Class: Inspec::Resources::FirewallD
- Inherits:
-
Object
- Object
- Inspec::Resources::FirewallD
- Defined in:
- lib/resources/firewalld.rb
Instance Attribute Summary collapse
-
#params ⇒ Object
readonly
Returns the value of attribute params.
Instance Method Summary collapse
- #default_zone ⇒ Object
- #has_port_enabled_in_zone?(query_port, query_zone = default_zone) ⇒ Boolean
- #has_rule_enabled?(rule, query_zone = default_zone) ⇒ Boolean
- #has_service_enabled_in_zone?(query_service, query_zone = default_zone) ⇒ Boolean
- #has_zone?(query_zone) ⇒ Boolean
-
#initialize ⇒ FirewallD
constructor
A new instance of FirewallD.
- #installed? ⇒ Boolean
- #running? ⇒ Boolean
- #service_ports_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object
- #service_protocols_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object
Constructor Details
#initialize ⇒ FirewallD
Returns a new instance of FirewallD.
40 41 42 43 |
# File 'lib/resources/firewalld.rb', line 40 def initialize return skip_resource 'The `firewalld` resource is not supported on your OS.' unless inspec.os.linux? @params = parse_active_zones(active_zones) end |
Instance Attribute Details
#params ⇒ Object (readonly)
Returns the value of attribute params.
28 29 30 |
# File 'lib/resources/firewalld.rb', line 28 def params @params end |
Instance Method Details
#default_zone ⇒ Object
61 62 63 64 65 |
# File 'lib/resources/firewalld.rb', line 61 def default_zone # return: word associated with the name of the default zone # example: 'public' firewalld_command('--get-default-zone') end |
#has_port_enabled_in_zone?(query_port, query_zone = default_zone) ⇒ Boolean
83 84 85 |
# File 'lib/resources/firewalld.rb', line 83 def has_port_enabled_in_zone?(query_port, query_zone = default_zone) firewalld_command("--zone=#{query_zone} --query-port=#{query_port}") == 'yes' end |
#has_rule_enabled?(rule, query_zone = default_zone) ⇒ Boolean
87 88 89 90 |
# File 'lib/resources/firewalld.rb', line 87 def has_rule_enabled?(rule, query_zone = default_zone) rule = "rule #{rule}" unless rule.start_with?('rule') firewalld_command("--zone=#{query_zone} --query-rich-rule='#{rule}'") == 'yes' end |
#has_service_enabled_in_zone?(query_service, query_zone = default_zone) ⇒ Boolean
67 68 69 |
# File 'lib/resources/firewalld.rb', line 67 def has_service_enabled_in_zone?(query_service, query_zone = default_zone) firewalld_command("--zone=#{query_zone} --query-service=#{query_service}") == 'yes' end |
#has_zone?(query_zone) ⇒ Boolean
49 50 51 52 53 |
# File 'lib/resources/firewalld.rb', line 49 def has_zone?(query_zone) return false unless installed? result = firewalld_command('--get-zones').split(' ') result.include?(query_zone) end |
#installed? ⇒ Boolean
45 46 47 |
# File 'lib/resources/firewalld.rb', line 45 def installed? inspec.command('firewall-cmd').exist? end |
#running? ⇒ Boolean
55 56 57 58 59 |
# File 'lib/resources/firewalld.rb', line 55 def running? return false unless installed? result = firewalld_command('--state') result =~ /^running/ ? true : false end |
#service_ports_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object
71 72 73 74 75 |
# File 'lib/resources/firewalld.rb', line 71 def service_ports_enabled_in_zone(query_service, query_zone = default_zone) # return: String of ports open # example: ['22/tcp', '4722/tcp'] firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-ports --permanent").split(' ') end |
#service_protocols_enabled_in_zone(query_service, query_zone = default_zone) ⇒ Object
77 78 79 80 81 |
# File 'lib/resources/firewalld.rb', line 77 def service_protocols_enabled_in_zone(query_service, query_zone = default_zone) # return: String of protocoals open # example: ['icmp', 'ipv4', 'igmp'] firewalld_command("--zone=#{query_zone} --service=#{query_service} --get-protocols --permanent").split(' ') end |