Class: Inspec::Resources::IpFilter

Inherits:

Object

• Object
• Inspec::Resources::IpFilter

Defined in:

lib/inspec/resources/ipfilter.rb

Instance Method Summary

• #has_rule?(rule = nil) ⇒ Boolean
• #initialize ⇒ IpFilter constructor

  A new instance of IpFilter.

• #resource_id ⇒ Object
• #retrieve_rules ⇒ Object
• #to_s ⇒ Object

Constructor Details

#initialize ⇒ IpFilter

Returns a new instance of IpFilter.

# File 'lib/inspec/resources/ipfilter.rb', line 14

def initialize
  # checks if the instance is either bsd or solaris
  return if (inspec.os.bsd? && !inspec.os.darwin?) || inspec.os.solaris?

  # ensures, all calls are aborted for non-supported os
  @ipfilter_cache = []
  skip_resource "The `ipfilter` resource is not supported on your OS yet."
end

Instance Method Details

#has_rule?(rule = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/ipfilter.rb', line 23

def has_rule?(rule = nil)
  # checks if the rule is part of the ruleset
  retrieve_rules.any? { |line| line.casecmp(rule) == 0 }
end

#resource_id ⇒ Object

# File 'lib/inspec/resources/ipfilter.rb', line 45

def resource_id
  "Ipfilter"
end

#retrieve_rules ⇒ Object

# File 'lib/inspec/resources/ipfilter.rb', line 28

def retrieve_rules
  # this would be true if the OS family was not bsd/solaris when checked in initliaze
  return @ipfilter_cache if defined?(@ipfilter_cache)

  # construct ipfstat command to read all rules
  bin = find_ipfstat_or_error
  ipfstat_cmd = "#{bin} -io"
  cmd = inspec.command(ipfstat_cmd)

  # Return empty array when command is not executed successfully
  # or there is no output since no rules are active
  return [] if cmd.exit_status.to_i != 0 || cmd.stdout == ""

  # split rules, returns array or rules
  @ipfilter_cache = cmd.stdout.split("\n").map(&:strip)
end

#to_s ⇒ Object

# File 'lib/inspec/resources/ipfilter.rb', line 49

def to_s
  "Ipfilter"
end