Class: Inspec::Resources::FirewallD

Inherits:

Object

• Object
• Inspec::Resources::FirewallD

Defined in:

lib/resources/firewalld.rb

Instance Attribute Summary

• #params ⇒ Object readonly

  Returns the value of attribute params.

Instance Method Summary

• #default_zone ⇒ Object
• #has_port_enabled_in_zone?(query_port, query_zone = default_zone) ⇒ Boolean
• #has_rule_enabled?(rule, query_zone = default_zone) ⇒ Boolean
• #has_service_enabled_in_zone?(query_service, query_zone = default_zone) ⇒ Boolean
• #has_zone?(query_zone) ⇒ Boolean
• #initialize ⇒ FirewallD constructor

  A new instance of FirewallD.

• #installed? ⇒ Boolean
• #running? ⇒ Boolean
• #service_ports_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object
• #service_protocols_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object

Constructor Details

#initialize ⇒ FirewallD

Returns a new instance of FirewallD.

# File 'lib/resources/firewalld.rb', line 40

def initialize
  return skip_resource 'The `firewalld` resource is not supported on your OS.' unless inspec.os.linux?
  @params = parse_active_zones(active_zones)
end

Instance Attribute Details

#params ⇒ Object (readonly)

Returns the value of attribute params.

# File 'lib/resources/firewalld.rb', line 28

def params
  @params
end

Instance Method Details

#default_zone ⇒ Object

# File 'lib/resources/firewalld.rb', line 61

def default_zone
  # return: word associated with the name of the default zone
  # example: 'public'
  firewalld_command('--get-default-zone')
end

#has_port_enabled_in_zone?(query_port, query_zone = default_zone) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/firewalld.rb', line 83

def has_port_enabled_in_zone?(query_port, query_zone = default_zone)
  firewalld_command("--zone=#{query_zone} --query-port=#{query_port}") == 'yes'
end

#has_rule_enabled?(rule, query_zone = default_zone) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/firewalld.rb', line 87

def has_rule_enabled?(rule, query_zone = default_zone)
  rule = "rule #{rule}" unless rule.start_with?('rule')
  firewalld_command("--zone=#{query_zone} --query-rich-rule='#{rule}'") == 'yes'
end

#has_service_enabled_in_zone?(query_service, query_zone = default_zone) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/firewalld.rb', line 67

def has_service_enabled_in_zone?(query_service, query_zone = default_zone)
  firewalld_command("--zone=#{query_zone} --query-service=#{query_service}") == 'yes'
end

#has_zone?(query_zone) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/firewalld.rb', line 49

def has_zone?(query_zone)
  return false unless installed?
  result = firewalld_command('--get-zones').split(' ')
  result.include?(query_zone)
end

#installed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/firewalld.rb', line 45

def installed?
  inspec.command('firewall-cmd').exist?
end

#running? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/firewalld.rb', line 55

def running?
  return false unless installed?
  result = firewalld_command('--state')
  result =~ /^running/ ? true : false
end

#service_ports_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object

# File 'lib/resources/firewalld.rb', line 71

def service_ports_enabled_in_zone(query_service, query_zone = default_zone)
  # return: String of ports open
  # example: ['22/tcp', '4722/tcp']
  firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-ports --permanent").split(' ')
end

#service_protocols_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object

# File 'lib/resources/firewalld.rb', line 77

def service_protocols_enabled_in_zone(query_service, query_zone = default_zone)
  # return: String of protocoals open
  # example: ['icmp', 'ipv4', 'igmp']
  firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-protocols --permanent").split(' ')
end