Class: Inspec::Resources::IpTables

Inherits:

Object

• Object
• Inspec::Resources::IpTables

Defined in:

lib/inspec/resources/iptables.rb

Instance Method Summary

• #has_rule?(rule = nil, _table = nil, _chain = nil) ⇒ Boolean
• #initialize(params = {}) ⇒ IpTables constructor

  A new instance of IpTables.

• #resource_id ⇒ Object
• #retrieve_rules ⇒ Object
• #to_s ⇒ Object

Constructor Details

#initialize(params = {}) ⇒ IpTables

Returns a new instance of IpTables.

# File 'lib/inspec/resources/iptables.rb', line 33

def initialize(params = {})
  @table = params[:table]
  @chain = params[:chain]
  @ignore_comments = params[:ignore_comments] || false

  # we're done if we are on linux
  return if inspec.os.linux?

  # ensures, all calls are aborted for non-supported os
  @iptables_cache = []
  skip_resource "The `iptables` resource is not supported on your OS yet."
end

Instance Method Details

#has_rule?(rule = nil, _table = nil, _chain = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/iptables.rb', line 46

def has_rule?(rule = nil, _table = nil, _chain = nil)
  # checks if the rule is part of the ruleset
  # for now, we expect an exact match
  retrieve_rules.any? { |line| line.casecmp(rule) == 0 }
end

#resource_id ⇒ Object

# File 'lib/inspec/resources/iptables.rb', line 72

def resource_id
  format("Iptables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
end

#retrieve_rules ⇒ Object

# File 'lib/inspec/resources/iptables.rb', line 52

def retrieve_rules
  return @iptables_cache if defined?(@iptables_cache)

  # construct iptables command to read all rules
  bin = find_iptables_or_error
  table_cmd = "-t #{@table}" if @table
  iptables_cmd = format("%s %s -S %s", bin, table_cmd, @chain).strip

  cmd = inspec.command(iptables_cmd)
  return [] if cmd.exit_status.to_i != 0

  if @ignore_comments
    # split rules, returns array or rules without any comment
    @iptables_cache = remove_comments_from_rules(cmd.stdout.split("\n"))
  else
    # split rules, returns array or rules
    @iptables_cache = cmd.stdout.split("\n").map(&:strip)
  end
end

#to_s ⇒ Object

# File 'lib/inspec/resources/iptables.rb', line 76

def to_s
  format("Iptables %s %s", @table && "table: #{@table}", @chain && "chain: #{@chain}").strip
end