I wanted to test the OPSI client management. When I uninstalled the OPSI link at https:///univention/portal was still there and when searching UCR for “opsi” I still found the firewall rules.
I would consider this a security risk when an app uninstall leaves firewall ports open.
Hey,
You can remove the portal link by logging in to the UMC (Univention Management Console), visiting the “LDAP directory” module, navigating to univention → portal in the LDAP tree and deleting the corresponding entry.
Firewall rules are stored as UCR (Univention Config Registry) variables. You can browse and delete them manually, either from the command line with the ucr command or from within the UMC: “System” → “Univention Config Registry”. Afterwards make sure to restart the univention-firewall service.
I don’t entirely agree that this is really a security risk. It is only a risk if there’s actually a program listening on one of the open sockets. If there isn’t, then the operating system will simply respond with “nothing to see here, move along” to connection attempts on the unblocked ports. Strictly speaking the firewall rules should have been removed, true, but the risk isn’t suddenly higher than it was before OPSI was installed.
Kind regards,
mosu
The the web portal it reported that the firewall entries are read only.
I removed them from the command line
ucr unset security/packetfilter/package/opsi4ucs/tcp/4447/all/en \
security/packetfilter/package/opsi4ucs/tcp/4447/all \
security/packetfilter/package/opsi4ucs/udp/69/all/en \
security/packetfilter/package/opsi4ucs/udp/69/all
The firewall service restarted automatically.
Who is responsible for the OPSI package? I would like to report this as a bug.
Hi,
This is maintained by uib.
I openend an internal ticket so that a future update will have these rules removed.
Bye