Class: Inspec::Resources::FirewallD

Inherits:

Object

• Object
• Inspec::Resources::FirewallD

Defined in:

lib/inspec/resources/firewalld.rb

Instance Attribute Summary

• #params ⇒ Object readonly

  Returns the value of attribute params.

Instance Method Summary

• #default_zone ⇒ Object
• #has_port_enabled_in_zone?(query_port, query_zone = default_zone) ⇒ Boolean
• #has_rule_enabled?(rule, query_zone = default_zone) ⇒ Boolean
• #has_service_enabled_in_zone?(query_service, query_zone = default_zone) ⇒ Boolean
• #has_zone?(query_zone) ⇒ Boolean
• #initialize ⇒ FirewallD constructor

  A new instance of FirewallD.

• #installed? ⇒ Boolean
• #running? ⇒ Boolean
• #service_ports_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object
• #service_protocols_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object
• #to_s ⇒ Object

Constructor Details

#initialize ⇒ FirewallD

Returns a new instance of FirewallD.

# File 'lib/inspec/resources/firewalld.rb', line 38

def initialize
  @params = parse_active_zones(active_zones)
end

Instance Attribute Details

#params ⇒ Object (readonly)

Returns the value of attribute params.

# File 'lib/inspec/resources/firewalld.rb', line 28

def params
  @params
end

Instance Method Details

#default_zone ⇒ Object

# File 'lib/inspec/resources/firewalld.rb', line 60

def default_zone
  # return: word associated with the name of the default zone
  # example: 'public'
  firewalld_command("--get-default-zone")
end

#has_port_enabled_in_zone?(query_port, query_zone = default_zone) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/firewalld.rb', line 82

def has_port_enabled_in_zone?(query_port, query_zone = default_zone)
  firewalld_command("--zone=#{query_zone} --query-port=#{query_port}") == "yes"
end

#has_rule_enabled?(rule, query_zone = default_zone) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/firewalld.rb', line 86

def has_rule_enabled?(rule, query_zone = default_zone)
  rule = "rule #{rule}" unless rule.start_with?("rule")
  firewalld_command("--zone=#{query_zone} --query-rich-rule='#{rule}'") == "yes"
end

#has_service_enabled_in_zone?(query_service, query_zone = default_zone) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/firewalld.rb', line 66

def has_service_enabled_in_zone?(query_service, query_zone = default_zone)
  firewalld_command("--zone=#{query_zone} --query-service=#{query_service}") == "yes"
end

#has_zone?(query_zone) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/firewalld.rb', line 46

def has_zone?(query_zone)
  return false unless installed?

  result = firewalld_command("--get-zones").split(" ")
  result.include?(query_zone)
end

#installed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/firewalld.rb', line 42

def installed?
  inspec.command("firewall-cmd").exist?
end

#running? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/firewalld.rb', line 53

def running?
  return false unless installed?

  result = firewalld_command("--state")
  result =~ /^running/ ? true : false
end

#service_ports_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object

# File 'lib/inspec/resources/firewalld.rb', line 70

def service_ports_enabled_in_zone(query_service, query_zone = default_zone)
  # return: String of ports open
  # example: ['22/tcp', '4722/tcp']
  firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-ports --permanent").split(" ")
end

#service_protocols_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object

# File 'lib/inspec/resources/firewalld.rb', line 76

def service_protocols_enabled_in_zone(query_service, query_zone = default_zone)
  # return: String of protocoals open
  # example: ['icmp', 'ipv4', 'igmp']
  firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-protocols --permanent").split(" ")
end

#to_s ⇒ Object

# File 'lib/inspec/resources/firewalld.rb', line 91

def to_s
  "Firewall Rules"
end