cedricAbonnel/scripts-bash
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a84be4f5af021369a1150955c7679581ce3a029
scripts-bash/servers/linux/setup_firewall_ui.sh

113 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# --- 0. VERIFICATION DES DROITS ---
if [ "$EUID" -ne 0 ]; then
echo "❌ Erreur : Ce script doit être lancé avec sudo."
exit 1
fi
# Récupérer le vrai nom de l'utilisateur qui a lancé le sudo
REAL_USER=${SUDO_USER:-$USER}
echo "--- 1. Installation de PHP ---"
apt update && apt install -y php-cli
# --- 2. CONFIGURATION SUDOERS ---
echo "--- 2. Autorisation UFW pour l'utilisateur $REAL_USER ---"
SUDOERS_FILE="/etc/sudoers.d/ufw-php-manager"
if [ ! -f "$SUDOERS_FILE" ]; then
echo "$REAL_USER ALL=(ALL) NOPASSWD: /usr/sbin/ufw" > "$SUDOERS_FILE"
chmod 440 "$SUDOERS_FILE"
echo "✅ Sudoers configuré."
fi
# --- 3. OUVERTURE DU PORT 8080 ---
echo "--- 3. Configuration du Firewall pour l'interface ---"
ufw allow 8080/tcp
echo "✅ Port 8080 ouvert dans UFW."
# --- 4. CREATION DU FICHIER PHP ---
echo "--- 4. Création de firewall.php ---"
cat > firewall.php <<'EOF'
<?php
$protected_ports = ['22', '80', '443', '8080'];
$message = "";
// Action : Ajouter
if (isset($_POST['add_port']) && !empty($_POST['port'])) {
$port = escapeshellarg(trim($_POST['port']));
$proto = escapeshellarg($_POST['proto']);
exec("sudo /usr/sbin/ufw allow $port/$proto", $output, $return);
$message = ($return == 0) ? "✅ Port $port/$proto ouvert." : "❌ Erreur UFW.";
}
// Action : Supprimer
if (isset($_GET['delete'])) {
$id = (int)$_GET['delete'];
exec("sudo /usr/sbin/ufw status numbered", $check_output);
$is_protected = false;
foreach ($check_output as $line) {
if (strpos($line, "[$id]") !== false) {
foreach ($protected_ports as $p) {
if (strpos($line, $p) !== false) $is_protected = true;
}
}
}
if ($is_protected) {
$message = "🛑 Impossible de supprimer un port critique ($id).";
} else {
exec("echo 'y' | sudo /usr/sbin/ufw delete $id", $output, $return);
header("Location: firewall.php?msg=deleted");
exit;
}
}
if (isset($_GET['msg']) && $_GET['msg'] == 'deleted') $message = "🗑️ Règle supprimée.";
exec("sudo /usr/sbin/ufw status numbered", $ufw_output);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>UFW Remote Manager</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css">
</head>
<body class="p-5">
<div class="container is-max-desktop">
<h1 class="title">🔥 UFW Remote Manager</h1>
<?php if ($message) echo "<div class='notification is-info'>$message</div>"; ?>
<div class="box">
<form method="POST" class="field is-grouped">
<input class="input mr-2" type="text" name="port" placeholder="Port">
<div class="select mr-2"><select name="proto"><option value="tcp">TCP</option><option value="udp">UDP</option></select></div>
<button type="submit" name="add_port" class="button is-dark">Ajouter</button>
</form>
</div>
<table class="table is-fullwidth box">
<thead><tr><th>#</th><th>Vers</th><th>Action</th><th>Depuis</th><th>Action</th></tr></thead>
<tbody>
<?php foreach ($ufw_output as $line): ?>
<?php if (preg_match('/\[\s*(\d+)\]\s+(.*?)\s+(ALLOW|DENY|ALLOW IN)\s+(.*)/', $line, $m)): ?>
<tr>
<td><?= $m[1] ?></td><td><code><?= $m[2] ?></code></td><td><?= $m[3] ?></td><td><?= $m[4] ?></td>
<td><a href="?delete=<?= $m[1] ?>" class="button is-small is-danger">Supprimer</a></td>
</tr>
<?php endif; ?>
<?php endforeach; ?>
</tbody>
</table>
</div>
</body>
</html>
EOF
chown $REAL_USER:$REAL_USER firewall.php
# --- 5. LANCEMENT ---
echo "--- 5. Lancement du serveur ---"
echo "🚀 L'interface est disponible sur : http://$(hostname -I | awk '{print $1}'):8080/firewall.php"
echo "Pressez Ctrl+C pour arrêter le serveur."
# Lancer en tant qu'utilisateur normal (pas root) pour plus de sécurité
sudo -u $REAL_USER php -S 0.0.0.0:8080
Reference in New Issue View Git Blame Copy Permalink