class Inspec::Resources::IpTables

Public Class Methods

new(params = {}) click to toggle source
# File lib/inspec/resources/iptables.rb, line 33
def initialize(params = {})
  @table = params[:table]
  @chain = params[:chain]

  # we're done if we are on linux
  return if inspec.os.linux?

  # ensures, all calls are aborted for non-supported os
  @iptables_cache = []
  skip_resource "The `iptables` resource is not supported on your OS yet."
end

Public Instance Methods

has_rule?(rule = nil, _table = nil, _chain = nil) click to toggle source
# File lib/inspec/resources/iptables.rb, line 45
def has_rule?(rule = nil, _table = nil, _chain = nil)
  # checks if the rule is part of the ruleset
  # for now, we expect an exact match
  retrieve_rules.any? { |line| line.casecmp(rule) == 0 }
end
retrieve_rules() click to toggle source
# File lib/inspec/resources/iptables.rb, line 51
def retrieve_rules
  return @iptables_cache if defined?(@iptables_cache)

  # construct iptables command to read all rules
  bin = find_iptables_or_error
  table_cmd = "-t #{@table}" if @table
  iptables_cmd = format("%s %s -S %s", bin, table_cmd, @chain).strip

  cmd = inspec.command(iptables_cmd)
  return [] if cmd.exit_status.to_i != 0

  # split rules, returns array or rules
  @iptables_cache = cmd.stdout.split("\n").map(&:strip)
end
to_s() click to toggle source
# File lib/inspec/resources/iptables.rb, line 66
def to_s
  format("Iptables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
end

Private Instance Methods

find_iptables_or_error() click to toggle source
# File lib/inspec/resources/iptables.rb, line 72
def find_iptables_or_error
  %w{/usr/sbin/iptables /sbin/iptables iptables}.each do |cmd|
    return cmd if inspec.command(cmd).exist?
  end

  raise Inspec::Exceptions::ResourceFailed, "Could not find `iptables`"
end