class Inspec::Resources::IpTables
Public Class Methods
new(params = {})
click to toggle source
# File lib/inspec/resources/iptables.rb, line 33 def initialize(params = {}) @table = params[:table] @chain = params[:chain] # we're done if we are on linux return if inspec.os.linux? # ensures, all calls are aborted for non-supported os @iptables_cache = [] skip_resource "The `iptables` resource is not supported on your OS yet." end
Public Instance Methods
has_rule?(rule = nil, _table = nil, _chain = nil)
click to toggle source
# File lib/inspec/resources/iptables.rb, line 45 def has_rule?(rule = nil, _table = nil, _chain = nil) # checks if the rule is part of the ruleset # for now, we expect an exact match retrieve_rules.any? { |line| line.casecmp(rule) == 0 } end
retrieve_rules()
click to toggle source
# File lib/inspec/resources/iptables.rb, line 51 def retrieve_rules return @iptables_cache if defined?(@iptables_cache) # construct iptables command to read all rules bin = find_iptables_or_error table_cmd = "-t #{@table}" if @table iptables_cmd = format("%s %s -S %s", bin, table_cmd, @chain).strip cmd = inspec.command(iptables_cmd) return [] if cmd.exit_status.to_i != 0 # split rules, returns array or rules @iptables_cache = cmd.stdout.split("\n").map(&:strip) end
to_s()
click to toggle source
# File lib/inspec/resources/iptables.rb, line 66 def to_s format("Iptables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip end
Private Instance Methods
find_iptables_or_error()
click to toggle source
# File lib/inspec/resources/iptables.rb, line 72 def find_iptables_or_error %w{/usr/sbin/iptables /sbin/iptables iptables}.each do |cmd| return cmd if inspec.command(cmd).exist? end raise Inspec::Exceptions::ResourceFailed, "Could not find `iptables`" end