From 36ed916b96cadd052526e92864213e5aee4f3b0f Mon Sep 17 00:00:00 2001
From: "William Hirigoyen (Evolix)" <whirigoyen@evolix.fr>
Date: Wed, 11 May 2022 17:46:08 +0200
Subject: [PATCH] Adapte le check minifirewall pour le cas systemd

---
 minifirewall/files/check_minifirewall | 30 +++++++++++++++++----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/minifirewall/files/check_minifirewall b/minifirewall/files/check_minifirewall
index 17943994..6588c469 100644
--- a/minifirewall/files/check_minifirewall
+++ b/minifirewall/files/check_minifirewall
@@ -10,29 +10,37 @@ is_alert5_enabled() {
   if test -f /etc/init.d/alert5; then
     test -f /etc/rc2.d/S*alert5
   else
-    systemctl is-enabled alert5 -q
+    systemctl is-active alert5 | grep -q "^active$"
   fi
 }
 
 is_minifirewall_enabled() {
   # TODO: instead of nested conditionals, we could loop with many possible paths
   # and grep the first found, or error if none is found
-  if test -f /etc/rc2.d/S*alert5; then
-    grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5
+  if [ -f /etc/systemd/system/minifirewall.service ]; then
+    systemctl is-enabled minifirewall 2>&1 > /dev/null
   else
-    if test -f /usr/share/scripts/alert5.sh; then
-      grep -q "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh
+    if test -f /etc/rc2.d/S*alert5; then
+      grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5
     else
-      return_critical "No Alert5 scripts has been found."
+      if test -f /usr/share/scripts/alert5.sh; then
+        grep -q "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh
+      else
+        return_critical "No Alert5 scripts has been found."
+      fi
     fi
   fi
 }
 
 is_minifirewall_started() {
-  if test -x /usr/share/scripts/minifirewall_status; then
-    /usr/share/scripts/minifirewall_status > /dev/null
+  if [ -f /etc/systemd/system/minifirewall.service ]; then
+    systemctl is-active minifirewall 2>&1 > /dev/null
   else
-    /sbin/iptables -L -n | grep -q -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
+    if test -x /usr/share/scripts/minifirewall_status; then
+      /usr/share/scripts/minifirewall_status > /dev/null
+    else
+      /sbin/iptables -L -n | grep -q -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
+    fi
   fi
 }
 
@@ -61,9 +69,9 @@ main() {
       fi
     else
       if is_minifirewall_started; then
-        return_warning "Minifirewall is started, but disabled in alert5."
+        return_warning "Minifirewall is started, but disabled in alert5 or systemd."
       else
-        return_ok "Minifirewall is not started, but disabled in alert5."
+        return_ok "Minifirewall is not started, but disabled in alert5 or systemd."
       fi
     fi
   else