Configure firewall testing, UI security, and auto update settings.
juggernaut --task=firewall:initial
Option |
Value | Default | Description |
---|---|---|---|
--TESTING |
<1|0> | 0 | Enable firewall testing mode. This option will enable a CRON job that will clear iptables when you start the firewall. This should be enabled until you are sure that the firewall works. The login failure daemon will not start while this is enabled. Make sure to disable this option and restart the firewall after everything is configured correctly. |
--TESTING_INTERVAL |
<1-60> | 5 | The testing interval in minutes when the CRON job will clear iptables. This option uses the servers system clock so the CRON job will run past the hour and not from when you issue the firewall start command. |
--RESTRICT_UI |
<0-2> | 0 | Restricts the ability to modify some firewall settings from within the user interface. If the panel interface was compromised these restricted options could be used to further compromise the server. |
--RESTRICT_SYSLOG |
<0-2> | 2 | Syslog and rsyslog are vulnerable to spoofing (they allow end-users to log messages to some system logs via the same unix socket that other local services use). This option can disable all LFD features that rely on syslog and rsyslog logs. |
--RESTRICT_SYSLOG_GROUP |
<string> | mysyslog | This setting is used if RESTRICT_SYSLOG is set to "Restrict syslog/rsyslog access to RESTRICT_SYSLOG_GROUP". It restricts write access to the syslog/rsyslog unix socket(s). The group must not already exist in /etc/groups before setting RESTRICT_SYSLOG to 3, so set the option to a unique name for the server. Using this option will prevent some legitimate logging, e.g. end-user cronjob logs. |
--AUTO_UPDATES |
<1|0> | 1 | Enable firewall auto updates. This option adds a daily CRON job that will update the firewall and login failure daemon automatically if an update is available. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// enable TESTING
juggernaut --task=firewall:initial --TESTING=1 --restart=yes
// reset TESTING back to default
juggernaut --task=firewall:initial --default_option=TESTING --restart=yes
// reset all settings back to default
juggernaut --task=firewall:initial --default=yes --restart=yes