Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung |
tachtler:firewallbuilder [2012/06/11 13:37] – klaus | tachtler:firewallbuilder [Unbekanntes Datum] (aktuell) – gelöscht - Externe Bearbeitung (Unbekanntes Datum) 127.0.0.1 |
---|
====== FirewallBuilder ====== | |
| |
[[tachtler:FirewallBuilder|{{:tachtler:index:fwbuilder-48x48.png }}]] Der [[http://www.fwbuilder.org/|FirewallBuilder]] ist ein grafisches Programm, welches einen **X-Server** benötigt um via Drag&Drop Firewall-Regeln für verschiedene Typen von Firewalls zu erstellen. Dabei ist die einfache, grafische Bedienung einer der größten Vorteile beim erstellen selbst komplexer Regelsätze, was enorm Zeitsparend ist und dazu **keine detaillierten Kenntnisse der Firewall-Syntax** voraussetzt. | |
| |
:!: **HINWEIS** - **Nachfolgend soll die Installation und eine mögliche Einbettung in eine bestehendes Betriebssystem veranschaulicht werden !!!** | |
| |
:!: **WICHTIG** - **Es werden weder eine Komplettlösungen, noch eine Anleitungen für eine komplette Firewall-Konfiguration gegeben !!!** | |
| |
:!: **HINWEIS** - **Mehr Informationen zum gezielten Einsatz, können unter nachfolgenden Link bezogen werden:** | |
* **[[http://www.fwbuilder.org|http://www.fwbuilder.org - Dokumentationen]]** | |
| |
Ab hier werden zur Ausführung nachfolgender Befehle **''root''**-Rechte benötigt. Um der Benutzer ''root'' zu werden, melden Sie sich bitte als ''root''-Benutzer am System an, oder wechseln mit nachfolgendem Befehl zum Benutzer ''root'': | |
<code> | |
$ su - | |
Password: | |
</code> | |
| |
===== Voraussetzungen ===== | |
| |
Um den [[http://www.fwbuilder.org/|FirewallBuilder]] einsetzen zu können, müssen nachfolgende **Voraussetzungen** gegeben sein: | |
* Ein installiertes [[http://www.centos.org|CentOS]] **Version 6.0** Betriebssystem | |
* mit einem installierten und gestarteten lauffähigen **X-Server** und | |
* eine **Internet-Verbindung** | |
| |
:!: **HINWEIS** - Die Installation soll durch **Einbindung eines __externen__ Repositories** erfolgen, wie nachfolgen beschrieben! | |
| |
===== Installation ===== | |
| |
Zur Einbindung des **__externen Repositories__** von [[http://www.fwbuilder.org|http://www.fwbuilder.org]] kann mit nachfolgendem Befehl eine weitere Konfigurationsdatei für **''yum''**, den Paket-Manager von [[http://www.centos.org|CentOS]], erstellt werden und diese dann ebenfalls mit nachfolgendem Inhalt erstellt werden (**Basiskenntnisse des Datei-Editors ''vi'' bzw. ''vim'' werden vorausgesetzt**): | |
<code ini> | |
# vim /etc/yum.repos.d/fwbuilder.repo | |
[fwbuilder] | |
name=Firewall Builder | |
failovermethod=priority | |
baseurl=http://packages.fwbuilder.org/rpm/stable/rhel-$releasever-$basearch | |
enabled=1 | |
| |
[fwbuilder-testing] | |
name=Firewall Builder Test Builds | |
failovermethod=priority | |
baseurl=http://packages.fwbuilder.org/rpm/testing/rhel-$releasever-$basearch | |
enabled=0 | |
</code> | |
| |
:!: **HINWEIS** - **Auf den Einsatz des ''yum-plugin-priorities'', wird in dieser Beschreibung verzichtet !!!** | |
| |
Nachfolgend können die von **''yum''**, den Paket-Manager von [[http://www.centos.org|CentOS]], bereits zwischengespeicherten Informationen, welche bei der Nutzung von **''yum''** zu einem früheren Zeitpunkt bereits ermittelt wurden, mit nachfolgenden Befehl gelöscht werden, um eine Neuermittlung aller verfügbaren Paketinformationen durchzuführen: | |
<code> | |
# yum clean all | |
Loaded plugins: fastestmirror, refresh-packagekit | |
Cleaning up Everything | |
Cleaning up list of fastest mirrors | |
</code> | |
| |
Bevor die eigentlichen Installation des [[http://www.fwbuilder.org|FirewallBuilder]] beginnen kann, sollte aus **Sicherheitsaspekten**, der **GPG**-Schlüssel noch in **''yum''**, den Paket-Manager von [[http://www.centos.org|CentOS]], importiert werden, was mit nachfolgendem Befehl durchgeführt werden kann (**Es wird von der Vertrauenswürdigkeit des Download-Links des __GPG__-Schlüssels ausgegangen**): | |
<code> | |
# rpm --import http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc | |
</code> | |
| |
:!: **HINWEIS** - **Es erfolgt __KEINE__ Ausgabe einer Bestätigung, dass der __GPG__-Schlüssel importiert wurde !!!** | |
| |
Um das **Importieren** des **GPG**-Schlüssels zu überprüfen, kann nachfolgender Befehl verwendet werden, welcher ebenfalls nachfolgende Ausgabe erzeugen sollte. (**Der als erstes aufgelistete __GPG__-Schlüssel, sollte hinzugekommen sein!**): | |
<code> | |
# rpm -qa gpg-pubkey | |
gpg-pubkey-eaee08fe-4a0f5464 | |
gpg-pubkey-c105b9de-4e0fd3a3 | |
</code> | |
| |
Die **eigentliche Installation** wird nun durch ausführen des nachfolgenden Befehls durchgeführt, welcher auch gleichzeitig die Aktualisierung aller Paket-Informationen durch **''yum''**, den Paket-Manager von [[http://www.centos.org|CentOS]], __**in diesem Fall**__ durchführt: | |
<code> | |
# yum install fwbuilder | |
Loaded plugins: fastestmirror, refresh-packagekit | |
Determining fastest mirrors | |
* base: centos.intergenia.de | |
* extras: centos.intergenia.de | |
* updates: centos.intergenia.de | |
base | 3.7 kB 00:00 | |
base/primary_db | 4.2 MB 00:04 | |
extras | 951 B 00:00 | |
extras/primary | 203 B 00:00 | |
fwbuilder | 951 B 00:00 | |
fwbuilder/primary | 1.4 kB 00:00 | |
fwbuilder 1/1 | |
updates | 3.5 kB 00:00 | |
updates/primary_db | 3.3 MB 00:16 | |
Setting up Install Process | |
Resolving Dependencies | |
--> Running transaction check | |
---> Package fwbuilder.x86_64 0:5.0.0.3568-1.el6 set to be updated | |
--> Finished Dependency Resolution | |
| |
Dependencies Resolved | |
| |
================================================================================ | |
Package Arch Version Repository Size | |
================================================================================ | |
Installing: | |
fwbuilder x86_64 5.0.0.3568-1.el6 fwbuilder 10 M | |
| |
Transaction Summary | |
================================================================================ | |
Install 1 Package(s) | |
Upgrade 0 Package(s) | |
| |
Total download size: 10 M | |
Installed size: 36 M | |
Is this ok [y/N]: y | |
Downloading Packages: | |
fwbuilder-5.0.0.3568-1.el6.x86_64.rpm | 10 MB 00:09 | |
Running rpm_check_debug | |
Running Transaction Test | |
Transaction Test Succeeded | |
Running Transaction | |
Installing : fwbuilder-5.0.0.3568-1.el6.x86_64 1/1 | |
| |
Installed: | |
fwbuilder.x86_64 0:5.0.0.3568-1.el6 | |
| |
Complete! | |
</code> | |
| |
Mit nachfolgendem Befehl kann überprüft werden, welcher Inhalte mit den Paket **''fwbuilder''** installiert wurden. | |
<code> | |
# rpm -qil fwbuilder | |
Name : fwbuilder Relocations: (not relocatable) | |
Version : 5.0.0.3568 Vendor: NetCitadel LLC., http://sourceforge.net/project/showfiles.php?group_id=5314 | |
Release : 1.el6 Build Date: Tue 26 Jul 2011 01:32:04 PM CEST | |
Install Date: Thu 18 Aug 2011 06:09:11 PM CEST Build Host: rhel6-64.vk.crocodile.org | |
Group : Applications/System Source RPM: fwbuilder-5.0.0.3568-1.el6.src.rpm | |
Size : 38199494 License: GPL2 | |
Signature : DSA/SHA1, Thu 28 Jul 2011 02:05:21 AM CEST, Key ID ef2edd98eaee08fe | |
Packager : Vadim Kurland <vadim@fwbuilder.org> | |
URL : http://www.fwbuilder.org/ | |
Summary : Firewall Builder | |
Description : | |
Firewall Builder consists of a GUI and set of policy compilers for | |
various firewall platforms. It helps users maintain a database of | |
objects and allows policy editing using simple drag-and-drop | |
operations. GUI generates firewall description in the form of XML | |
file, which compilers then interpret and generate platform-specific | |
code. Several algorithms are provided for automated network objects | |
discovery and bulk import of data. The GUI and policy compilers are | |
completely independent, this provides for a consistent abstract model | |
and the same GUI for different firewall platforms. | |
/usr/bin/fwb_iosacl | |
/usr/bin/fwb_ipf | |
/usr/bin/fwb_ipfw | |
/usr/bin/fwb_ipt | |
/usr/bin/fwb_pf | |
/usr/bin/fwb_pix | |
/usr/bin/fwb_procurve_acl | |
/usr/bin/fwbedit | |
/usr/bin/fwbuilder | |
/usr/share/applications/fwbuilder.desktop | |
/usr/share/doc/fwbuilder-5.0.0.3568 | |
/usr/share/doc/fwbuilder-5.0.0.3568/AUTHORS | |
/usr/share/doc/fwbuilder-5.0.0.3568/COPYING | |
/usr/share/doc/fwbuilder-5.0.0.3568/ChangeLog | |
/usr/share/doc/fwbuilder-5.0.0.3568/Credits | |
/usr/share/doc/fwbuilder-5.0.0.3568/FWBuilder-Routing-LICENSE.txt | |
/usr/share/doc/fwbuilder-5.0.0.3568/PatchAcceptancePolicy.txt | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.floppyfw | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.iosacl | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.ipf | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.ipfw | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.ipt | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.pf | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.pix | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.pix_routing | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.policy_import | |
/usr/share/doc/fwbuilder-5.0.0.3568/README.routing | |
/usr/share/fwbuilder-5.0.0.3568 | |
/usr/share/fwbuilder-5.0.0.3568/configlets | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/bridge_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/bridge_port | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/carp_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/ifconfig_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/kernel_vars | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/pfsync_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/shell_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/tools | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_addresses | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_bridge | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_carp | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_pfsync | |
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_vlans | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/check_utilities | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/routing_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/check_utilities | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/routing_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/carp_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/ifconfig_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/kernel_vars | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_bridge_port | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_carp_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_ifconfig_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_kernel_vars | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_pfsync_interface | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/routing_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/tools | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_commands_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_commands_3_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_interface_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_interface_3_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_post_config | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_pre_config | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/ntp | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/regular_interface_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/regular_interface_3_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/snmp | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/ssh | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_parent_interface_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_parent_interface_3_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_subinterface_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_subinterface_3_2 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ios | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_post_config | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_pre_config | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/safety_net_acl | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/automatic_rules | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/kernel_vars | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/shell_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_addresses | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_bonding | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_bridge | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_vlans | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipf | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/activation | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/automatic_rules | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/block_action | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/check_utilities | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/conntrack | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/constants | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/ip_forwarding | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/kernel_vars | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/load_modules | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/prolog_epilog_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/reset_iptables | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/routing_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/run_time_address_tables | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/run_time_wrappers | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_iptables_restore | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_iptables_shell | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_single_rule | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/shell_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/status_action | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/stop_action | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_addresses | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_bonding | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_bridge | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_vlans | |
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/verify_interfaces | |
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx | |
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/kernel_vars | |
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/tools | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/kernel_vars | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/routing_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/tools | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/check_utilities | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/load_modules | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pf | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/activation | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_activation | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_commands_6 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_commands_7 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_interface_6 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_interface_7 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_post_config | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_pre_config | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/ntp | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/regular_interface_6 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/regular_interface_7 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/snmp | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/ssh | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_parent_interface_6 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_parent_interface_7 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_subinterface_6 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_subinterface_7 | |
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve | |
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_post_config | |
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_pre_config | |
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/safety_net_acl | |
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall | |
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/management_rules | |
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris | |
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/kernel_vars | |
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/tools | |
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft | |
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/installer_commands_reg_user | |
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/installer_commands_root | |
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/script_skeleton | |
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/shell_functions | |
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/top_comment | |
/usr/share/fwbuilder-5.0.0.3568/fwbuilder.dtd | |
/usr/share/fwbuilder-5.0.0.3568/help | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/cluster_interfaces.png | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/create_and_add_to_group.png | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipcopAdvancedDialog.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipcoposAdvancedDialog.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipfw_Classify.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptAdvancedDialog.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Branch.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Classify.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Route.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Tag.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_rule_options.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/linux24AdvancedDialog.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/main.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/new_bridge_interfaces.png | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pfAdvancedDialog.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Branch.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Classify.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Route.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Tag.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_rule_options.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-failover-group-1.png | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-failover-groups-mapping.png | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-statesync-group-1.png | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-statesync-group-mapping.png | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.0.0.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.0.1.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.0.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.1.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.2.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.3.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.0.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.1.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.2.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_5.0.0.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/state_sync_configuration.png | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip01.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip02.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip03.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip04.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip05.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip06.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip07.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip08.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip09.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip10.html | |
/usr/share/fwbuilder-5.0.0.3568/help/en_US/vlan_interfaces.png | |
/usr/share/fwbuilder-5.0.0.3568/migration | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.0.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.1.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.10.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.11.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.12.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.13.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.14.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.2.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.3.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.4.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.5.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.6.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.7.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.8.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.9.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.0.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.1.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.2.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.3.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.4.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.5.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.0.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.1.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.2.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_10.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_11.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_12.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_13.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_14.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_15.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_16.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_17.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_18.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_19.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.0.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.1.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.10.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.11.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.12.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.2.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.3.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.4.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.5.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.6.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.7.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.8.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.9.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.99.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.0.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.1.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.10.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.11.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.12.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.13.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.14.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.15.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.16.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.17.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.18.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.19.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.2.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.3.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.4.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.5.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.6.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.7.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.8.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.9.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.99.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_20.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_21.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_3.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_4.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_5.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_6.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_7.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_8.xslt | |
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_9.xslt | |
/usr/share/fwbuilder-5.0.0.3568/objects_init.xml | |
/usr/share/fwbuilder-5.0.0.3568/os | |
/usr/share/fwbuilder-5.0.0.3568/os/dd-wrt-jffs.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/dd-wrt-nvram.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/endian.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/freebsd.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/fwsm_os.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/ios.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/ipcop.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/linux24.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/macosx.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/oneshield.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/openbsd.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/openwrt.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/pix_os.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/procurve.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/secuwall.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/solaris.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/sveasoft.xml | |
/usr/share/fwbuilder-5.0.0.3568/os/unknown_os.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform | |
/usr/share/fwbuilder-5.0.0.3568/platform/fwsm.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform/iosacl.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform/ipf.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform/ipfw.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform/iptables.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform/pf.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform/pix.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform/procurve_acl.xml | |
/usr/share/fwbuilder-5.0.0.3568/platform/unknown.xml | |
/usr/share/fwbuilder-5.0.0.3568/resources.xml | |
/usr/share/fwbuilder-5.0.0.3568/templates.xml | |
/usr/share/icons/hicolor/128x128/apps/fwbuilder.png | |
/usr/share/icons/hicolor/16x16/apps/fwbuilder.png | |
/usr/share/icons/hicolor/24x24/apps/fwbuilder.png | |
/usr/share/icons/hicolor/256x256/apps/fwbuilder.png | |
/usr/share/icons/hicolor/32x32/apps/fwbuilder.png | |
/usr/share/icons/hicolor/48x48/apps/fwbuilder.png | |
/usr/share/icons/hicolor/512x512/apps/fwbuilder.png | |
/usr/share/icons/hicolor/72x72/apps/fwbuilder.png | |
/usr/share/man/man1/fwb_iosacl.1.gz | |
/usr/share/man/man1/fwb_ipf.1.gz | |
/usr/share/man/man1/fwb_ipfw.1.gz | |
/usr/share/man/man1/fwb_ipt.1.gz | |
/usr/share/man/man1/fwb_pf.1.gz | |
/usr/share/man/man1/fwb_pix.1.gz | |
/usr/share/man/man1/fwbedit.1.gz | |
/usr/share/man/man1/fwbuilder.1.gz | |
</code> | |
| |
===== Repository spiegeln ===== | |
| |
Ähnlich wie bei nachfolgendem Eintrag innerhalb dieses DokuWiki's, | |
* [[tachtler:repository_spiegeln_centos_6|Repository spiegeln CentOS 6]] | |
kann auch das **Repository** des [[http://www.fwbuilder.org|Firewallbuilders]] gespiegelt werden. | |
| |
Allerdings handelt es sich hierbei nicht um einen Respository-Server, welcher **klassisch** mit **''rsync''** gespiegelt werden kann, vielmehr soll mit nachfolgendem Script aufgezeigt werden, wie dies unter Zuhilfenahme des Programms **''wget''** realisiert werden könnte. | |
| |
:!: **HINWEIS** - **Dies ist __nur__ eine Möglichkeit!** | |
| |
Nachfolgend das Script, welches das Repository des [[http://www.fwbuilder.org|Firewallbuilders]] für [[http://centos.org|CentOS]] ab der **Version 6.x** spiegelt: | |
<code bash> | |
#!/bin/bash | |
| |
############################################################################## | |
# Script-Name : wget_fwbuilder_el6.sh # | |
# Description : Script to sync via rsync command repositorys from official # | |
# mirror servers. On successful execution only a LOG file will # | |
# be written. On error while execution, a LOG file and a error # | |
# message will be send by e-mail. # | |
# # | |
# Last update : 11.01.2012 # | |
# Version : 1.00 # | |
# # | |
# Author : Klaus Tachtler, <klaus@tachtler.net> # | |
# DokuWiki : http://www.dokuwiki.tachtler.net # | |
# Homepage : http://www.tachtler.net # | |
# # | |
# +----------------------------------------------------------------------+ # | |
# | This program is free software; you can redistribute it and/or modify | # | |
# | it under the terms of the GNU General Public License as published by | # | |
# | the Free Software Foundation; either version 2 of the License, or | # | |
# | (at your option) any later version. | # | |
# +----------------------------------------------------------------------+ # | |
# # | |
# Copyright (c) 2012 by Klaus Tachtler. # | |
# # | |
############################################################################## | |
| |
############################################################################## | |
# H I S T O R Y # | |
############################################################################## | |
# Version : x.xx # | |
# Description : <Description> # | |
# -------------------------------------------------------------------------- # | |
# Version : x.xx # | |
# Description : <Description> # | |
# -------------------------------------------------------------------------- # | |
############################################################################## | |
| |
############################################################################## | |
# >>> Please edit following lines for personal command and/or repositorys. ! # | |
############################################################################## | |
| |
# CUSTOM - Script-Name. | |
SCRIPT_NAME='wget_fwbuilder_el6' | |
| |
# CUSTOM - Command-Line. | |
WGET_CMDOPTS='-r -nH --cut-dirs=2 --no-parent --reject index.htm* ' | |
| |
# CUSTOM - Repository-Mirrors. | |
REPO_SOURCE1='http://packages.fwbuilder.org/rpm/stable/rhel-6-i686/' | |
REPO_SOURCE2='http://packages.fwbuilder.org/rpm/stable/rhel-6-x86_64/' | |
REPO_TARGET='/data/repository/private/Mirrors/fwbuilder/rpm/stable' | |
| |
# CUSTOM - Mail-Recipient. | |
MAIL_RECIPIENT='root@tachtler.net' | |
| |
# CUSTOM - Status-Mail [Y|N]. | |
MAIL_STATUS='N' | |
| |
############################################################################## | |
# >>> Normaly there is no need to change anything below this comment line. ! # | |
############################################################################## | |
| |
# Variables. | |
WGET_COMMAND=`command -v wget` | |
TOUCH_COMMAND=`command -v touch` | |
RM_COMMAND=`command -v rm` | |
PROG_SENDMAIL=`command -v sendmail` | |
CAT_COMMAND=`command -v cat` | |
DATE_COMMAND=`command -v date` | |
MKDIR_COMMAND=`command -v mkdir` | |
LN_COMMAND=`command -v ln` | |
FILE_LOCK='/tmp/'$SCRIPT_NAME'.lock' | |
FILE_LOG='/var/log/'$SCRIPT_NAME'.log' | |
FILE_LAST_LOG='/tmp/'$SCRIPT_NAME'.log' | |
FILE_MAIL='/tmp/'$SCRIPT_NAME'.mail' | |
VAR_HOSTNAME=`uname -n` | |
VAR_SENDER='root@'$VAR_HOSTNAME | |
VAR_EMAILDATE=`$DATE_COMMAND '+%a, %d %b %Y %H:%M:%S (%Z)'` | |
| |
# Functions. | |
function log() { | |
echo $1 | |
echo `$DATE_COMMAND '+%Y/%m/%d %H:%M:%S'` " INFO:" $1 >>${FILE_LAST_LOG} | |
} | |
| |
function retval() { | |
if [ "$?" != "0" ]; then | |
case "$?" in | |
1) | |
log "ERROR: Generic error code." | |
;; | |
2) | |
log "ERROR: Parse error---for instance, when parsing command-line options, the .wgetrc or .netrc..." | |
;; | |
3) | |
log "ERROR: File I/O error." | |
;; | |
4) | |
log "ERROR: Network failure." | |
;; | |
5) | |
log "ERROR: SSL verification failure." | |
;; | |
6) | |
log "ERROR: Username/password authentication failure." | |
;; | |
7) | |
log "ERROR: Protocol errors." | |
;; | |
8) | |
log "ERROR: Server issued an error response." | |
;; | |
*) | |
log "ERROR: Unknown error $?" | |
;; | |
esac | |
fi | |
} | |
| |
function movelog() { | |
$CAT_COMMAND $FILE_LAST_LOG >> $FILE_LOG | |
$RM_COMMAND -f $FILE_LAST_LOG | |
$RM_COMMAND -f $FILE_LOCK | |
} | |
| |
function sendmail() { | |
case "$1" in | |
'STATUS') | |
MAIL_SUBJECT='Status execution '$SCRIPT_NAME' script.' | |
;; | |
*) | |
MAIL_SUBJECT='ERROR while execution '$SCRIPT_NAME' script !!!' | |
;; | |
esac | |
| |
$CAT_COMMAND <<MAIL >$FILE_MAIL | |
Subject: $MAIL_SUBJECT | |
Date: $VAR_EMAILDATE | |
From: $VAR_SENDER | |
To: $MAIL_RECIPIENT | |
| |
MAIL | |
| |
$CAT_COMMAND $FILE_LAST_LOG >> $FILE_MAIL | |
| |
$PROG_SENDMAIL -f $VAR_SENDER -t $MAIL_RECIPIENT < $FILE_MAIL | |
| |
$RM_COMMAND -f $FILE_MAIL | |
| |
} | |
| |
# Main. | |
log "" | |
log "+-----------------------------------------------------------------+" | |
log "| Start synchronisation from official repository server (mirror). |" | |
log "+-----------------------------------------------------------------+" | |
log "" | |
log "Run script with following parameter:" | |
log "" | |
log "SCRIPT_NAME...: $SCRIPT_NAME" | |
log "" | |
log "WGET_CMDOPTS..: $WGET_CMDOPTS" | |
log "" | |
log "REPO_SOURCE1..: $REPO_SOURCE1" | |
log "REPO_SOURCE2..: $REPO_SOURCE2" | |
log "REPO_TARGET...: $REPO_TARGET" | |
log "" | |
log "MAIL_RECIPIENT: $MAIL_RECIPIENT" | |
log "MAIL_STATUS...: $MAIL_STATUS" | |
log "" | |
| |
# Check if command (file) NOT exist OR IS empty. | |
if [ ! -s "$WGET_COMMAND" ]; then | |
log "Check if command '$WGET_COMMAND' was found.................[FAILED]" | |
sendmail ERROR | |
movelog | |
exit 10 | |
else | |
log "Check if command '$WGET_COMMAND' was found.................[ OK ]" | |
fi | |
| |
# Check if command (file) NOT exist OR IS empty. | |
if [ ! -s "$TOUCH_COMMAND" ]; then | |
log "Check if command '$TOUCH_COMMAND' was found....................[FAILED]" | |
sendmail ERROR | |
movelog | |
exit 11 | |
else | |
log "Check if command '$TOUCH_COMMAND' was found....................[ OK ]" | |
fi | |
| |
# Check if command (file) NOT exist OR IS empty. | |
if [ ! -s "$RM_COMMAND" ]; then | |
log "Check if command '$RM_COMMAND' was found.......................[FAILED]" | |
sendmail ERROR | |
movelog | |
exit 12 | |
else | |
log "Check if command '$RM_COMMAND' was found.......................[ OK ]" | |
fi | |
| |
# Check if command (file) NOT exist OR IS empty. | |
if [ ! -s "$CAT_COMMAND" ]; then | |
log "Check if command '$CAT_COMMAND' was found......................[FAILED]" | |
sendmail ERROR | |
movelog | |
exit 13 | |
else | |
log "Check if command '$CAT_COMMAND' was found......................[ OK ]" | |
fi | |
| |
# Check if command (file) NOT exist OR IS empty. | |
if [ ! -s "$DATE_COMMAND" ]; then | |
log "Check if command '$DATE_COMMAND' was found.....................[FAILED]" | |
sendmail ERROR | |
movelog | |
exit 14 | |
else | |
log "Check if command '$DATE_COMMAND' was found.....................[ OK ]" | |
fi | |
| |
# Check if command (file) NOT exist OR IS empty. | |
if [ ! -s "$MKDIR_COMMAND" ]; then | |
log "Check if command '$MKDIR_COMMAND' was found....................[FAILED]" | |
sendmail ERROR | |
movelog | |
exit 15 | |
else | |
log "Check if command '$MKDIR_COMMAND' was found....................[ OK ]" | |
fi | |
| |
# Check if command (file) NOT exist OR IS empty. | |
if [ ! -s "$LN_COMMAND" ]; then | |
log "Check if command '$LN_COMMAND' was found.......................[FAILED]" | |
sendmail ERROR | |
movelog | |
exit 16 | |
else | |
log "Check if command '$LN_COMMAND' was found.......................[ OK ]" | |
fi | |
| |
# Check if command (file) NOT exist OR IS empty. | |
if [ ! -s "$PROG_SENDMAIL" ]; then | |
log "Check if command '$PROG_SENDMAIL' was found............[FAILED]" | |
sendmail ERROR | |
movelog | |
exit 17 | |
else | |
log "Check if command '$PROG_SENDMAIL' was found............[ OK ]" | |
fi | |
| |
# Check if LOCK file NOT exist. | |
if [ ! -e "$FILE_LOCK" ]; then | |
log "Check if script is NOT already runnig .....................[ OK ]" | |
| |
$TOUCH_COMMAND $FILE_LOCK | |
else | |
log "Check if script is NOT already runnig .....................[FAILED]" | |
log "" | |
log "ERROR: The script was already running, or LOCK file already exists!" | |
log "" | |
sendmail ERROR | |
movelog | |
exit 20 | |
fi | |
| |
# Check if REPO_TARGET Directory NOT exists. | |
if [ ! -d "$REPO_TARGET" ]; then | |
log "Check if REPO_TARGET exists................................[FAILED]" | |
log "" | |
log " INFO: Creating REPO_TARGET!" | |
log " INFO: --> "$REPO_TARGET | |
log "" | |
| |
$MKDIR_COMMAND -p $REPO_TARGET | |
else | |
log "Check if REPO_TARGET exists................................[ OK ]" | |
fi | |
| |
# Start syncing. | |
log "" | |
log "+-----------------------------------------------------------------+" | |
log "| Run synchronizing $SCRIPT_NAME repository................ |" | |
log "+-----------------------------------------------------------------+" | |
log "" | |
| |
log "$WGET_COMMAND $WGET_CMDOPTS $REPO_SOURCE1" | |
$WGET_COMMAND $WGET_CMDOPTS --append-output=$FILE_LAST_LOG --directory-prefix=$REPO_TARGET $REPO_SOURCE1 | |
| |
$RM_COMMAND -f $REPO_TARGET/index.htm* | |
| |
log "$WGET_COMMAND $WGET_CMDOPTS $REPO_SOURCE2" | |
$WGET_COMMAND $WGET_CMDOPTS --append-output=$FILE_LAST_LOG --directory-prefix=$REPO_TARGET $REPO_SOURCE2 | |
| |
$RM_COMMAND -f $REPO_TARGET/index.htm* | |
| |
cd /root/bin | |
| |
if [ "$?" != 0 ]; then | |
retval $? | |
log "" | |
$RM_COMMAND -f $FILE_LOCK | |
sendmail ERROR | |
movelog | |
exit 99 | |
else | |
log "" | |
log "+-----------------------------------------------------------------+" | |
log "| End synchronizing $SCRIPT_NAME repository................ |" | |
log "+-----------------------------------------------------------------+" | |
log "" | |
fi | |
| |
# Finish syncing. | |
log "+-----------------------------------------------------------------+" | |
log "| Finish......................................................... |" | |
log "+-----------------------------------------------------------------+" | |
log "" | |
| |
# Status e-mail. | |
if [ $MAIL_STATUS = 'Y' ]; then | |
sendmail STATUS | |
fi | |
# Move temporary log to permanent log | |
movelog | |
| |
exit 0 | |
</code> | |
| |
===== Erster Start ===== | |
| |
Nach der erfolgreichen Installation, kann der [[http://www.fwbuilder.org|FirewallBuilder]] mit nachfolgendem Befehl aus einer ''shell'' heraus, gestartet werden: | |
<code> | |
# fwbuilder | |
Firewall Builder GUI 5.0.0.3568 | |
</code> | |
| |
Es sollte das nachfolgend darstellte Fenster erscheinen: | |
| |
{{:tachtler:fwbuilder:fwbuilder_main.png?|FirewallBuilder - Hauptfenster}} | |
| |
===== Regelinstallation ===== | |
| |
Damit der [[http://www.fwbuilder.org|FirewallBuilder]] Regeln auf verschiedene "Firewalls" | |
* **kopieren** | |
und | |
* **installieren** | |
kann, sind nachfolgende Schritte notwendig! | |
| |
==== Regelinstallation: Benutzer ==== | |
| |
Aus Sicherheitsgründen, sollte ein bestimmter Benutzer zur Verwaltung von Firewall-Regelsätzen angelegt werden. Dies bringt natürlich einen gewissen Mehraufwand mit sich, welcher jedoch in Kauf genommen werden sollte. | |
| |
:!: **WICHTIG** - **Dieser Benutzer muss auf __ALLEN__ Firewalls __UND__ auf dem FirewallBuilder-Server selbst angelegt werden !!!** | |
| |
Es soll eine **Gruppe**: | |
* **''fwadmin''** | |
angelegt werden, und ein **Benutzer**: | |
* **''fwadmin''** | |
angelegt werden unter dem die gesamte Verwaltung der Firewall-Regelsätze erfolgen soll. | |
| |
Um eine neue **Gruppe** anzulegen, kann nachfolgender Befehl genutzt werden: | |
<code> | |
# groupadd -g 599 fwadmin | |
</code> | |
| |
Ob der vorhergehende Befehl korrekt durchgeführt wurde, kann mit nachfolgendem Befehl ermittelt werden, welcher eine Ausgabe, wie nachfolgend dargestellt, anzeigen sollte: | |
<code> | |
# cat /etc/group | grep 599 | |
fwadmin:x:599: | |
</code> | |
| |
Um eine neuen **Benutzer** anzulegen, kann nachfolgender Befehl genutzt werden: | |
<code> | |
# useradd -c "FirewallBuilder" -g 599 -m -s /bin/bash -u 599 fwadmin | |
</code> | |
| |
Ob der vorhergehende Befehl korrekt durchgeführt wurde, kann mit nachfolgendem Befehl ermittelt werden, welcher eine Ausgabe, wie nachfolgend dargestellt, anzeigen sollte: | |
<code> | |
# cat /etc/passwd | grep 599 | |
fwadmin:x:599:599:FirewallBuilder:/home/fwadmin:/bin/bash | |
</code> | |
| |
Abschließend muss noch ein **Passwort** für den Benutzer **''fwadmin''** mit nachfolgendem Befehl gesetzt werden: | |
<code> | |
# passwd fwadmin | |
Changing password for user fwadmin. | |
New password: | |
Retype new password: | |
passwd: all authentication tokens updated successfully. | |
</code> | |
| |
==== Regelinstallation: Public-Key ==== | |
| |
:!: **HINWEIS** - **Aus Sicherheitsgründen, sollte auch SSH-Schlüsselpaar für den Benutzer erzeugt werden !!!** | |
| |
Bitte lesen Sie dazu nachfolgenden internen Dokuwiki-Eintrag: | |
* [[tachtler:ssh#public-key_authentifizierung|SSH - Public-Key Authentifizierung]] | |
| |
==== Regelinstallation: Preferences ==== | |
| |
Um den [[http://www.fwbuilder.org|FirewallBuilder]] zur Installation eines Firewall-Regelwerks nutzen zu können, müssen einige Parameter im [[http://www.fwbuilder.org|FirewallBuilder]] hinterlegt werden. | |
| |
Als erstes sollte eine Verzeichnis im **''home''**-Verzeichnis des soeben angelegten Benutzers **''fwadmin''** mit nachfolgendem Befehl angelegt werden, welches zur Aufnahme von Daten des [[http://www.fwbuilder.org|FirewallBuilder]] dient: | |
<code> | |
# mkdir /home/fwadmin/fwb | |
</code> | |
| |
Dieses soeben erstellte Verzeichnis, kann dann im [[http://www.fwbuilder.org|FirewallBuilder]] unter dem Menüpunkt | |
* **Edit** | **Preferences** | **General** | |
unter | |
* **Working directory** bzw. | |
* **Data directory** | |
eingetragen werden. | |
| |
{{:tachtler:fwbuilder:fwbuilder_edit_preferences_general.png?|FirewallBuilder - Edit - Preferences - General}} | |
| |
:!: **HINWEIS** - **Weitere Einstellungen, können je nach Umgebung getroffen werden !!!** | |
| |
===== Firewall ===== | |
| |
**Nach** der Neuanlage einer Firewall durch den [[http://www.fwbuilder.org|FirewallBuilder]] (welche durch eine Assistenten erfolgen kann), sollte noch ein Verzeichnis auf dem Server angelegt werden auf dem der [[http://www.fwbuilder.org|FirewallBuilder]] installiert ist. | |
| |
Dies kann mit nachfolgendem Befehl durchgeführt werden und sollte ebenfalls unter dem Benutzer **''fwadmin''** erfolgen: | |
<code> | |
# mkdir /home/fwadmin/fw | |
</code> | |
| |
:!: **HINWEIS** - **Dies ist der Speicherort für alle Firewalls, welche durch den [[http://www.fwbuilder.org|FirewallBuilder]] verwaltet werden!** | |
| |
==== Firewall Settings: Compiler ==== | |
| |
In den Einstellungen der Firewall, können unter dem Reiter **Compiler** nachfolgende Einstellungen durchgeführt werden: | |
| |
^ Feldname ^ Standard-Wert ^ Neuer Wert ^ | |
| Output file name | | /home/fwadmin/fw/firewallname.fw | | |
| |
{{:tachtler:fwbuilder:fwbuilder_firewall-settings_compiler.png?| FirewallBuilder - Firewall Settings - Compiler}} | |
| |
==== Firewall Settings: Installer ==== | |
| |
In den Einstellungen der Firewall, können unter dem Reiter **Installer** nachfolgende Einstellungen durchgeführt werden: | |
| |
^ Feldname ^ Standard-Wert ^ Neuer Wert ^ | |
| Directory on the firewall where script should be installed | | /home/fwadmin/fw | | |
| User name used to authenticate to the firewall | | fwadmin | | |
| Alternative name or address used to commincate with the firewall | | 192.168.0.20 | | |
| Additional command line parameters for ssh | | -p 22 -i /home/fwadmin/.ssh/id_rsa_FirewallBuilder | | |
| Additional command line parameters for scp | | -P 22 -i /home/fwadmin/.ssh/id_rsa_FirewallBuilder | | |
| |
{{:tachtler:fwbuilder:fwbuilder_firewall-settings_installer.png?| FirewallBuilder - Firewall Settings - Installer}} | |
| |
==== Firewall Settings: Prolog/Epilog ==== | |
| |
In den Einstellungen der Firewall, können unter dem Reiter **Prolog/Epilog** nachfolgende Einstellungen durchgeführt werden: | |
| |
^ Feldname ^ Standard-Wert ^ Neuer Wert ^ | |
| The following command will be added varbatim after generated configuration | | swervice iptables save | | |
| |
{{:tachtler:fwbuilder:fwbuilder_firewall-settings_prolog-epilog.png?|FirewallBuilder - Firewall Settings - Prolog/Epilog}} | |
| |
:!: **HINWIES** - **Die nachfolgenden __Reiter__, können unverändert belassen werden !!!** | |
| |
==== /etc/sudoers ==== | |
| |
Nachfolgende Änderung, **__MUSS__** auf **__JEDER__** **Firewall** durchgeführt werden, um den Firewall-Regelsatz auch **ausführen** zu können! | |
| |
Die Konfigurationsdatei | |
* **''/etc/sudoers''** | |
sollte mit nachfolgendem Befehl | |
<code> | |
# visudo | |
</code> | |
wie folgt ergänzt werden (**nur relevanter Ausschnitt**): | |
<code ini> | |
... | |
## Allow root to run any commands anywhere | |
root ALL=(ALL) ALL | |
| |
# Tachtler | |
%fwadmin ALL = PASSWD: /home/fwadmin/fw/firewallname.fw | |
... | |
</code> | |
| |
:!: **HINWEIS** - Falls die entsprechende Firewall nicht **direkt, mit einer ''route''** erreichbar ist, kann auch nachfolgende Konfiguration nötig sein! | |
<code ini> | |
... | |
## Allow root to run any commands anywhere | |
root ALL=(ALL) ALL | |
| |
# Tachtler | |
Defaults:fwadmin !requiretty | |
%fwadmin ALL = NOPASSWD: /home/fwadmin/fw/firewallname.fw | |
... | |
</code> | |
| |