$HOST2" &> /dev/null; /bin/echo $?)
|
|
EX3=$(/sbin/ping -t 1 -c 1 "$HOST3" &> /dev/null; /bin/echo $?)
|
|
}
|
|
|
|
#Variabeln
|
|
# ping zu darf nicht erfolgreich sein ≠ 0
|
|
test_ip
|
|
|
|
|
|
while [ "$EX1" -eq 0 ] || [ "$EX2" -eq 0 ] || [ "$EX3" -eq 0 ]
|
|
do
|
|
/sbin/pfctl -E
|
|
/bin/echo "*****" $(date +%d.%m.%Y" - "%H:%M:%S) "*****" >> $LOG
|
|
/bin/echo "EXTERN - pf aktiv" >> $LOG
|
|
/bin/echo "EXTERN - pf aktiv"
|
|
sleep 5
|
|
/sbin/pfctl -d
|
|
test_ip
|
|
done
|
|
|
|
|
|
/sbin/pfctl -d
|
|
/bin/echo "*****" $(date +%d.%m.%Y" - "%H:%M:%S) "*****" >> $LOG
|
|
/bin/echo "INTERN - pf deaktiviert" >> $LOG
|
|
/bin/echo "INTERN - pf deaktiviert"
|
|
exit 0
|
|
EOS
|
|
/bin/echo "$SCRIPT" > /usr/local/scripts/de.ing.secure_fw.sh
|
|
|
|
#Funktionen
|
|
function LaunchDaemon(){
|
|
/bin/cat <<EOD > /Library/LaunchDaemons/de.ing.secure_fw.plist
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>Disabled</key>
|
|
<false/>
|
|
<key>KeepAlive</key>
|
|
<true/>
|
|
<key>Label</key>
|
|
<string>de.ing.secure_fw</string>
|
|
<key>Program</key>
|
|
<string>/usr/local/scripts/de.ing.secure_fw.sh</string>
|
|
<key>RunAtLoad</key>
|
|
<true/>
|
|
<key>WatchPaths</key>
|
|
<array>
|
|
<string>/var/run/resolv.conf</string>
|
|
<string>/Library/Preferences/SystemConfiguration/preferences.plist</string>
|
|
</array>
|
|
</dict>
|
|
</plist>
|
|
EOD
|
|
}
|
|
|
|
function SetPermissions(){
|
|
chown root:wheel /Library/LaunchDaemons/de.ing.secure_fw.plist
|
|
chmod 700 /usr/local/scripts
|
|
chmod 644 /Library/LaunchDaemons/de.ing.secure_fw.plist
|
|
chmod u+x /usr/local/scripts/de.ing.secure_fw.sh
|
|
}
|
|
|
|
function LoadDaemon(){
|
|
launchctl load /Library/LaunchDaemons/de.ing.secure_fw.plist
|
|
}
|
|
|
|
|
|
# LaunchDaemon schreiben, laden, Script schreiben
|
|
LaunchDaemon
|
|
SetPermissions
|
|
LoadDaemon
|
|
|
|
exit 0 |