Application list with non-hardcoded ports possible?
Hello,
would it be possible to get the actual sshd listening port instead of using the hard-coded port 22?
That could be achieved by generating the applications profiles dynamically upon installation and maybe update upon running ufw?
I'm asking specifically because of SSH – as it's not uncommon to change the default port and it would be nice if the application profile for SSH and/or OpenSSH was updated automatically.
Currently I'm using the bash script below to update the SSH port for all profiles using port 22 or ending in SSH, if the port has been changed already:
```bash
#! /usr/bin/env bash
epoch=$(date +%s)
profiles_
cd $profiles_dir
# get all active listening ports from /etc/ssh/
arr_ssh_
# alternaives:
# grep -E "^Port" /etc/ssh/
# awk '$1 ~ "^Port" {print $2}' /etc/ssh/
# sed -ne '/^Port/{s/[Port ]//g;p}' /etc/ssh/
# convert the bash array to a comma separated string
comma_separated
# alternative:
# echo ${ur_ssh[@]} | sed 's/ /,/g'
# without using bash arrays:
# string_
# comma_separated
# assume port 22 is only used for SSH, find all profiles, store in string
ssh_22_
if [[ -n $ssh_22_profiles ]]; then
# create backup tar of all profiles to be changed
echo "Creating backup: ssh_22_
tar cvf ../ssh_
echo -e "\nCurrent profile(s):"
grep -ih 'SSH]' -A 3 *
for f in $ssh_22_profiles ; do
sed -i -e 's!ports=
done
echo -e "\nNew profile(s):"
grep -ih 'SSH]' -A 3 *
else
# port has been changed before, is no longer default 22
current_
sshd_
if [[ $current_
ssh_
echo "Creating backup: ssh_profiles_
tar cvf ../ssh_
echo -e "\nCurrent profile(s):"
grep -ih 'SSH]' -A 3 *
for f in $ssh_profiles ; do
sed -i -e 's!'$current_
done
echo -e "\nNew profile(s):"
grep -ih 'SSH]' -A 3 *
else
echo "Ports in profiles match sshd configuration: $comma_
fi
fi
```
Question information
- Language:
- English Edit question
- Status:
- Expired
- For:
- Ubuntu ufw Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply: