RubyGems - shutter - Versions diffs - 0.0.7 → 0.1.0 - Mend

shutter 0.0.7 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

data/README.md +26 -56
data/bin/shutter +10 -4
data/lib/shutter.rb +3 -9
data/lib/shutter/command_line.rb +86 -104
data/lib/shutter/content.rb +49 -2
data/lib/shutter/files.rb +31 -0
data/lib/shutter/iptables.rb +215 -10
data/lib/shutter/os.rb +40 -1
data/lib/shutter/version.rb +1 -1
data/shutter.gemspec +4 -3
data/spec/command_line_spec.rb +75 -9
data/spec/content_spec.rb +2 -2
data/spec/files/base.ipt +160 -0
data/spec/files/iface.dmz +4 -0
data/spec/files/iface.forward +3 -0
data/spec/files/ip.allow +5 -0
data/spec/files/ip.deny +5 -0
data/spec/files/iptables_save.out +86 -0
data/spec/files/ports.private +2 -0
data/spec/files/ports.public +3 -0
data/spec/files_spec.rb +76 -0
data/spec/iptables_spec.rb +157 -0
data/spec/os_spec.rb +54 -0
data/spec/spec_helper.rb +10 -4
metadata +45 -14
data/lib/shutter/iptables/base.rb +0 -59
data/lib/shutter/iptables/eyepee.rb +0 -34
data/lib/shutter/iptables/forward.rb +0 -47
data/lib/shutter/iptables/iface.rb +0 -30
data/lib/shutter/iptables/jail.rb +0 -26
data/lib/shutter/iptables/port.rb +0 -35
data/spec/env_spec.rb +0 -17

data/spec/os_spec.rb ADDED Viewed

@@ -0,0 +1,54 @@
+require File.dirname(__FILE__) + '/spec_helper'
+describe "Shutter::OS" do
+  before(:each) do
+    @os = Shutter::OS.new
+  end
+  it "should have the correct data for redhat systems" do
+    @os.stubs(:version).returns("Red Hat")
+    @os.persist_file.should == "/etc/sysconfig/iptables"
+    @os.dist.should == "RedHat"
+    @os.redhat?.should == true
+    @os.centos?.should == true
+    @os.fedora?.should == true
+  end
+  it "should have the correct data for ubuntu systems" do
+    @os.stubs(:version).returns("Ubuntu")
+    @os.persist_file.should == "/etc/iptables/rules"
+    @os.dist.should == "Ubuntu"
+    @os.redhat?.should == false
+    @os.centos?.should == false
+    @os.fedora?.should == false
+  end
+  it "should have the correct data for debian systems" do
+    @os.stubs(:version).returns("Debian")
+    @os.persist_file.should == "/etc/iptables/rules"
+    @os.dist.should == "Debian"
+    @os.redhat?.should == false
+    @os.centos?.should == false
+    @os.fedora?.should == false
+  end
+  it "should have the correct data for debian systems" do
+    @os.stubs(:version).returns("Unknown")
+    @os.persist_file.should == "/tmp/iptables.rules"
+    @os.dist.should == "Unknown"
+    @os.redhat?.should == false
+    @os.centos?.should == false
+    @os.fedora?.should == false
+  end
+  it "should not validate any os except redhat" do
+    @os.stubs(:version).returns("Unknown")
+    expect { @os.validate! }.to raise_error
+    @os.stubs(:version).returns("Ubuntu")
+    expect { @os.validate! }.to_not raise_error
+    @os.stubs(:version).returns("Debian")
+    expect { @os.validate! }.to_not raise_error
+    @os.stubs(:version).returns("Red Hat")
+    expect { @os.validate! }.to_not raise_error
+  end
+end

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,11 +1,17 @@
+if ENV['COVERAGE'] == "true"
+  require 'simplecov'
+  FILTER_DIRS = ['spec']
+  SimpleCov.start do
+    FILTER_DIRS.each{ |f| add_filter f }
+  end
+end
 require 'rubygems'
 require 'bundler/setup'
+require 'mocha_standalone'
 require 'shutter'
 RSpec.configure do |config|
   config.mock_with :mocha
 end
-ENV['SHUTTER_CONFIG'] = "./tmp"
-ENV['SHUTTER_PERSIST_FILE'] = "./tmp/iptables"
-ENV['SHUTTER_MODE'] = "testing"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: shutter
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.1.0
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-08-25 00:00:00.000000000 Z
+date: 2012-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -43,12 +43,28 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: ! "Shutter is a tool that gives system administrators the ability \n
   \                        to manage iptables firewall settings through simple lists
-  instead \n                         of complex iptables rules. Please note: This
-  application currently \n                         only works with Red Hat based distributions,
-  as the need arrises \n                         more distributions will be added.\n
-  \                       "
+  instead \n                         of complex iptables rules. Please note:  This
+  application is currently \n                         only tested with Red Hat based
+  distributions.  Ubuntu and Debian should \n                         work but are
+  not supported..\n                        "
 email:
 - nosignsoflifehere@gmail.com
 executables:
@@ -66,19 +82,24 @@ files:
 - lib/shutter.rb
 - lib/shutter/command_line.rb
 - lib/shutter/content.rb
+- lib/shutter/files.rb
 - lib/shutter/iptables.rb
-- lib/shutter/iptables/base.rb
-- lib/shutter/iptables/eyepee.rb
-- lib/shutter/iptables/forward.rb
-- lib/shutter/iptables/iface.rb
-- lib/shutter/iptables/jail.rb
-- lib/shutter/iptables/port.rb
 - lib/shutter/os.rb
 - lib/shutter/version.rb
 - shutter.gemspec
 - spec/command_line_spec.rb
 - spec/content_spec.rb
-- spec/env_spec.rb
+- spec/files/base.ipt
+- spec/files/iface.dmz
+- spec/files/iface.forward
+- spec/files/ip.allow
+- spec/files/ip.deny
+- spec/files/iptables_save.out
+- spec/files/ports.private
+- spec/files/ports.public
+- spec/files_spec.rb
+- spec/iptables_spec.rb
+- spec/os_spec.rb
 - spec/spec_helper.rb
 homepage: ''
 licenses: []
@@ -107,5 +128,15 @@ summary: Shutter helps manage iptables firewalls
 test_files:
 - spec/command_line_spec.rb
 - spec/content_spec.rb
-- spec/env_spec.rb
+- spec/files/base.ipt
+- spec/files/iface.dmz
+- spec/files/iface.forward
+- spec/files/ip.allow
+- spec/files/ip.deny
+- spec/files/iptables_save.out
+- spec/files/ports.private
+- spec/files/ports.public
+- spec/files_spec.rb
+- spec/iptables_spec.rb
+- spec/os_spec.rb
 - spec/spec_helper.rb

data/lib/shutter/iptables/base.rb DELETED Viewed

@@ -1,59 +0,0 @@
-module Shutter
-  module IPTables
-    class Base
-      def initialize( path )
-        @path = path
-        file = File.open("#{path}/base.ipt", "r")
-        @content = file.read
-      end
-      def persist_file(os)
-        "/etc/sysconfig/iptables"
-      end
-      def to_s
-        @content
-      end
-      def generate
-        #generate_nat
-        generate_filter
-      end
-      def generate_filter
-        @dmz = Iface.new("#{@path}", :dmz).to_ipt
-        @content = @content.gsub(/#\ \[RULES:DMZ\]/, @dmz)
-        @forward = Forward.new("#{@path}")
-        @content = @content.gsub(/#\ \[RULES:FORWARD\]/, @forward.to_forward_ipt)
-        @content = @content.gsub(/#\ \[RULES:POSTROUTING\]/, @forward.to_masq_ipt)
-        @bastards = EyePee.new("#{@path}", :deny).to_ipt
-        @content = @content.gsub(/#\ \[RULES:BASTARDS\]/, @bastards)
-        @public = Port.new("#{@path}", :public).to_ipt
-        @content = @content.gsub(/#\ \[RULES:PUBLIC\]/, @public)
-        @allow = EyePee.new("#{@path}", :allow).to_ipt
-        @content = @content.gsub(/#\ \[RULES:ALLOWIP\]/, @allow)
-        @private = Port.new("#{@path}", :private).to_ipt
-        @content = @content.gsub(/#\ \[RULES:PRIVATE\]/, @private)
-        # Make sure we are restoring what fail2ban has added
-        @f2b_chains = Jail.new.fail2ban_chains
-        @content = @content.gsub(/#\ \[CHAIN:FAIL2BAN\]/, @f2b_chains)
-        @f2b_rules = Jail.new.fail2ban_rules
-        @content = @content.gsub(/#\ \[RULES:FAIL2BAN\]/, @f2b_rules)
-        @jail = Jail.new.jail_rules
-        @content = @content.gsub(/#\ \[RULES:JAIL\]/, @jail)
-        # Remove the rest of the comments and extra lines
-        @content = @content.gsub(/^#.*$/, "")
-        @content = @content.gsub(/^$\n/, "")
-      end
-    end
-  end
-end

data/lib/shutter/iptables/eyepee.rb DELETED Viewed

@@ -1,34 +0,0 @@
-module Shutter
-  module IPTables
-    class EyePee
-      def initialize( path, state )
-        @state = state
-        file = File.open("#{path}/ip.#{state.to_s}", "r")
-        @content = file.read
-      end
-      def to_s
-        @content
-      end
-      def to_ipt
-        @rules = ""
-        @content.each_line do |ip|
-          ip_clean = ip.strip
-          if ip_clean =~ /^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}(\/[0-9]{0,2})*$/
-            @rules += send(:"#{@state.to_s}_ipt", ip_clean)
-          end
-        end
-        @rules
-      end
-      def allow_ipt(ip)
-        "-A AllowIP -m state --state NEW -s #{ip} -j Allowed\n"
-      end
-      def deny_ipt(ip)
-        "-A Bastards -s #{ip} -j DropBastards\n"
-      end
-    end
-  end
-end

data/lib/shutter/iptables/forward.rb DELETED Viewed

@@ -1,47 +0,0 @@
-module Shutter
-  module IPTables
-    class Forward
-      def initialize( path )
-        file = File.open("#{path}/iface.forward", "r")
-        @content = file.read
-        @forward = ""
-        @masq = ""
-        @masq_ifaces = []
-        @content.each_line do |line|
-          line = line.strip
-          if line =~ /^[a-z].+$/
-            src, dst = line.split(' ')
-            @forward += forward_ipt(src,dst)
-            @masq_ifaces << dst unless @masq_ifaces.include?(dst)
-          end
-        end
-        @masq_ifaces.each do |iface|
-          @masq += masq_ipt(iface)
-        end
-      end
-      def to_s
-        @content
-      end
-      def to_forward_ipt
-        @forward
-      end
-      def to_masq_ipt
-        @masq
-      end
-      def forward_ipt( src, dst )
-        rule = "-A FORWARD -i #{src} -o #{dst} -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT\n"
-        rule += "-A FORWARD -i #{dst} -o #{src} -m state --state RELATED,ESTABLISHED -j ACCEPT\n"
-        rule
-      end
-      def masq_ipt( iface )
-        "-A POSTROUTING -o #{iface} -j MASQUERADE\n"
-      end
-    end
-  end
-end

data/lib/shutter/iptables/iface.rb DELETED Viewed

@@ -1,30 +0,0 @@
-module Shutter
-  module IPTables
-    class Iface
-      def initialize( path, type )
-        @type = type
-        file = File.open("#{path}/iface.#{type.to_s}", "r")
-        @content = file.read
-      end
-      def to_s
-        @content
-      end
-      def to_ipt
-        @rules = ""
-        @content.each_line do |line|
-          line = line.strip
-          if line =~ /^[a-z].+$/
-            @rules += send(:"#{@type.to_s}_ipt", line)
-          end
-        end
-        @rules
-      end
-      def dmz_ipt( iface )
-        "-A Dmz -i #{iface} -j ACCEPT\n"
-      end
-    end
-  end
-end

data/lib/shutter/iptables/jail.rb DELETED Viewed

@@ -1,26 +0,0 @@
-module Shutter
-  module IPTables
-    class Jail
-      def initialize( iptables = "/sbin/iptables")
-        @iptables =  iptables
-      end
-      def fail2ban_chains
-        `/sbin/iptables-save | grep "^:fail2ban"`
-      end
-      def fail2ban_rules
-        `/sbin/iptables-save | grep "^-A fail2ban"`
-      end
-      def jail_rules
-        jail = `/sbin/iptables-save | grep "^-A Jail"`
-        lines = jail.split('\n')
-        unless lines.last =~ /-A Jail -j RETURN/
-          jail += "-A Jail -j RETURN\n"
-        end
-        jail
-      end
-    end
-  end
-end

data/lib/shutter/iptables/port.rb DELETED Viewed

@@ -1,35 +0,0 @@
-module Shutter
-  module IPTables
-    class Port
-      def initialize( path, type )
-        @type = type
-        file = File.open("#{path}/ports.#{type.to_s}", "r")
-        @content = file.read
-      end
-      def to_s
-        @content
-      end
-      def to_ipt
-        @rules = ""
-        @content.each_line do |line|
-          line = line.strip
-          if line =~ /^[1-9].+$/
-            port,proto = line.split
-            @rules += send(:"#{@type.to_s}_ipt", port, proto)
-          end
-        end
-        @rules
-      end
-      def private_ipt( port, proto )
-        "-A Private -m state --state NEW -p #{proto} -m #{proto} --dport #{port} -j RETURN\n"
-      end
-      def public_ipt( port, proto )
-        "-A Public -m state --state NEW -p #{proto} -m #{proto} --dport #{port} -j ACCEPT\n"
-      end
-    end
-  end
-end

data/spec/env_spec.rb DELETED Viewed

@@ -1,17 +0,0 @@
-require File.dirname(__FILE__) + '/spec_helper'
-describe "Environment Sanity Check" do
-  it "should have the SHUTTER_CONFIG variable set to ./tmp" do
-    ENV['SHUTTER_CONFIG'].should == "./tmp"
-  end
-  it "should have the SHUTTER_PERSIST_FILE variable set to ./tmp/iptables" do
-    ENV['SHUTTER_PERSIST_FILE'].should == "./tmp/iptables"
-  end
-  it "should be able to write to ./tmp" do
-    File.open("./tmp/test", "w") { |f| f.write("Foo") }
-    IO.read("./tmp/test").should == "Foo"
-    File.unlink("./tmp/test")
-  end
-end