class Inspec::Resources::FirewallD
Attributes
params[R]
Public Class Methods
new()
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 38 def initialize @params = parse_active_zones(active_zones) end
Public Instance Methods
default_zone()
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 60 def default_zone # return: word associated with the name of the default zone # example: 'public' firewalld_command("--get-default-zone") end
has_port_enabled_in_zone?(query_port, query_zone = default_zone)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 82 def has_port_enabled_in_zone?(query_port, query_zone = default_zone) firewalld_command("--zone=#{query_zone} --query-port=#{query_port}") == "yes" end
has_rule_enabled?(rule, query_zone = default_zone)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 86 def has_rule_enabled?(rule, query_zone = default_zone) rule = "rule #{rule}" unless rule.start_with?("rule") firewalld_command("--zone=#{query_zone} --query-rich-rule='#{rule}'") == "yes" end
has_service_enabled_in_zone?(query_service, query_zone = default_zone)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 66 def has_service_enabled_in_zone?(query_service, query_zone = default_zone) firewalld_command("--zone=#{query_zone} --query-service=#{query_service}") == "yes" end
has_zone?(query_zone)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 46 def has_zone?(query_zone) return false unless installed? result = firewalld_command("--get-zones").split(" ") result.include?(query_zone) end
installed?()
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 42 def installed? inspec.command("firewall-cmd").exist? end
running?()
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 53 def running? return false unless installed? result = firewalld_command("--state") result =~ /^running/ ? true : false end
service_ports_enabled_in_zone(query_service, query_zone = default_zone)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 70 def service_ports_enabled_in_zone(query_service, query_zone = default_zone) # return: String of ports open # example: ['22/tcp', '4722/tcp'] firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-ports --permanent").split(" ") end
service_protocols_enabled_in_zone(query_service, query_zone = default_zone)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 76 def service_protocols_enabled_in_zone(query_service, query_zone = default_zone) # return: String of protocoals open # example: ['icmp', 'ipv4', 'igmp'] firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-protocols --permanent").split(" ") end
to_s()
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 91 def to_s "Firewall Rules" end
Private Instance Methods
active_zones()
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 97 def active_zones # return syntax: # [default-zone-name] # interfaces: [open interfases] # # example: # public # interfaces: enp0s3 firewalld_command("--get-active-zones") end
firewalld_command(command)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 138 def firewalld_command(command) command = "firewall-cmd #{command}" result = inspec.command(command) if result.stderr != "" return "Error on command #{command}: #{result.stderr}" end result.stdout.strip end
parse_active_zones(content)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 108 def parse_active_zones(content) # Split by every second line, which contains the zone and the interfaces. content = content.split(/\n/).each_slice(2).map { |slice| slice.join("\n") } content.map do |line| parse_line(line) end.compact end
parse_line(line)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 116 def parse_line(line) zone = line.split("\n")[0] { "zone" => zone, "interfaces" => line.split(":")[1].split(" "), "services" => services_bound(zone), "sources" => sources_bound(zone), } end
services_bound(query_zone)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 132 def services_bound(query_zone) # result: a list of services bound to a zone. # example: ['ssh', 'dhcpv6-client'] firewalld_command("--zone=#{query_zone} --list-services").split(" ") end
sources_bound(query_zone)
click to toggle source
# File lib/inspec/resources/firewalld.rb, line 126 def sources_bound(query_zone) # result: a list containing either an ip address or ip address with a mask, or a ipset or an ipset with the ipset prefix. # example: ['192.168.0.4', '192.168.0.0/16', '2111:DB28:ABC:12::', '2111:db89:ab3d:0112::0/64'] firewalld_command("--zone=#{query_zone} --list-sources").split(" ") end