File: //proc/self/root/proc/self/root/scripts.20110531.215904.25158/firewallcheck
#!/usr/bin/perl
# cpanel - firewallcheck Copyright(c) 2010 cPanel, Inc.
# All rights Reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
BEGIN { unshift @INC, '/usr/local/cpanel'; }
use strict;
use Cpanel::SafeRun::Simple ();
use Cpanel::Notify ();
if ( -e '/etc/firewallcheckdisable' ) {
print "[firewallcheck] disabled per /etc/firewallcheckdisable\n";
exit;
}
exit if !-x '/sbin/iptables';
my @MSGS;
my @safeout = split( /\n/, Cpanel::SafeRun::Simple::saferun( '/sbin/iptables', '-L', 'OUTPUT', '-n' ) );
if ( grep( /OUTPUT/, @safeout ) ) { # iptables is installed and working
my @testout = grep( !/(^target|^acctboth|\sOUTPUT\s)/, @safeout );
if ( !@testout ) {
push @MSGS, "No outbound firewall detected. Users can IRC, and freely connect to remote servers.";
}
}
my @safein = split( /\n/, Cpanel::SafeRun::Simple::saferun( '/sbin/iptables', '-L', 'INPUT', '-n' ) );
if ( grep( /INPUT/, @safein ) ) { # iptables is installed and working
my @testin = grep( !/(^target|^acctboth|\sINPUT\s)/, @safein );
if ( !@testin ) {
push @MSGS, "No inbound firewall detected. Users can run daemons that can be connected to from the outside world.";
}
}
if (@MSGS) {
foreach my $msg (@MSGS) {
print "[firewallcheck] $msg\n";
}
Cpanel::Notify::notification(
'app' => 'firewallcheck',
'status' => 'failed',
'priority' => 1,
'interval' => 400,
'subject' => qq{[firewallcheck] Incomplete or missing firewall dectected.},
'message' => join( "\n", @MSGS ) . "\n\nCurrent Firewall Configuration:\n\n" . join( "\n", @safeout ) . "\n\n" . join( "\n", @safein ),
);
}