talas-group/04_INFRA_DEPLOIEMENT/cleanup_ports.sh

#!/bin/bash

echo "=== 🔥 HARDENING PORTS FEDORA ==="

# 1. Firewall ON + reset
echo "[+] Configuration firewall..."
sudo systemctl enable --now firewalld
sudo firewall-cmd --set-default-zone=public
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

# 2. Stop Docker containers (gros nettoyage ports)
echo "[+] Arrêt des containers Docker..."
if command -v docker &> /dev/null; then
    docker stop $(docker ps -q) 2>/dev/null
fi

# 3. Désactiver Docker au démarrage (optionnel mais safe)
echo "[+] Désactivation Docker au boot..."
sudo systemctl disable docker --now

# 4. Désactiver services réseau inutiles
echo "[+] Désactivation services inutiles..."

sudo systemctl disable --now wsdd 2>/dev/null
sudo systemctl disable --now avahi-daemon 2>/dev/null
sudo systemctl disable --now cups 2>/dev/null
sudo systemctl disable --now passim 2>/dev/null

# 5. Kill des serveurs node exposés
echo "[+] Nettoyage des serveurs Node exposés..."
for pid in $(ss -tulnp | grep LISTEN | grep node | awk -F'pid=' '{print $2}' | cut -d',' -f1); do
    echo "Killing Node PID $pid"
    kill -9 $pid 2>/dev/null
done

# 6. Kill ports exposés non désirés (hors localhost)
echo "[+] Fermeture des ports publics suspects..."
for pid in $(ss -tulnp | grep LISTEN | grep "0.0.0.0" | grep -v sshd | awk -F'pid=' '{print $2}' | cut -d',' -f1); do
    echo "Killing PID $pid"
    kill -9 $pid 2>/dev/null
done

# 7. Désactiver IP forwarding
echo "[+] Désactivation IP forwarding..."
sudo sysctl -w net.ipv4.ip_forward=0

# 8. Résumé
echo ""
echo "=== ✅ ETAT FINAL ==="
ss -tulnp | grep LISTEN

echo ""
echo "🔥 Nettoyage terminé"
Initial commit: Talas Group project management & documentation Knowledge base of ~80+ markdown files across 14 domains (00-13), Logseq graph, hardware design files (KiCAD), infrastructure configs, and talas-wiki static site. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-04 18:10:41 +00:00			`#!/bin/bash`

			`echo "=== 🔥 HARDENING PORTS FEDORA ==="`

			`# 1. Firewall ON + reset`
			`echo "[+] Configuration firewall..."`
			`sudo systemctl enable --now firewalld`
			`sudo firewall-cmd --set-default-zone=public`
			`sudo firewall-cmd --permanent --add-service=ssh`
			`sudo firewall-cmd --reload`

			`# 2. Stop Docker containers (gros nettoyage ports)`
			`echo "[+] Arrêt des containers Docker..."`
			`if command -v docker &> /dev/null; then`
			`docker stop $(docker ps -q) 2>/dev/null`
			`fi`

			`# 3. Désactiver Docker au démarrage (optionnel mais safe)`
			`echo "[+] Désactivation Docker au boot..."`
			`sudo systemctl disable docker --now`

			`# 4. Désactiver services réseau inutiles`
			`echo "[+] Désactivation services inutiles..."`

			`sudo systemctl disable --now wsdd 2>/dev/null`
			`sudo systemctl disable --now avahi-daemon 2>/dev/null`
			`sudo systemctl disable --now cups 2>/dev/null`
			`sudo systemctl disable --now passim 2>/dev/null`

			`# 5. Kill des serveurs node exposés`
			`echo "[+] Nettoyage des serveurs Node exposés..."`
			`for pid in $(ss -tulnp \| grep LISTEN \| grep node \| awk -F'pid=' '{print $2}' \| cut -d',' -f1); do`
			`echo "Killing Node PID $pid"`
			`kill -9 $pid 2>/dev/null`
			`done`

			`# 6. Kill ports exposés non désirés (hors localhost)`
			`echo "[+] Fermeture des ports publics suspects..."`
			`for pid in $(ss -tulnp \| grep LISTEN \| grep "0.0.0.0" \| grep -v sshd \| awk -F'pid=' '{print $2}' \| cut -d',' -f1); do`
			`echo "Killing PID $pid"`
			`kill -9 $pid 2>/dev/null`
			`done`

			`# 7. Désactiver IP forwarding`
			`echo "[+] Désactivation IP forwarding..."`
			`sudo sysctl -w net.ipv4.ip_forward=0`

			`# 8. Résumé`
			`echo ""`
			`echo "=== ✅ ETAT FINAL ==="`
			`ss -tulnp \| grep LISTEN`

			`echo ""`
			`echo "🔥 Nettoyage terminé"`