chilidog.highland.cc.ks.us

home *** CD-ROM | disk | FTP | other *** search

/ chilidog.highland.cc.ks.us / chilidog.highland.cc.ks.us.zip / chilidog.highland.cc.ks.us / backup / bradford.20110725.etc.tar.gz / bradford.20110725.etc.tar / etc / sysconfig / scripts / SuSEfirewall2-rpcinfo < prev next >

Wrap

Text File | 2006-04-22 | 4KB | 149 lines

#!/usr/bin/perl -w # SuSEfirewall2-rpcinfo - helper script for SuSEfirewall2 # Copyright (C) 2004 SUSE Linux AG # Copyright (C) 2005 SUSE Linux Products GmbH # # Author: Ludwig Nussel # # Please send feedback via http://www.suse.de/feedback # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # version 2 as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # determine ports of RPC services specified on the command line and print them # as iptables command line parameters. Only services that are actually running # and are running as root are printed. use strict; #use Data::Dumper; if ($#ARGV < 0) { print STDERR "Usage: $0 <service ...>\n\n"; exit 1; } # { # 'ypbind' => [ # { # 'udp' => [ # 979 # ], # 'tcp' => [ # 982 # ], # 'sport' => '666:777', # 'net' => '10.10.0.1/32' # }, # } my %services; foreach my $service (@ARGV) { my @a = split(/,/,$service); if( $#a == 0) { push @{$services{$service}}, {}; } elsif ($#a >= 2 && $a[1] eq '_rpc_') { my %h = (); $h{'net'} = $a[0] if($a[0] && length($a[0])); $h{'sport'} = $a[3] if($a[3] && length($a[3])); push @{$services{$a[2]}}, \%h; } } my %udpports = (); my %tcpports = (); # collect registered rpc services open (RPCINFO, '/usr/sbin/rpcinfo -p localhost|') or die; <RPCINFO>; # header line while(<RPCINFO>) { chomp; my @line = split; next if($#line < 4); next unless (exists $services{$line[4]}); if($line[2] eq 'udp') { $udpports{$line[3]} = $line[4]; } elsif($line[2] eq 'tcp') { $tcpports{$line[3]} = $line[4]; } } close RPCINFO; # @param file # @param hashref sub getportsfor($$) { my ($proto, $href) = @_; # check if the registered ports are actually used and whether they are # owned by a process running as root open (FILE, '<', "/proc/net/$proto") or die; <FILE>; # header line my $ret = 0; while(<FILE>) { chomp; my @line = split; next if($line[7] != 0); # only root allowed my ($addr, $port) = split(/:/, $line[1], 2); $port = pack('H*', $port); # "007B" => "\x00\x7B" $port = unpack('n', $port); # "\x00\x7B" => 0x007B if(exists $href->{$port}) { ++$ret; foreach my $h (@{$services{$href->{$port}}}) { push @{$h->{$proto}}, $port; } } } close FILE; # always also add portmapper if($ret && !exists $services{'portmapper'}) { push @{$services{'portmapper'}}, { tcp => [111], udp => [111] }; } } getportsfor('udp', \%udpports); getportsfor('tcp', \%tcpports); #print Dumper(\%services); foreach my $l (values %services) { foreach my $h (@$l) { foreach my $proto (('udp', 'tcp')) { if(exists($h->{$proto})) { foreach my $port (@{$h->{$proto}}) { print "-p $proto --dport $port"; print " --sport ".$h->{'sport'} if exists $h->{'sport'}; print " -s ".$h->{'net'} if exists $h->{'net'}; print "\n"; } } } } }