I thought all went well with the upgrade to 2.2.12 until I saw blocked IPs appearing in my security logs. Would it be possible to check for the existence of /etc/Bastille/firewall.d and if it exists copy the contents during an upgrade? Thank God you already make a backup first.
I double checked the install script. The /etc/Bastille directory is backed up in it's entirety but the /etc/Bastille/firewall.d directory is not recreated or copied when the upgrade is complete. Code: if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date), $FILE, __LINE__); @mkdir("/etc/Bastille", octdec($directory_mode)); caselog("cp -f isp/conf/bastille-firewall.cfg.master /etc/Bastille/bastille-firewall.cfg", $FILE, __LINE__); caselog("chmod 644 /etc/Bastille/bastille-firewall.cfg", $FILE, __LINE__); $conf = rf("/etc/Bastille/bastille-firewall.cfg"); $conf = str_replace("{DNS_SERVERS}", "", $conf); $tcp_public_services = ''; $udp_public_services = ''; if($conn = mysql_query("SELECT dienst_port, dienst_typ FROM isp_firewall WHERE dienst_aktiv = 'ja'")){ while($row = mysql_fetch_array($conn)){ if($row['dienst_typ'] == 'tcp') $tcp_public_services .= $row['dienst_port'].' '; if($row['dienst_typ'] == 'udp') $udp_public_services .= $row['dienst_port'].' '; } $tcp_public_services = trim($tcp_public_services); $udp_public_services = trim($udp_public_services); } else { $tcp_public_services = '21 22 25 53 80 81 110 443 10000'; $udp_public_services = '53'; } $conf = str_replace("{TCP_PUBLIC_SERVICES}", $tcp_public_services, $conf); $conf = str_replace("{UDP_PUBLIC_SERVICES}", $udp_public_services, $conf); wf("/etc/Bastille/bastille-firewall.cfg", $conf); Perhaps this would work inserted after the last line shown... Code: if(is_dir("/etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date)."/firewall.d") { @mkdir("/etc/Bastille/firewall.d", octdec($directory_mode)); caselog("cp -f /etc/Bastille.backup_".date("m_d_Y__H_i_s", $current_date)."/firewall.d/post-rule-setup.sh /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__); caselog("chmod 644 /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__); }
Have you ever been doing something totally unrelated to ISPC and suddenly had something come to mind that could be a problem for ISPC? Well I just did... If you use my solution above, this should be place in a variable... Code: date("m_d_Y__H_i_s", $current_date) Such as... Code: $backup_date == date("m_d_Y__H_i_s", $current_date); Changing the code sections to... Code: $backup_date == date("m_d_Y__H_i_s", $current_date); if(is_dir("/etc/Bastille")) caselog("mv -f /etc/Bastille /etc/Bastille.backup_".$backup_date, $FILE, __LINE__); @mkdir("/etc/Bastille", octdec($directory_mode)); .... .... Code: if(is_dir("/etc/Bastille.backup_".$backup_date."/firewall.d") { @mkdir("/etc/Bastille/firewall.d", octdec($directory_mode)); caselog("cp -f /etc/Bastille.backup_".$backup_date."/firewall.d/post-rule-setup.sh /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__); caselog("chmod 644 /etc/Bastille/firewall.d/post-rule-setup.sh", $FILE, __LINE__); } Otherwise if a user begins this part of the code at 23:59:59:XX it is possible that the current date will change and the part of the code to copy the directory will fail.
