Class: Inspec::Resources::FirewallD

Inherits:
Object
  • Object
show all
Defined in:
lib/inspec/resources/firewalld.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeFirewallD

Returns a new instance of FirewallD.



49
50
51
 
# File 'lib/inspec/resources/firewalld.rb', line 49

def initialize
  @params = parse_active_zones(active_zones)
end

Instance Attribute Details

#paramsObject (readonly)

Returns the value of attribute params.



28
29
30
 
# File 'lib/inspec/resources/firewalld.rb', line 28

def params
  @params
end

Instance Method Details

#default_zoneObject 



71
72
73
74
75
 
# File 'lib/inspec/resources/firewalld.rb', line 71

def default_zone
  # return: word associated with the name of the default zone
  # example: 'public'
  firewalld_command("--get-default-zone")
end

#has_port_enabled_in_zone?(query_port, query_zone = default_zone) ⇒ Boolean

Returns:

  • (Boolean) 


93
94
95
 
# File 'lib/inspec/resources/firewalld.rb', line 93

def has_port_enabled_in_zone?(query_port, query_zone = default_zone)
  firewalld_command("--permanent --zone=#{query_zone} --query-port=#{query_port}") == "yes"
end

#has_rule_enabled?(rule, query_zone = default_zone) ⇒ Boolean

Returns:

  • (Boolean) 


97
98
99
100
 
# File 'lib/inspec/resources/firewalld.rb', line 97

def has_rule_enabled?(rule, query_zone = default_zone)
  rule = "rule #{rule}" unless rule.start_with?("rule")
  firewalld_command("--permanent --zone=#{query_zone} --query-rich-rule='#{rule}'") == "yes"
end

#has_service_enabled_in_zone?(query_service, query_zone = default_zone) ⇒ Boolean

Returns:

  • (Boolean) 


77
78
79
 
# File 'lib/inspec/resources/firewalld.rb', line 77

def has_service_enabled_in_zone?(query_service, query_zone = default_zone)
  firewalld_command("--permanent --zone=#{query_zone} --query-service=#{query_service}") == "yes"
end

#has_zone?(query_zone) ⇒ Boolean

Returns:

  • (Boolean) 


57
58
59
60
61
62
 
# File 'lib/inspec/resources/firewalld.rb', line 57

def has_zone?(query_zone)
  return false unless installed?

  result = firewalld_command("--get-zones").split(" ")
  result.include?(query_zone)
end

#installed?Boolean

Returns:

  • (Boolean) 


53
54
55
 
# File 'lib/inspec/resources/firewalld.rb', line 53

def installed?
  inspec.command("firewall-cmd").exist?
end

#running?Boolean

Returns:

  • (Boolean) 


64
65
66
67
68
69
 
# File 'lib/inspec/resources/firewalld.rb', line 64

def running?
  return false unless installed?

  result = firewalld_command("--state")
  result =~ /^running/ ? true : false
end

#service_ports_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object 



81
82
83
84
85
 
# File 'lib/inspec/resources/firewalld.rb', line 81

def service_ports_enabled_in_zone(query_service, query_zone = default_zone)
  # return: String of ports open
  # example: ['22/tcp', '4722/tcp']
  firewalld_command("--permanent --zone=#{query_zone} --service=#{query_service} --get-ports").split(" ")
end

#service_protocols_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object 



87
88
89
90
91
 
# File 'lib/inspec/resources/firewalld.rb', line 87

def service_protocols_enabled_in_zone(query_service, query_zone = default_zone)
  # return: String of protocols open
  # example: ['icmp', 'ipv4', 'igmp']
  firewalld_command("--permanent --zone=#{query_zone} --service=#{query_service} --get-protocols").split(" ")
end

#to_sObject 



102
103
104
 
# File 'lib/inspec/resources/firewalld.rb', line 102

def to_s
  "Firewall Rules"
end