Inhaltsverzeichnis
FirewallBuilder CentOS 6
Der FirewallBuilder ist ein grafisches Programm, welches einen X-Server benötigt um via Drag&Drop Firewall-Regeln für verschiedene Typen von Firewalls zu erstellen. Dabei ist die einfache, grafische Bedienung einer der größten Vorteile beim erstellen selbst komplexer Regelsätze, was enorm Zeitsparend ist und dazu keine detaillierten Kenntnisse der Firewall-Syntax voraussetzt.
HINWEIS - Nachfolgend soll die Installation und eine mögliche Einbettung in eine bestehendes Betriebssystem veranschaulicht werden !!!
WICHTIG - Es werden weder eine Komplettlösungen, noch eine Anleitungen für eine komplette Firewall-Konfiguration gegeben !!!
HINWEIS - Mehr Informationen zum gezielten Einsatz, können unter nachfolgenden Link bezogen werden:
Ab hier werden zur Ausführung nachfolgender Befehle root
-Rechte benötigt. Um der Benutzer root
zu werden, melden Sie sich bitte als root
-Benutzer am System an, oder wechseln mit nachfolgendem Befehl zum Benutzer root
:
$ su - Password:
Voraussetzungen
Um den FirewallBuilder einsetzen zu können, müssen nachfolgende Voraussetzungen gegeben sein:
- Ein installiertes CentOS Version 6.0 Betriebssystem
- mit einem installierten und gestarteten lauffähigen X-Server und
- eine Internet-Verbindung
HINWEIS - Die Installation soll durch Einbindung eines externen Repositories erfolgen, wie nachfolgen beschrieben!
Installation
Zur Einbindung des externen Repositories von http://www.fwbuilder.org kann mit nachfolgendem Befehl eine weitere Konfigurationsdatei für yum
, den Paket-Manager von CentOS, erstellt werden und diese dann ebenfalls mit nachfolgendem Inhalt erstellt werden (Basiskenntnisse des Datei-Editors vi
bzw. vim
werden vorausgesetzt):
# vim /etc/yum.repos.d/fwbuilder.repo [fwbuilder] name=Firewall Builder failovermethod=priority baseurl=http://packages.fwbuilder.org/rpm/stable/rhel-$releasever-$basearch enabled=1 [fwbuilder-testing] name=Firewall Builder Test Builds failovermethod=priority baseurl=http://packages.fwbuilder.org/rpm/testing/rhel-$releasever-$basearch enabled=0
HINWEIS - Auf den Einsatz des yum-plugin-priorities
, wird in dieser Beschreibung verzichtet !!!
Nachfolgend können die von yum
, den Paket-Manager von CentOS, bereits zwischengespeicherten Informationen, welche bei der Nutzung von yum
zu einem früheren Zeitpunkt bereits ermittelt wurden, mit nachfolgenden Befehl gelöscht werden, um eine Neuermittlung aller verfügbaren Paketinformationen durchzuführen:
# yum clean all Loaded plugins: fastestmirror, refresh-packagekit Cleaning up Everything Cleaning up list of fastest mirrors
Bevor die eigentlichen Installation des FirewallBuilder beginnen kann, sollte aus Sicherheitsaspekten, der GPG-Schlüssel noch in yum
, den Paket-Manager von CentOS, importiert werden, was mit nachfolgendem Befehl durchgeführt werden kann (Es wird von der Vertrauenswürdigkeit des Download-Links des GPG-Schlüssels ausgegangen):
# rpm --import http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
HINWEIS - Es erfolgt KEINE Ausgabe einer Bestätigung, dass der GPG-Schlüssel importiert wurde !!!
Um das Importieren des GPG-Schlüssels zu überprüfen, kann nachfolgender Befehl verwendet werden, welcher ebenfalls nachfolgende Ausgabe erzeugen sollte. (Der als erstes aufgelistete GPG-Schlüssel, sollte hinzugekommen sein!):
# rpm -qa gpg-pubkey gpg-pubkey-eaee08fe-4a0f5464 gpg-pubkey-c105b9de-4e0fd3a3
Die eigentliche Installation wird nun durch ausführen des nachfolgenden Befehls durchgeführt, welcher auch gleichzeitig die Aktualisierung aller Paket-Informationen durch yum
, den Paket-Manager von CentOS, in diesem Fall durchführt:
# yum install fwbuilder Loaded plugins: fastestmirror, refresh-packagekit Determining fastest mirrors * base: centos.intergenia.de * extras: centos.intergenia.de * updates: centos.intergenia.de base | 3.7 kB 00:00 base/primary_db | 4.2 MB 00:04 extras | 951 B 00:00 extras/primary | 203 B 00:00 fwbuilder | 951 B 00:00 fwbuilder/primary | 1.4 kB 00:00 fwbuilder 1/1 updates | 3.5 kB 00:00 updates/primary_db | 3.3 MB 00:16 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package fwbuilder.x86_64 0:5.0.0.3568-1.el6 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: fwbuilder x86_64 5.0.0.3568-1.el6 fwbuilder 10 M Transaction Summary ================================================================================ Install 1 Package(s) Upgrade 0 Package(s) Total download size: 10 M Installed size: 36 M Is this ok [y/N]: y Downloading Packages: fwbuilder-5.0.0.3568-1.el6.x86_64.rpm | 10 MB 00:09 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : fwbuilder-5.0.0.3568-1.el6.x86_64 1/1 Installed: fwbuilder.x86_64 0:5.0.0.3568-1.el6 Complete!
Mit nachfolgendem Befehl kann überprüft werden, welcher Inhalte mit den Paket fwbuilder
installiert wurden.
# rpm -qil fwbuilder Name : fwbuilder Relocations: (not relocatable) Version : 5.0.0.3568 Vendor: NetCitadel LLC., http://sourceforge.net/project/showfiles.php?group_id=5314 Release : 1.el6 Build Date: Tue 26 Jul 2011 01:32:04 PM CEST Install Date: Thu 18 Aug 2011 06:09:11 PM CEST Build Host: rhel6-64.vk.crocodile.org Group : Applications/System Source RPM: fwbuilder-5.0.0.3568-1.el6.src.rpm Size : 38199494 License: GPL2 Signature : DSA/SHA1, Thu 28 Jul 2011 02:05:21 AM CEST, Key ID ef2edd98eaee08fe Packager : Vadim Kurland <vadim@fwbuilder.org> URL : http://www.fwbuilder.org/ Summary : Firewall Builder Description : Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. GUI generates firewall description in the form of XML file, which compilers then interpret and generate platform-specific code. Several algorithms are provided for automated network objects discovery and bulk import of data. The GUI and policy compilers are completely independent, this provides for a consistent abstract model and the same GUI for different firewall platforms. /usr/bin/fwb_iosacl /usr/bin/fwb_ipf /usr/bin/fwb_ipfw /usr/bin/fwb_ipt /usr/bin/fwb_pf /usr/bin/fwb_pix /usr/bin/fwb_procurve_acl /usr/bin/fwbedit /usr/bin/fwbuilder /usr/share/applications/fwbuilder.desktop /usr/share/doc/fwbuilder-5.0.0.3568 /usr/share/doc/fwbuilder-5.0.0.3568/AUTHORS /usr/share/doc/fwbuilder-5.0.0.3568/COPYING /usr/share/doc/fwbuilder-5.0.0.3568/ChangeLog /usr/share/doc/fwbuilder-5.0.0.3568/Credits /usr/share/doc/fwbuilder-5.0.0.3568/FWBuilder-Routing-LICENSE.txt /usr/share/doc/fwbuilder-5.0.0.3568/PatchAcceptancePolicy.txt /usr/share/doc/fwbuilder-5.0.0.3568/README.floppyfw /usr/share/doc/fwbuilder-5.0.0.3568/README.iosacl /usr/share/doc/fwbuilder-5.0.0.3568/README.ipf /usr/share/doc/fwbuilder-5.0.0.3568/README.ipfw /usr/share/doc/fwbuilder-5.0.0.3568/README.ipt /usr/share/doc/fwbuilder-5.0.0.3568/README.pf /usr/share/doc/fwbuilder-5.0.0.3568/README.pix /usr/share/doc/fwbuilder-5.0.0.3568/README.pix_routing /usr/share/doc/fwbuilder-5.0.0.3568/README.policy_import /usr/share/doc/fwbuilder-5.0.0.3568/README.routing /usr/share/fwbuilder-5.0.0.3568 /usr/share/fwbuilder-5.0.0.3568/configlets /usr/share/fwbuilder-5.0.0.3568/configlets/bsd /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/bridge_interface /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/bridge_port /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/carp_interface /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/ifconfig_interface /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/kernel_vars /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/pfsync_interface /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/shell_functions /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/tools /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_addresses /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_bridge /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_carp /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_pfsync /usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_vlans /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/check_utilities /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/routing_functions /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/check_utilities /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/routing_functions /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/carp_interface /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/ifconfig_interface /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/kernel_vars /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_bridge_port /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_carp_interface /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_ifconfig_interface /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_kernel_vars /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_pfsync_interface /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/routing_functions /usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/tools /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_commands_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_commands_3_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_interface_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_interface_3_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_post_config /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_pre_config /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/ntp /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/regular_interface_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/regular_interface_3_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/snmp /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/ssh /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_parent_interface_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_parent_interface_3_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_subinterface_2 /usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_subinterface_3_2 /usr/share/fwbuilder-5.0.0.3568/configlets/ios /usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_post_config /usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_pre_config /usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/ios/safety_net_acl /usr/share/fwbuilder-5.0.0.3568/configlets/ios/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/ios/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/automatic_rules /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/kernel_vars /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/shell_functions /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_addresses /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_bonding /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_bridge /usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_vlans /usr/share/fwbuilder-5.0.0.3568/configlets/ipf /usr/share/fwbuilder-5.0.0.3568/configlets/ipf/activation /usr/share/fwbuilder-5.0.0.3568/configlets/ipf/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/ipf/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/ipfw /usr/share/fwbuilder-5.0.0.3568/configlets/ipfw/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/ipfw/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/linux24 /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/automatic_rules /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/block_action /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/check_utilities /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/conntrack /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/constants /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/ip_forwarding /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/kernel_vars /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/load_modules /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/prolog_epilog_functions /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/reset_iptables /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/routing_functions /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/run_time_address_tables /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/run_time_wrappers /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_iptables_restore /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_iptables_shell /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_single_rule /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/shell_functions /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/status_action /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/stop_action /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_addresses /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_bonding /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_bridge /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_vlans /usr/share/fwbuilder-5.0.0.3568/configlets/linux24/verify_interfaces /usr/share/fwbuilder-5.0.0.3568/configlets/macosx /usr/share/fwbuilder-5.0.0.3568/configlets/macosx/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/macosx/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/macosx/kernel_vars /usr/share/fwbuilder-5.0.0.3568/configlets/macosx/tools /usr/share/fwbuilder-5.0.0.3568/configlets/openbsd /usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/kernel_vars /usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/routing_functions /usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/tools /usr/share/fwbuilder-5.0.0.3568/configlets/openwrt /usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/check_utilities /usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/load_modules /usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/pf /usr/share/fwbuilder-5.0.0.3568/configlets/pf/activation /usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_activation /usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/pf/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/pf/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_commands_6 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_commands_7 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_interface_6 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_interface_7 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_post_config /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_pre_config /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/ntp /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/regular_interface_6 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/regular_interface_7 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/snmp /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/ssh /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_parent_interface_6 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_parent_interface_7 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_subinterface_6 /usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_subinterface_7 /usr/share/fwbuilder-5.0.0.3568/configlets/procurve /usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_post_config /usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_pre_config /usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/procurve/safety_net_acl /usr/share/fwbuilder-5.0.0.3568/configlets/procurve/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/procurve/top_comment /usr/share/fwbuilder-5.0.0.3568/configlets/secuwall /usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/management_rules /usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/solaris /usr/share/fwbuilder-5.0.0.3568/configlets/solaris/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/solaris/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/solaris/kernel_vars /usr/share/fwbuilder-5.0.0.3568/configlets/solaris/tools /usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft /usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/installer_commands_reg_user /usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/installer_commands_root /usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/script_skeleton /usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/shell_functions /usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/top_comment /usr/share/fwbuilder-5.0.0.3568/fwbuilder.dtd /usr/share/fwbuilder-5.0.0.3568/help /usr/share/fwbuilder-5.0.0.3568/help/en_US /usr/share/fwbuilder-5.0.0.3568/help/en_US/cluster_interfaces.png /usr/share/fwbuilder-5.0.0.3568/help/en_US/create_and_add_to_group.png /usr/share/fwbuilder-5.0.0.3568/help/en_US/ipcopAdvancedDialog.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/ipcoposAdvancedDialog.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/ipfw_Classify.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/iptAdvancedDialog.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Branch.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Classify.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Route.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Tag.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_rule_options.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/linux24AdvancedDialog.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/main.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/new_bridge_interfaces.png /usr/share/fwbuilder-5.0.0.3568/help/en_US/pfAdvancedDialog.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Branch.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Classify.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Route.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Tag.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_rule_options.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-failover-group-1.png /usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-failover-groups-mapping.png /usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-statesync-group-1.png /usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-statesync-group-mapping.png /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.0.0.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.0.1.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.0.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.1.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.2.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.3.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.0.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.1.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.2.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_5.0.0.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/state_sync_configuration.png /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip01.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip02.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip03.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip04.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip05.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip06.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip07.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip08.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip09.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/tip10.html /usr/share/fwbuilder-5.0.0.3568/help/en_US/vlan_interfaces.png /usr/share/fwbuilder-5.0.0.3568/migration /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.0.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.1.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.10.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.11.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.12.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.13.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.14.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.2.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.3.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.4.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.5.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.6.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.7.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.8.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.9.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.0.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.1.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.2.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.3.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.4.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.5.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.0.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.1.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.2.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_10.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_11.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_12.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_13.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_14.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_15.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_16.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_17.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_18.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_19.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.0.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.1.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.10.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.11.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.12.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.2.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.3.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.4.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.5.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.6.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.7.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.8.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.9.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.99.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.0.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.1.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.10.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.11.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.12.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.13.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.14.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.15.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.16.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.17.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.18.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.19.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.2.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.3.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.4.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.5.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.6.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.7.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.8.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.9.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.99.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_20.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_21.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_3.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_4.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_5.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_6.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_7.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_8.xslt /usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_9.xslt /usr/share/fwbuilder-5.0.0.3568/objects_init.xml /usr/share/fwbuilder-5.0.0.3568/os /usr/share/fwbuilder-5.0.0.3568/os/dd-wrt-jffs.xml /usr/share/fwbuilder-5.0.0.3568/os/dd-wrt-nvram.xml /usr/share/fwbuilder-5.0.0.3568/os/endian.xml /usr/share/fwbuilder-5.0.0.3568/os/freebsd.xml /usr/share/fwbuilder-5.0.0.3568/os/fwsm_os.xml /usr/share/fwbuilder-5.0.0.3568/os/ios.xml /usr/share/fwbuilder-5.0.0.3568/os/ipcop.xml /usr/share/fwbuilder-5.0.0.3568/os/linux24.xml /usr/share/fwbuilder-5.0.0.3568/os/macosx.xml /usr/share/fwbuilder-5.0.0.3568/os/oneshield.xml /usr/share/fwbuilder-5.0.0.3568/os/openbsd.xml /usr/share/fwbuilder-5.0.0.3568/os/openwrt.xml /usr/share/fwbuilder-5.0.0.3568/os/pix_os.xml /usr/share/fwbuilder-5.0.0.3568/os/procurve.xml /usr/share/fwbuilder-5.0.0.3568/os/secuwall.xml /usr/share/fwbuilder-5.0.0.3568/os/solaris.xml /usr/share/fwbuilder-5.0.0.3568/os/sveasoft.xml /usr/share/fwbuilder-5.0.0.3568/os/unknown_os.xml /usr/share/fwbuilder-5.0.0.3568/platform /usr/share/fwbuilder-5.0.0.3568/platform/fwsm.xml /usr/share/fwbuilder-5.0.0.3568/platform/iosacl.xml /usr/share/fwbuilder-5.0.0.3568/platform/ipf.xml /usr/share/fwbuilder-5.0.0.3568/platform/ipfw.xml /usr/share/fwbuilder-5.0.0.3568/platform/iptables.xml /usr/share/fwbuilder-5.0.0.3568/platform/pf.xml /usr/share/fwbuilder-5.0.0.3568/platform/pix.xml /usr/share/fwbuilder-5.0.0.3568/platform/procurve_acl.xml /usr/share/fwbuilder-5.0.0.3568/platform/unknown.xml /usr/share/fwbuilder-5.0.0.3568/resources.xml /usr/share/fwbuilder-5.0.0.3568/templates.xml /usr/share/icons/hicolor/128x128/apps/fwbuilder.png /usr/share/icons/hicolor/16x16/apps/fwbuilder.png /usr/share/icons/hicolor/24x24/apps/fwbuilder.png /usr/share/icons/hicolor/256x256/apps/fwbuilder.png /usr/share/icons/hicolor/32x32/apps/fwbuilder.png /usr/share/icons/hicolor/48x48/apps/fwbuilder.png /usr/share/icons/hicolor/512x512/apps/fwbuilder.png /usr/share/icons/hicolor/72x72/apps/fwbuilder.png /usr/share/man/man1/fwb_iosacl.1.gz /usr/share/man/man1/fwb_ipf.1.gz /usr/share/man/man1/fwb_ipfw.1.gz /usr/share/man/man1/fwb_ipt.1.gz /usr/share/man/man1/fwb_pf.1.gz /usr/share/man/man1/fwb_pix.1.gz /usr/share/man/man1/fwbedit.1.gz /usr/share/man/man1/fwbuilder.1.gz
Repository spiegeln
Ähnlich wie bei nachfolgendem Eintrag innerhalb dieses DokuWiki's,
kann auch das Repository des Firewallbuilders gespiegelt werden.
Allerdings handelt es sich hierbei nicht um einen Respository-Server, welcher klassisch mit rsync
gespiegelt werden kann, vielmehr soll mit nachfolgendem Script aufgezeigt werden, wie dies unter Zuhilfenahme des Programms wget
realisiert werden könnte.
HINWEIS - Dies ist nur eine Möglichkeit!
Nachfolgend das Script, welches das Repository des Firewallbuilders für CentOS ab der Version 6.x spiegelt:
#!/bin/bash ############################################################################## # Script-Name : wget_fwbuilder_el6.sh # # Description : Script to sync via rsync command repositorys from official # # mirror servers. On successful execution only a LOG file will # # be written. On error while execution, a LOG file and a error # # message will be send by e-mail. # # # # Last update : 11.01.2012 # # Version : 1.00 # # # # Author : Klaus Tachtler, <klaus@tachtler.net> # # DokuWiki : http://www.dokuwiki.tachtler.net # # Homepage : http://www.tachtler.net # # # # +----------------------------------------------------------------------+ # # | This program is free software; you can redistribute it and/or modify | # # | it under the terms of the GNU General Public License as published by | # # | the Free Software Foundation; either version 2 of the License, or | # # | (at your option) any later version. | # # +----------------------------------------------------------------------+ # # # # Copyright (c) 2012 by Klaus Tachtler. # # # ############################################################################## ############################################################################## # H I S T O R Y # ############################################################################## # Version : x.xx # # Description : <Description> # # -------------------------------------------------------------------------- # # Version : x.xx # # Description : <Description> # # -------------------------------------------------------------------------- # ############################################################################## ############################################################################## # >>> Please edit following lines for personal command and/or repositorys. ! # ############################################################################## # CUSTOM - Script-Name. SCRIPT_NAME='wget_fwbuilder_el6' # CUSTOM - Command-Line. WGET_CMDOPTS='-r -nH --cut-dirs=2 --no-parent --reject index.htm* ' # CUSTOM - Repository-Mirrors. REPO_SOURCE1='http://packages.fwbuilder.org/rpm/stable/rhel-6-i686/' REPO_SOURCE2='http://packages.fwbuilder.org/rpm/stable/rhel-6-x86_64/' REPO_TARGET='/data/repository/private/Mirrors/fwbuilder/rpm/stable' # CUSTOM - Mail-Recipient. MAIL_RECIPIENT='root@tachtler.net' # CUSTOM - Status-Mail [Y|N]. MAIL_STATUS='N' ############################################################################## # >>> Normaly there is no need to change anything below this comment line. ! # ############################################################################## # Variables. WGET_COMMAND=`command -v wget` TOUCH_COMMAND=`command -v touch` RM_COMMAND=`command -v rm` PROG_SENDMAIL=`command -v sendmail` CAT_COMMAND=`command -v cat` DATE_COMMAND=`command -v date` MKDIR_COMMAND=`command -v mkdir` LN_COMMAND=`command -v ln` FILE_LOCK='/tmp/'$SCRIPT_NAME'.lock' FILE_LOG='/var/log/'$SCRIPT_NAME'.log' FILE_LAST_LOG='/tmp/'$SCRIPT_NAME'.log' FILE_MAIL='/tmp/'$SCRIPT_NAME'.mail' VAR_HOSTNAME=`uname -n` VAR_SENDER='root@'$VAR_HOSTNAME VAR_EMAILDATE=`$DATE_COMMAND '+%a, %d %b %Y %H:%M:%S (%Z)'` # Functions. function log() { echo $1 echo `$DATE_COMMAND '+%Y/%m/%d %H:%M:%S'` " INFO:" $1 >>${FILE_LAST_LOG} } function retval() { if [ "$?" != "0" ]; then case "$?" in 1) log "ERROR: Generic error code." ;; 2) log "ERROR: Parse error---for instance, when parsing command-line options, the .wgetrc or .netrc..." ;; 3) log "ERROR: File I/O error." ;; 4) log "ERROR: Network failure." ;; 5) log "ERROR: SSL verification failure." ;; 6) log "ERROR: Username/password authentication failure." ;; 7) log "ERROR: Protocol errors." ;; 8) log "ERROR: Server issued an error response." ;; *) log "ERROR: Unknown error $?" ;; esac fi } function movelog() { $CAT_COMMAND $FILE_LAST_LOG >> $FILE_LOG $RM_COMMAND -f $FILE_LAST_LOG $RM_COMMAND -f $FILE_LOCK } function sendmail() { case "$1" in 'STATUS') MAIL_SUBJECT='Status execution '$SCRIPT_NAME' script.' ;; *) MAIL_SUBJECT='ERROR while execution '$SCRIPT_NAME' script !!!' ;; esac $CAT_COMMAND <<MAIL >$FILE_MAIL Subject: $MAIL_SUBJECT Date: $VAR_EMAILDATE From: $VAR_SENDER To: $MAIL_RECIPIENT MAIL $CAT_COMMAND $FILE_LAST_LOG >> $FILE_MAIL $PROG_SENDMAIL -f $VAR_SENDER -t $MAIL_RECIPIENT < $FILE_MAIL $RM_COMMAND -f $FILE_MAIL } # Main. log "" log "+-----------------------------------------------------------------+" log "| Start synchronisation from official repository server (mirror). |" log "+-----------------------------------------------------------------+" log "" log "Run script with following parameter:" log "" log "SCRIPT_NAME...: $SCRIPT_NAME" log "" log "WGET_CMDOPTS..: $WGET_CMDOPTS" log "" log "REPO_SOURCE1..: $REPO_SOURCE1" log "REPO_SOURCE2..: $REPO_SOURCE2" log "REPO_TARGET...: $REPO_TARGET" log "" log "MAIL_RECIPIENT: $MAIL_RECIPIENT" log "MAIL_STATUS...: $MAIL_STATUS" log "" # Check if command (file) NOT exist OR IS empty. if [ ! -s "$WGET_COMMAND" ]; then log "Check if command '$WGET_COMMAND' was found.................[FAILED]" sendmail ERROR movelog exit 10 else log "Check if command '$WGET_COMMAND' was found.................[ OK ]" fi # Check if command (file) NOT exist OR IS empty. if [ ! -s "$TOUCH_COMMAND" ]; then log "Check if command '$TOUCH_COMMAND' was found....................[FAILED]" sendmail ERROR movelog exit 11 else log "Check if command '$TOUCH_COMMAND' was found....................[ OK ]" fi # Check if command (file) NOT exist OR IS empty. if [ ! -s "$RM_COMMAND" ]; then log "Check if command '$RM_COMMAND' was found.......................[FAILED]" sendmail ERROR movelog exit 12 else log "Check if command '$RM_COMMAND' was found.......................[ OK ]" fi # Check if command (file) NOT exist OR IS empty. if [ ! -s "$CAT_COMMAND" ]; then log "Check if command '$CAT_COMMAND' was found......................[FAILED]" sendmail ERROR movelog exit 13 else log "Check if command '$CAT_COMMAND' was found......................[ OK ]" fi # Check if command (file) NOT exist OR IS empty. if [ ! -s "$DATE_COMMAND" ]; then log "Check if command '$DATE_COMMAND' was found.....................[FAILED]" sendmail ERROR movelog exit 14 else log "Check if command '$DATE_COMMAND' was found.....................[ OK ]" fi # Check if command (file) NOT exist OR IS empty. if [ ! -s "$MKDIR_COMMAND" ]; then log "Check if command '$MKDIR_COMMAND' was found....................[FAILED]" sendmail ERROR movelog exit 15 else log "Check if command '$MKDIR_COMMAND' was found....................[ OK ]" fi # Check if command (file) NOT exist OR IS empty. if [ ! -s "$LN_COMMAND" ]; then log "Check if command '$LN_COMMAND' was found.......................[FAILED]" sendmail ERROR movelog exit 16 else log "Check if command '$LN_COMMAND' was found.......................[ OK ]" fi # Check if command (file) NOT exist OR IS empty. if [ ! -s "$PROG_SENDMAIL" ]; then log "Check if command '$PROG_SENDMAIL' was found............[FAILED]" sendmail ERROR movelog exit 17 else log "Check if command '$PROG_SENDMAIL' was found............[ OK ]" fi # Check if LOCK file NOT exist. if [ ! -e "$FILE_LOCK" ]; then log "Check if script is NOT already runnig .....................[ OK ]" $TOUCH_COMMAND $FILE_LOCK else log "Check if script is NOT already runnig .....................[FAILED]" log "" log "ERROR: The script was already running, or LOCK file already exists!" log "" sendmail ERROR movelog exit 20 fi # Check if REPO_TARGET Directory NOT exists. if [ ! -d "$REPO_TARGET" ]; then log "Check if REPO_TARGET exists................................[FAILED]" log "" log " INFO: Creating REPO_TARGET!" log " INFO: --> "$REPO_TARGET log "" $MKDIR_COMMAND -p $REPO_TARGET else log "Check if REPO_TARGET exists................................[ OK ]" fi # Start syncing. log "" log "+-----------------------------------------------------------------+" log "| Run synchronizing $SCRIPT_NAME repository................ |" log "+-----------------------------------------------------------------+" log "" log "$WGET_COMMAND $WGET_CMDOPTS $REPO_SOURCE1" $WGET_COMMAND $WGET_CMDOPTS --append-output=$FILE_LAST_LOG --directory-prefix=$REPO_TARGET $REPO_SOURCE1 $RM_COMMAND -f $REPO_TARGET/index.htm* log "$WGET_COMMAND $WGET_CMDOPTS $REPO_SOURCE2" $WGET_COMMAND $WGET_CMDOPTS --append-output=$FILE_LAST_LOG --directory-prefix=$REPO_TARGET $REPO_SOURCE2 $RM_COMMAND -f $REPO_TARGET/index.htm* cd /root/bin if [ "$?" != 0 ]; then retval $? log "" $RM_COMMAND -f $FILE_LOCK sendmail ERROR movelog exit 99 else log "" log "+-----------------------------------------------------------------+" log "| End synchronizing $SCRIPT_NAME repository................ |" log "+-----------------------------------------------------------------+" log "" fi # Finish syncing. log "+-----------------------------------------------------------------+" log "| Finish......................................................... |" log "+-----------------------------------------------------------------+" log "" # Status e-mail. if [ $MAIL_STATUS = 'Y' ]; then sendmail STATUS fi # Move temporary log to permanent log movelog exit 0
Erster Start
Nach der erfolgreichen Installation, kann der FirewallBuilder mit nachfolgendem Befehl aus einer shell
heraus, gestartet werden:
# fwbuilder Firewall Builder GUI 5.0.0.3568
Es sollte das nachfolgend darstellte Fenster erscheinen:
Regelinstallation
Damit der FirewallBuilder Regeln auf verschiedene „Firewalls“
- kopieren
und
- installieren
kann, sind nachfolgende Schritte notwendig!
Regelinstallation: Benutzer
Aus Sicherheitsgründen, sollte ein bestimmter Benutzer zur Verwaltung von Firewall-Regelsätzen angelegt werden. Dies bringt natürlich einen gewissen Mehraufwand mit sich, welcher jedoch in Kauf genommen werden sollte.
WICHTIG - Dieser Benutzer muss auf ALLEN Firewalls UND auf dem FirewallBuilder-Server selbst angelegt werden !!!
Es soll eine Gruppe:
fwadmin
angelegt werden, und ein Benutzer:
fwadmin
angelegt werden unter dem die gesamte Verwaltung der Firewall-Regelsätze erfolgen soll.
Um eine neue Gruppe anzulegen, kann nachfolgender Befehl genutzt werden:
# groupadd -g 599 fwadmin
Ob der vorhergehende Befehl korrekt durchgeführt wurde, kann mit nachfolgendem Befehl ermittelt werden, welcher eine Ausgabe, wie nachfolgend dargestellt, anzeigen sollte:
# cat /etc/group | grep 599 fwadmin:x:599:
Um eine neuen Benutzer anzulegen, kann nachfolgender Befehl genutzt werden:
# useradd -c "FirewallBuilder" -g 599 -m -s /bin/bash -u 599 fwadmin
Ob der vorhergehende Befehl korrekt durchgeführt wurde, kann mit nachfolgendem Befehl ermittelt werden, welcher eine Ausgabe, wie nachfolgend dargestellt, anzeigen sollte:
# cat /etc/passwd | grep 599 fwadmin:x:599:599:FirewallBuilder:/home/fwadmin:/bin/bash
Abschließend muss noch ein Passwort für den Benutzer fwadmin
mit nachfolgendem Befehl gesetzt werden:
# passwd fwadmin Changing password for user fwadmin. New password: Retype new password: passwd: all authentication tokens updated successfully.
Regelinstallation: Public-Key
HINWEIS - Aus Sicherheitsgründen, sollte auch SSH-Schlüsselpaar für den Benutzer erzeugt werden !!!
Bitte lesen Sie dazu nachfolgenden internen Dokuwiki-Eintrag:
Regelinstallation: Preferences
Um den FirewallBuilder zur Installation eines Firewall-Regelwerks nutzen zu können, müssen einige Parameter im FirewallBuilder hinterlegt werden.
Als erstes sollte eine Verzeichnis im home
-Verzeichnis des soeben angelegten Benutzers fwadmin
mit nachfolgendem Befehl angelegt werden, welches zur Aufnahme von Daten des FirewallBuilder dient:
# mkdir /home/fwadmin/fwb
Dieses soeben erstellte Verzeichnis, kann dann im FirewallBuilder unter dem Menüpunkt
- Edit | Preferences | General
unter
- Working directory bzw.
- Data directory
eingetragen werden.
HINWEIS - Weitere Einstellungen, können je nach Umgebung getroffen werden !!!
Firewall
Nach der Neuanlage einer Firewall durch den FirewallBuilder (welche durch eine Assistenten erfolgen kann), sollte noch ein Verzeichnis auf dem Server angelegt werden auf dem der FirewallBuilder installiert ist.
Dies kann mit nachfolgendem Befehl durchgeführt werden und sollte ebenfalls unter dem Benutzer fwadmin
erfolgen:
# mkdir /home/fwadmin/fw
HINWEIS - Dies ist der Speicherort für alle Firewalls, welche durch den FirewallBuilder verwaltet werden!
Firewall Settings: Compiler
In den Einstellungen der Firewall, können unter dem Reiter Compiler nachfolgende Einstellungen durchgeführt werden:
Feldname | Standard-Wert | Neuer Wert |
---|---|---|
Output file name | /home/fwadmin/fw/firewallname.fw |
Firewall Settings: Installer
In den Einstellungen der Firewall, können unter dem Reiter Installer nachfolgende Einstellungen durchgeführt werden:
Feldname | Standard-Wert | Neuer Wert |
---|---|---|
Directory on the firewall where script should be installed | /home/fwadmin/fw | |
User name used to authenticate to the firewall | fwadmin | |
Alternative name or address used to commincate with the firewall | 192.168.0.20 | |
Additional command line parameters for ssh | -p 22 -i /home/fwadmin/.ssh/id_rsa_FirewallBuilder | |
Additional command line parameters for scp | -P 22 -i /home/fwadmin/.ssh/id_rsa_FirewallBuilder |
Firewall Settings: Prolog/Epilog
In den Einstellungen der Firewall, können unter dem Reiter Prolog/Epilog nachfolgende Einstellungen durchgeführt werden:
Feldname | Standard-Wert | Neuer Wert |
---|---|---|
The following command will be added varbatim after generated configuration | swervice iptables save |
HINWIES - Die nachfolgenden Reiter, können unverändert belassen werden !!!
/etc/sudoers
Nachfolgende Änderung, MUSS auf JEDER Firewall durchgeführt werden, um den Firewall-Regelsatz auch ausführen zu können!
Die Konfigurationsdatei
/etc/sudoers
sollte mit nachfolgendem Befehl
# visudo
wie folgt ergänzt werden (nur relevanter Ausschnitt):
... ## Allow root to run any commands anywhere root ALL=(ALL) ALL # Tachtler %fwadmin ALL = PASSWD: /home/fwadmin/fw/firewallname.fw ...
HINWEIS - Falls die entsprechende Firewall nicht direkt, mit einer route
erreichbar ist, kann auch nachfolgende Konfiguration nötig sein!
... ## Allow root to run any commands anywhere root ALL=(ALL) ALL # Tachtler Defaults:fwadmin !requiretty %fwadmin ALL = NOPASSWD: /home/fwadmin/fw/firewallname.fw ...
* Die Zeile Defaults:fwadmin !requiretty
bedeutet, das der Bernutzer fwadmin
keine tty
zur Ausführung des shell
-Skriptes benötigt !