shutter 0.0.1 → 0.0.2

data/lib/shutter.rb

@@ -3,5 +3,12 @@ require "shutter/content"
 require "shutter/command_line"
 
 module Shutter
-  # Your code goes here...
+  CONFIG_FILES = %w[
+        base.ipt
+        iface.dmz
+        ip.allow
+        ip.deny
+        ports.private
+        ports.public
+  ]
 end

data/lib/shutter/command_line.rb

@@ -1,71 +1,105 @@
 require 'optparse'
 require 'shutter/iptables'
+require 'shutter/os'
 
 module Shutter
-	class CommandLine
-		def initialize( path = "/etc/shutter.d")
-			@config_path = path
-			# Make sure that we have the proper files
-			files = %w[
-				base.ipt
-				iface.dmz
-				ip.allow
-				ip.deny
-				ports.private
-				ports.public
-			]
-			files.each do |name|
-				file = "#{@config_path}/#{name}"
-				unless File.exists?(file)
-					# puts "Creating: #{file}"
-					File.open(file, 'w') do |f| 
-						f.write(Shutter.const_get(name.upcase.gsub(/\./, "_")))
-					end
-				end
-			end
-		end
+  class CommandLine
+    def initialize( path = "/etc/shutter.d")
+      # Currently only available to RedHat variants
+      @os = Shutter::OS.new
+      unless @os.redhat?
+        puts "Shutter is currently only compatible with RedHat and its variants."
+        puts "Help make it compatible with others (github.com/rlyon/shutter)"
+        exit
+      end
 
-		def execute
-			options = {}
-			optparse = OptionParser.new do |opts|
-				opts.banner = "Usage: shutter [options]"
-				options[:command] = :save
-				opts.on( '-s', '--save', 'Output the firewall to stdout.') do
-					options[:command] = :save
-				end
-				opts.on( '-r', '--restore', 'Load the firewall through iptables-restore.') do
-					options[:command] = :restore
-				end
-				options[:debug] = false
-				opts.on( '-d', '--debug', 'Be a bit more chatty') do
-					options[:debug] = true
-				end
-				opts.on_tail( '-h', '--help', 'Display this screen' ) do
-					puts opts
-					exit
-				end
-				opts.on_tail( '--version', "Show the version") do
-					puts Shutter::VERSION
-					exit
-				end
-			end
-			optparse.parse!
-			puts "* Using config path: #{@config_path}" if options[:debug]
-			puts "* Running command: #{options[:command].to_s}" if options[:debug]
-			send(options[:command])
-		end
+      @config_path = path
+      @iptables = Shutter::IPTables::Base.new(@config_path)
+      
+    end
 
-		def save
-			@ipt = Shutter::IPTables::Base.new(@config_path).generate
-			puts @ipt
-		end
+    def execute
+      options = {}
+      optparse = OptionParser.new do |opts|
+        opts.banner = "Usage: shutter [options]"
+        options[:command] = :save
+        opts.on( '--init', 'Create the initial configuration files' ) do
+          options[:command] = :init
+        end
+        opts.on( '--reinit', 'Rereate the initial configuration files' ) do
+          options[:command] = :reinit
+        end
+        opts.on( '-s', '--save', 'Output the firewall to stdout. (DEFAULT)') do
+          options[:command] = :save
+        end
+        opts.on( '-r', '--restore', 'Load the firewall through iptables-restore.') do
+          options[:command] = :restore
+        end
+        @persist = false
+        opts.on( '-p', '--persist', 'Make the changes persistant. (with --restore)') do
+          @persist = true
+        end
+        options[:debug] = false
+        opts.on( '-d', '--debug', 'Be a bit more chatty') do
+          options[:debug] = true
+        end
+        opts.on_tail( '-h', '--help', 'Display this screen' ) do
+          puts opts
+          exit
+        end
+        opts.on_tail( '--version', "Show the version") do
+          puts Shutter::VERSION
+          exit
+        end
+      end
+      optparse.parse!
+      puts "* Using config path: #{@config_path}" if @debug
+      puts "* Running command: #{options[:command].to_s}" if @debug
+      send(options[:command])
+    end
 
-		def restore
-			@ipt = Shutter::IPTables::Base.new(@config_path).generate
-			IO.popen("#{Shutter::IPTables::IPTABLES_RESTORE}", "r+") do |iptr|
-				iptr.puts @ipt ; iptr.close_write
-			end
-		end
+    def init
+      Shutter::CONFIG_FILES.each do |name|
+        file = "#{@config_path}/#{name}"
+        unless File.exists?(file)
+          # puts "Creating: #{file}"
+          File.open(file, 'w') do |f| 
+            f.write(Shutter.const_get(name.upcase.gsub(/\./, "_")))
+          end
+        end
+      end
+    end
 
-	end
+    def reinit
+      Shutter::CONFIG_FILES.each do |name|
+        file = "#{@config_path}/#{name}"
+        File.open(file, 'w') do |f| 
+          f.write(Shutter.const_get(name.upcase.gsub(/\./, "_")))
+        end
+      end
+    end
+
+    def save
+      init
+      @ipt = @iptables.generate
+      puts @ipt
+    end
+
+    def restore
+      init
+      @ipt = @iptables.generate
+      IO.popen("#{Shutter::IPTables::IPTABLES_RESTORE}", "r+") do |iptr|
+        iptr.puts @ipt ; iptr.close_write
+      end
+      persist if @persist
+    end
+
+    def persist
+      pfile = ENV['SHUTTER_PERSIST_FILE'] ? ENV['SHUTTER_PERSIST_FILE'] : @iptables.persist_file(@os)
+      File.open(pfile, "w") do |f|
+        f.write(@ipt)
+      end
+    end
+
+  end
 end

data/lib/shutter/content.rb

@@ -167,12 +167,12 @@ IP_DENY = %q{# Generated by Shutter
 
 PORTS_PUBLIC = %q{
 # proto port
-# 80 	tcp
-# 443 	tcp
+# 80  tcp
+# 443   tcp
 }
 
 PORTS_PRIVATE = %q{
 # proto port
-22 		tcp
+22    tcp
 }
 end

data/lib/shutter/iptables.rb

@@ -3,9 +3,10 @@ require 'shutter/iptables/eyepee'
 require 'shutter/iptables/iface'
 require 'shutter/iptables/jail'
 require 'shutter/iptables/port'
+require 'shutter/os'
 
 module Shutter
-	module IPTables
-		IPTABLES_RESTORE="/sbin/iptables-restore"
-	end
+  module IPTables
+    IPTABLES_RESTORE="/sbin/iptables-restore"
+  end
 end

data/lib/shutter/iptables/base.rb

@@ -1,45 +1,49 @@
 module Shutter
-	module IPTables
-		class Base
-			def initialize( path )
-				@path = path
-				file = File.open("#{path}/base.ipt", "r")
-				@content = file.read
-			end
+  module IPTables
+    class Base
+      def initialize( path )
+        @path = path
+        file = File.open("#{path}/base.ipt", "r")
+        @content = file.read
+      end
 
-			def to_s
-				@content
-			end
+      def persist_file(os)
+        "/etc/sysconfig/iptables"
+      end
 
-			def generate
-				#generate_nat
-				generate_filter
-			end
+      def to_s
+        @content
+      end
 
-			def generate_filter
-				@dmz = Iface.new("#{@path}", :dmz).to_ipt
-				@content = @content.gsub(/#\ \[RULES:DMZ\]/, @dmz)
-				@bastards = EyePee.new("#{@path}", :deny).to_ipt
-				@content = @content.gsub(/#\ \[RULES:BASTARDS\]/, @bastards)
-				@public = Port.new("#{@path}", :public).to_ipt
-				@content = @content.gsub(/#\ \[RULES:PUBLIC\]/, @public)
-				@allow = EyePee.new("#{@path}", :allow).to_ipt
-				@content = @content.gsub(/#\ \[RULES:ALLOWIP\]/, @allow)
-				@private = Port.new("#{@path}", :private).to_ipt
-				@content = @content.gsub(/#\ \[RULES:PRIVATE\]/, @private)
+      def generate
+        #generate_nat
+        generate_filter
+      end
 
-				# Make sure we are restoring what fail2ban has added
-				@f2b_chains = Jail.new.fail2ban_chains
-				@content = @content.gsub(/#\ \[CHAIN:FAIL2BAN\]/, @f2b_chains)
-				@f2b_rules = Jail.new.fail2ban_rules
-				@content = @content.gsub(/#\ \[RULES:FAIL2BAN\]/, @f2b_rules)
-				@jail = Jail.new.jail_rules
-				@content = @content.gsub(/#\ \[RULES:JAIL\]/, @jail)
+      def generate_filter
+        @dmz = Iface.new("#{@path}", :dmz).to_ipt
+        @content = @content.gsub(/#\ \[RULES:DMZ\]/, @dmz)
+        @bastards = EyePee.new("#{@path}", :deny).to_ipt
+        @content = @content.gsub(/#\ \[RULES:BASTARDS\]/, @bastards)
+        @public = Port.new("#{@path}", :public).to_ipt
+        @content = @content.gsub(/#\ \[RULES:PUBLIC\]/, @public)
+        @allow = EyePee.new("#{@path}", :allow).to_ipt
+        @content = @content.gsub(/#\ \[RULES:ALLOWIP\]/, @allow)
+        @private = Port.new("#{@path}", :private).to_ipt
+        @content = @content.gsub(/#\ \[RULES:PRIVATE\]/, @private)
 
-				# Remove the rest of the comments and extra lines
-				@content = @content.gsub(/^#.*$/, "")
-				@content = @content.gsub(/^$\n/, "")				
-			end
-		end
-	end
+        # Make sure we are restoring what fail2ban has added
+        @f2b_chains = Jail.new.fail2ban_chains
+        @content = @content.gsub(/#\ \[CHAIN:FAIL2BAN\]/, @f2b_chains)
+        @f2b_rules = Jail.new.fail2ban_rules
+        @content = @content.gsub(/#\ \[RULES:FAIL2BAN\]/, @f2b_rules)
+        @jail = Jail.new.jail_rules
+        @content = @content.gsub(/#\ \[RULES:JAIL\]/, @jail)
+
+        # Remove the rest of the comments and extra lines
+        @content = @content.gsub(/^#.*$/, "")
+        @content = @content.gsub(/^$\n/, "")        
+      end
+    end
+  end
 end

data/lib/shutter/iptables/eyepee.rb

@@ -1,34 +1,34 @@
 module Shutter
-	module IPTables
-		class EyePee
-			def initialize( path, state )
-				@state = state
-				file = File.open("#{path}/ip.#{state.to_s}", "r")
-				@content = file.read
-			end
+  module IPTables
+    class EyePee
+      def initialize( path, state )
+        @state = state
+        file = File.open("#{path}/ip.#{state.to_s}", "r")
+        @content = file.read
+      end
 
-			def to_s
-				@content
-			end
+      def to_s
+        @content
+      end
 
-			def to_ipt
-				@rules = ""
-				@content.each_line do |ip|
-					ip_clean = ip.strip
-					if ip_clean =~ /^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}(\/[0-9]{0,2})*$/
-						@rules += send(:"#{@state.to_s}_ipt", ip_clean)
-					end
-				end
-				@rules
-			end
+      def to_ipt
+        @rules = ""
+        @content.each_line do |ip|
+          ip_clean = ip.strip
+          if ip_clean =~ /^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}(\/[0-9]{0,2})*$/
+            @rules += send(:"#{@state.to_s}_ipt", ip_clean)
+          end
+        end
+        @rules
+      end
 
-			def allow_ipt(ip)
-				"-A AllowIP -m state --state NEW -s #{ip} -j Allowed\n"
-			end
+      def allow_ipt(ip)
+        "-A AllowIP -m state --state NEW -s #{ip} -j Allowed\n"
+      end
 
-			def deny_ipt(ip)
-				"-A Bastards -s #{ip} -j DropBastards\n"
-			end
-		end
-	end
+      def deny_ipt(ip)
+        "-A Bastards -s #{ip} -j DropBastards\n"
+      end
+    end
+  end
 end

data/lib/shutter/iptables/iface.rb

@@ -1,30 +1,30 @@
 module Shutter
-	module IPTables
-		class Iface
-			def initialize( path, type )
-				@type = type
-				file = File.open("#{path}/iface.#{type.to_s}", "r")
-				@content = file.read
-			end
+  module IPTables
+    class Iface
+      def initialize( path, type )
+        @type = type
+        file = File.open("#{path}/iface.#{type.to_s}", "r")
+        @content = file.read
+      end
 
-			def to_s
-				@content
-			end
+      def to_s
+        @content
+      end
 
-			def to_ipt
-				@rules = ""
-				@content.each_line do |line|
-					line = line.strip
-					if line =~ /^[a-z].+$/
-						@rules += send(:"#{@type.to_s}_ipt", line)
-					end
-				end
-				@rules
-			end
+      def to_ipt
+        @rules = ""
+        @content.each_line do |line|
+          line = line.strip
+          if line =~ /^[a-z].+$/
+            @rules += send(:"#{@type.to_s}_ipt", line)
+          end
+        end
+        @rules
+      end
 
-			def dmz_ipt( iface )
-				"-A Dmz -i #{iface} -j ACCEPT\n"
-			end
-		end
-	end
+      def dmz_ipt( iface )
+        "-A Dmz -i #{iface} -j ACCEPT\n"
+      end
+    end
+  end
 end

data/lib/shutter/iptables/jail.rb

@@ -1,26 +1,26 @@
 module Shutter
-	module IPTables
-		class Jail
-			def initialize( iptables = "/sbin/iptables")
-				@iptables =  iptables
-			end
+  module IPTables
+    class Jail
+      def initialize( iptables = "/sbin/iptables")
+        @iptables =  iptables
+      end
 
-			def fail2ban_chains
-				`/sbin/iptables-save | grep "^:fail2ban"`
-			end
+      def fail2ban_chains
+        `/sbin/iptables-save | grep "^:fail2ban"`
+      end
 
-			def fail2ban_rules
-				`/sbin/iptables-save | grep "^-A fail2ban"`
-			end
+      def fail2ban_rules
+        `/sbin/iptables-save | grep "^-A fail2ban"`
+      end
 
-			def jail_rules
-				jail = `/sbin/iptables-save | grep "^-A Jail"`
-				lines = jail.split('\n')
-				unless lines != [] && lines[-1] == "-A Jail -j RETURN\n"
-					jail += "-A Jail -j RETURN\n"
-				end
-				jail
-			end
-		end
-	end
+      def jail_rules
+        jail = `/sbin/iptables-save | grep "^-A Jail"`
+        lines = jail.split('\n')
+        unless lines != [] && lines[-1] == "-A Jail -j RETURN\n"
+          jail += "-A Jail -j RETURN\n"
+        end
+        jail
+      end
+    end
+  end
 end

data/lib/shutter/iptables/port.rb

@@ -1,35 +1,35 @@
 module Shutter
-	module IPTables
-		class Port
-			def initialize( path, type )
-				@type = type
-				file = File.open("#{path}/ports.#{type.to_s}", "r")
-				@content = file.read
-			end
+  module IPTables
+    class Port
+      def initialize( path, type )
+        @type = type
+        file = File.open("#{path}/ports.#{type.to_s}", "r")
+        @content = file.read
+      end
 
-			def to_s
-				@content
-			end
+      def to_s
+        @content
+      end
 
-			def to_ipt
-				@rules = ""
-				@content.each_line do |line|
-					line = line.strip
-					if line =~ /^[1-9].+$/
-						port,proto = line.split
-						@rules += send(:"#{@type.to_s}_ipt", port, proto)
-					end
-				end
-				@rules
-			end
+      def to_ipt
+        @rules = ""
+        @content.each_line do |line|
+          line = line.strip
+          if line =~ /^[1-9].+$/
+            port,proto = line.split
+            @rules += send(:"#{@type.to_s}_ipt", port, proto)
+          end
+        end
+        @rules
+      end
 
-			def private_ipt( port, proto )
-				"-A Private -m state --state NEW -p #{proto} -m #{proto} --dport #{port} -j RETURN\n"
-			end
+      def private_ipt( port, proto )
+        "-A Private -m state --state NEW -p #{proto} -m #{proto} --dport #{port} -j RETURN\n"
+      end
 
-			def public_ipt( port, proto )
-				"-A Public -m state --state NEW -p #{proto} -m #{proto} --dport #{port} -j ACCEPT\n"
-			end
-		end
-	end
+      def public_ipt( port, proto )
+        "-A Public -m state --state NEW -p #{proto} -m #{proto} --dport #{port} -j ACCEPT\n"
+      end
+    end
+  end
 end

data/lib/shutter/os.rb

@@ -0,0 +1,41 @@
+module Shutter
+  class OS
+    def initialize
+      unless File.exist?('/proc/version')
+        @version = "Unknown"
+      end
+    end
+
+    def family
+      @family ||= ENV['OS'] ? ENV['OS'] : RUBY_PLATFORM.split('-').last
+    end
+
+    def version
+      @version ||= IO.read('/proc/version')
+    end
+
+    def linux?
+      return family == "linux"
+    end
+
+    def dist
+      case version
+      when /Red Hat/
+        "RedHat"
+      when /Debian/
+        "Debian"
+      when /Ubuntu/
+        "Ubuntu"
+      else
+        "Unknown"
+      end
+    end
+
+    def redhat?
+      dist == "RedHat"
+    end
+
+    alias :centos? :redhat? 
+    alias :fedora? :redhat?
+  end
+end

data/lib/shutter/version.rb

@@ -1,3 +1,3 @@
 module Shutter
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: shutter
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -34,6 +34,7 @@ files:
 - lib/shutter/iptables/iface.rb
 - lib/shutter/iptables/jail.rb
 - lib/shutter/iptables/port.rb
+- lib/shutter/os.rb
 - lib/shutter/version.rb
 - shutter.gemspec
 homepage: ''