Last active
November 10, 2017 21:52
-
-
Save danpritts/b3ad5417b486be8d2ab7785e13d64426 to your computer and use it in GitHub Desktop.
wrapper for semanage port -a - takes a list, checks to see if any on list are already defined, adds whatever else is needed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl -w | |
# add an port to an selinux foo_port_t | |
# don't attempt to re-add ports that are already there - that is very slow | |
# possible to-do: see if a port is already added as someother_port_t | |
use Getopt::Long; | |
my $port_type=''; | |
# udp also accepted as command line arg | |
my $ip_protocol="tcp"; | |
my @portswanted; | |
&GetOptions( | |
"type=s" => \$port_type, | |
"protocol=s" => \$ip_protocol, | |
"port=i" => \@portswanted, | |
); | |
if ( ! $port_type ) { | |
die "must specify --type=port_type_name"; | |
} | |
# allow user to shortcut entering the _port_t suffix | |
if ( $port_type !~ m{_port_t$} ) { | |
$port_type= $port_type . "_port_t"; | |
} | |
@portswanted=(@portswanted,@ARGV); | |
open (SEMANAGE, "semanage port --list |") or die "can't open semanage port list pipe"; | |
my %portenabled; | |
my %portneeded; | |
my $found_port_type=0; | |
while (my $line=<SEMANAGE>) { | |
next unless ($line=~m{^$port_type\s+$ip_protocol}); | |
if ($found_port_type) { | |
die "error parsing semanage port --list, got duplicate line for $port_type\n$line\n"; | |
} | |
$found_port_type=1; | |
chomp $line; | |
# http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 | |
$line =~ s{[^\d\s-]}{}g; | |
$line =~ s{^\s+}{}; | |
#print "before split: $line\n"; | |
my @ports=split(m{\s+}, $line); | |
#print "entering foreach @ports\n"; | |
foreach my $port (@ports) { | |
#print "port is $port\n"; | |
#print ("at-ports is ", join(" ",@ports), "\n"); | |
if ($port =~ m{-}) { | |
#print "port is $port\n"; | |
my ($firstport, $lastport)=split(m{-}, $port); | |
#print "firstport $firstport, last $lastport\n"; sleep 1; | |
foreach my $num ($firstport..$lastport) { | |
push (@ports, $num); | |
} | |
} | |
} | |
foreach my $port (@ports) { | |
$portenabled{$port}=1; | |
} | |
} | |
if ( ! $found_port_type ) { | |
die "port type $port_type not found, do semanage port --list"; | |
} | |
foreach my $wantedport (@portswanted) { | |
if ( $wantedport !~ m{^\d+$} ) { | |
die "$0: arguments must be $port_type port numbers"; | |
} | |
if ( $portenabled{$wantedport} ) { | |
print "$wantedport already enabled\n"; | |
next; | |
} | |
$portneeded{$wantedport}=1; | |
} | |
foreach my $neededport (keys %portneeded) { | |
print "adding port $neededport (be patient)\n"; | |
my $cmd="/usr/sbin/semanage port -a -t $port_type -p tcp $neededport"; | |
system($cmd); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment