I’m following instructions to automate the installation of Ubuntu Server 12.04 using kickstart. It works well for automatically partitioning the drives, selecting languages etc. However, it doesn’t configure the firewall. It is a known issue.
Running without a firewall isn’t a good idea. How does one configure the UFW firewall during installation to prevent unauthorized access to the server?
The kickstart file I have looks as follows (with only the username changed)
#System language lang en_US #Language modules to install langsupport en_US #System keyboard keyboard us #System mouse mouse #System timezone timezone America/Los_Angeles #Root password rootpw --disabled #Initial user user johnd --fullname "John Doe" --iscrypted --password <omitted> #Reboot after installation reboot #Use text mode install text #Install OS instead of upgrade install #Use CDROM installation media cdrom #System bootloader configuration bootloader --location=mbr #Clear the Master Boot Record zerombr yes #Partition clearing information clearpart --all --initlabel #Disk partitioning information part / --fstype ext4 --size 1 --grow part swap --recommended #System authorization infomation auth --useshadow --enablemd5 #Network information network --bootproto=dhcp --device=eth0 #Firewall configuration firewall --enabled --trust=eth0 --ssh #Do not configure the X Window System skipx
I added the following the file above:
%post mkdir /usr/sample ufw enable ufw allow 22
After the installation, the directory
/usr/sample exists, but the firewall is still disabled and access to port 22 isn’t allowed.
You may use the
%post (post-installation) part of the kickstart file to run the firewall rules, or even create a basic firewall script.
%post mkdir /usr/sample sed -i 's/^\(ENABLE=\s*\).*$/\1yes/' /etc/ufw/ufw.conf sed -i 's/^COMMIT/-A ufw-before-input -p tcp --dport 22 -j ACCEPT\n\nCOMMIT/' /etc/ufw/before.rules ufw status verbose > /usr/sample/ufw_out.log
Try and see if this will work. Maybe a little to over, but if this works, may be a nice workaround.