Merge pull request #2555 from wazuh/enhancement/2539-wazuh-deployment…

…-on-rocky-linux-8-ignore-option-leads-to-communication-issues-to4.7.0 Firewall validation in the installation assistant
wazuh · Oct 25, 2023 · 1de7e7f · 1de7e7f
2 parents 50d8add + d7db0a9
commit 1de7e7f
Showing 1 changed file with 56 additions and 0 deletions.
diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh
@@ -330,6 +330,8 @@ function checks_ports() {
     used_port=0
     ports=("$@")
 
+    checks_firewall "${ports[@]}"
+
     if command -v lsof > /dev/null; then
         port_command="lsof -sTCP:LISTEN  -i:"
     else
@@ -376,3 +378,57 @@ function checks_available_port() {
         done
     fi
 }
+
+function checks_firewall(){
+    ports_list=("$@")
+    f_ports=""
+    f_message="The system has firewall enabled. Please ensure that traffic is allowed on "
+    firewalld_installed=0
+    ufw_installed=0
+
+
+    # Record of the ports that must be exposed according to the installation
+    if [ -n "${AIO}" ]; then
+        f_message+="these ports: 1515, 1514, ${http_port}"
+    elif [ -n "${dashboard}" ]; then
+        f_message+="this port: ${http_port}"
+    else
+        f_message+="these ports:"
+        for port in "${ports_list[@]}"; do
+            f_message+=" ${port},"
+        done
+
+        # Deletes last comma
+        f_message="${f_message%,}"
+    fi
+
+    # Check if the firewall is installed
+    if [ "${sys_type}" == "yum" ]; then
+        if yum list installed 2>/dev/null | grep -q -E ^"firewalld"\\.;then
+            firewalld_installed=1
+        fi
+        if yum list installed 2>/dev/null | grep -q -E ^"ufw"\\.;then
+            ufw_installed=1
+        fi
+    elif [ "${sys_type}" == "apt-get" ]; then
+        if apt list --installed 2>/dev/null | grep -q -E ^"firewalld"\/; then
+            firewalld_installed=1
+        fi
+        if apt list --installed 2>/dev/null | grep -q -E ^"ufw"\/; then
+            ufw_installed=1
+        fi
+    fi
+
+    # Check if the firewall is running
+    if [ "${firewalld_installed}" == "1" ]; then
+        if firewall-cmd --state 2>/dev/null | grep -q -w "running"; then
+            common_logger -w "${f_message/firewall/Firewalld}."
+        fi
+    fi
+    if [ "${ufw_installed}" == "1" ]; then
+        if ufw status 2>/dev/null | grep -q -w "active"; then
+            common_logger -w "${f_message/firewall/UFW}."
+        fi
+    fi
+
+}