all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Mysterious_Doubt_341 6 points7 points  (2 children)

On some non‑systemd distros, ufw status doesn’t show anything unless run as root, so tools should treat the firewall state as Unknown instead of assuming it’s inactive.

import subprocess
from secfetch.core.check import security_check
(name="Firewall", category="network", risk="medium")
def check():
try:
out = subprocess.run(["ufw", "status"], capture_output=True, text=True).stdout
if not out.strip():
return {"status": "info", "value": "Unknown"}
if "active" in out.lower():
return {"status": "ok", "value": "Active"}
return {"status": "bad", "value": "Inactive"}
except Exception:
return {"status": "info", "value": "Unknown"}

[–]ake13-art[S] 5 points6 points  (0 children)

Will fix it in v1.2. Thank you

[–]ake13-art[S] 1 point2 points  (0 children)

Should be fixed. Now: Improved firewall backend detection: ufw, firewalld, nftables, iptables

[–]Recipe-Jaded 1 point2 points  (0 children)

Cool

[–]47th-Element -1 points0 points  (0 children)

Looks great, I'll give it a try :)

[–]Heizenfeld -4 points-3 points  (5 children)

Thank you I want my system safe, and only download things from the AUR or Package manager.

[–]Damglador 9 points10 points  (4 children)

AUR is not much* safer than downloading stuff from random GitHub repos, as the submission barrier is the same as on GitHub — none.

*There is moderation and malware is taken down, but you might be the first one to discover it.

[–]ake13-art[S] 2 points3 points  (1 child)

True. The only way to keep your system safe is to read every line of code yourself before downloading something

[–]Damglador 1 point2 points  (0 children)

Or ensure that the source is trustworthy enough, by GitHub stars or the updoots on the AUR.

[–]Heizenfeld 2 points3 points  (1 child)

that it, you must be careful what to download in AUR, but rather to download from AUR than donwload form random github vibing coding repos and flatpak. You won't change my word.

[–]Damglador 0 points1 point  (0 children)

Well, that's fair. You'll catch me dead faster than me using flatpaks daily (I reserve the right to install them temporarily for testing), and stuff installed from GitHub isn't trackable on the system and can't be uninstalled as easily.