shutter 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +52 -9
- data/Rakefile +9 -0
- data/bin/shutter +1 -0
- data/lib/shutter/command_line.rb +23 -8
- data/lib/shutter/version.rb +1 -1
- data/shutter.gemspec +2 -0
- data/spec/content_spec.rb +9 -0
- data/spec/env_spec.rb +17 -0
- data/spec/spec_helper.rb +11 -0
- metadata +43 -5
data/README.md
CHANGED
@@ -1,24 +1,67 @@
|
|
1
1
|
# Shutter
|
2
2
|
|
3
|
-
|
3
|
+
Shutter is a tool that enables system administrators the ability to manage
|
4
|
+
iptables firewall settings through simple lists instead of complex iptables commands. Please note:
|
5
|
+
This application currently only works with Red Hat based distributions, as the need arrises more
|
6
|
+
distributions will be added.
|
4
7
|
|
5
8
|
## Installation
|
6
9
|
|
7
|
-
|
10
|
+
Instalation is through the gem package management program.
|
8
11
|
|
9
|
-
gem
|
12
|
+
$ gem install shutter
|
10
13
|
|
11
|
-
|
14
|
+
## Usage
|
12
15
|
|
13
|
-
|
16
|
+
#### Install the gem.
|
17
|
+
|
18
|
+
$ gem install shutter
|
14
19
|
|
15
|
-
|
20
|
+
#### Create the initial configuration files.
|
16
21
|
|
17
|
-
$
|
22
|
+
$ shutter --init
|
18
23
|
|
19
|
-
|
24
|
+
#### Modify the files to meet your required settings.
|
25
|
+
|
26
|
+
There are several files that you can modify:
|
27
|
+
* **base.ipt:** The one file to rule them all. Modifying this file is optional as
|
28
|
+
it is the template that is used to build the firewall. If you do modify the file,
|
29
|
+
just make sure you include the appropriate placeholder directives to allow
|
30
|
+
shutter to dynamically fill in the rules. It is possible to leave out any unwanted
|
31
|
+
placeholders. By default the files are will be found in the */etc/shutter.d* directory
|
32
|
+
* **iface.dmz:** Enter any private interfaces that will be unprotected by the firewall. One per line.
|
33
|
+
* **ip.allow:** A list of IP addresses and ranges that are allowed to access the 'private' ports
|
34
|
+
* **ip.deny:** A list of IP addresses and ranges that are denied access to both public and private ports.
|
35
|
+
* **ports.private:** A list of ports and protocols that are available to traffic that passes through the AllowIP chain
|
36
|
+
* **ports.public:** A list of ports and protocols that are available publically to everyone except the 'Bastards' listed in ip.deny
|
37
|
+
|
38
|
+
Shutter was designed to work with the Fail2ban access monitoring/management tool. It includes a
|
39
|
+
special chain called 'Jail' which is used to insert the jump rules that fail2ban uses to deny access 'on-the-fly'.
|
40
|
+
To work correctly, you configure fail2ban to use the Jail chain instead of INPUT.
|
41
|
+
|
42
|
+
#### To check your firewall you can run:
|
43
|
+
|
44
|
+
$ shutter --save
|
45
|
+
|
46
|
+
This command mimics the 'iptables-save' command which prints the rules out to the screen.
|
47
|
+
This does not modify the firewall settings.
|
48
|
+
|
49
|
+
#### To implement the changes, use:
|
50
|
+
|
51
|
+
$ shutter --restore
|
52
|
+
|
53
|
+
This command uses 'iptables-restore' under the hood to update the firewall. You can use the '--persist' option
|
54
|
+
to make the changes permanent and survive reboots.
|
55
|
+
|
56
|
+
#### Useful environment variables:
|
57
|
+
**SHUTTER_CONFIG:** Use this variable to set the location to the configuration files.
|
58
|
+
|
59
|
+
**SHUTTER_PERSIST_FILE:** Use this variable to set the location of the 'persist' file. i.e. /etc/sysconfig/iptables (default for Redhat)
|
60
|
+
|
61
|
+
**SHUTTER_MODE:** Sets the mode of operation. Currently only used for testing, but in the future it will include a development mode for increased log output for automated runs
|
62
|
+
|
63
|
+
More documentation to come...
|
20
64
|
|
21
|
-
TODO: Write usage instructions here
|
22
65
|
|
23
66
|
## Contributing
|
24
67
|
|
data/Rakefile
CHANGED
@@ -1,2 +1,11 @@
|
|
1
1
|
#!/usr/bin/env rake
|
2
|
+
require 'rspec/core/rake_task'
|
2
3
|
require "bundler/gem_tasks"
|
4
|
+
|
5
|
+
task :default => :spec
|
6
|
+
|
7
|
+
desc "Run all specs"
|
8
|
+
RSpec::Core::RakeTask.new(:spec) do |t|
|
9
|
+
t.rspec_opts = %w{--colour --format progress}
|
10
|
+
t.pattern = 'spec/*_spec.rb'
|
11
|
+
end
|
data/bin/shutter
CHANGED
data/lib/shutter/command_line.rb
CHANGED
@@ -5,20 +5,21 @@ require 'shutter/os'
|
|
5
5
|
module Shutter
|
6
6
|
class CommandLine
|
7
7
|
def initialize( path = "/etc/shutter.d")
|
8
|
-
# Currently only available to RedHat variants
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
8
|
+
# Currently only available to RedHat variants uless testing
|
9
|
+
unless ENV['SHUTTER_MODE'] == "testing"
|
10
|
+
@os = Shutter::OS.new
|
11
|
+
unless @os.redhat?
|
12
|
+
puts "Shutter is currently only compatible with RedHat and its variants."
|
13
|
+
puts "Help make it compatible with others (github.com/rlyon/shutter)"
|
14
|
+
exit
|
15
|
+
end
|
14
16
|
end
|
15
17
|
|
16
18
|
@config_path = path
|
17
|
-
@iptables = Shutter::IPTables::Base.new(@config_path)
|
18
|
-
|
19
19
|
end
|
20
20
|
|
21
21
|
def execute
|
22
|
+
@iptables = Shutter::IPTables::Base.new(@config_path)
|
22
23
|
options = {}
|
23
24
|
optparse = OptionParser.new do |opts|
|
24
25
|
opts.banner = "Usage: shutter [options]"
|
@@ -59,6 +60,7 @@ module Shutter
|
|
59
60
|
end
|
60
61
|
|
61
62
|
def init
|
63
|
+
create_config_dir
|
62
64
|
Shutter::CONFIG_FILES.each do |name|
|
63
65
|
file = "#{@config_path}/#{name}"
|
64
66
|
unless File.exists?(file)
|
@@ -71,6 +73,7 @@ module Shutter
|
|
71
73
|
end
|
72
74
|
|
73
75
|
def reinit
|
76
|
+
create_config_dir
|
74
77
|
Shutter::CONFIG_FILES.each do |name|
|
75
78
|
file = "#{@config_path}/#{name}"
|
76
79
|
File.open(file, 'w') do |f|
|
@@ -101,5 +104,17 @@ module Shutter
|
|
101
104
|
end
|
102
105
|
end
|
103
106
|
|
107
|
+
private
|
108
|
+
def create_config_dir
|
109
|
+
# Check to see if the path to the config files exist
|
110
|
+
unless File.directory?(@config_path)
|
111
|
+
begin
|
112
|
+
Dir.mkdir(@config_path)
|
113
|
+
rescue Errno::ENOENT
|
114
|
+
raise "Could not create the configuration directory. Check to see if the parent directory exists."
|
115
|
+
end
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
104
119
|
end
|
105
120
|
end
|
data/lib/shutter/version.rb
CHANGED
data/shutter.gemspec
CHANGED
data/spec/env_spec.rb
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/spec_helper'
|
2
|
+
|
3
|
+
describe "Environment Sanity Check" do
|
4
|
+
it "should have the SHUTTER_CONFIG variable set to ./tmp" do
|
5
|
+
ENV['SHUTTER_CONFIG'].should == "./tmp"
|
6
|
+
end
|
7
|
+
|
8
|
+
it "should have the SHUTTER_PERSIST_FILE variable set to ./tmp/iptables" do
|
9
|
+
ENV['SHUTTER_PERSIST_FILE'].should == "./tmp/iptables"
|
10
|
+
end
|
11
|
+
|
12
|
+
it "should be able to write to ./tmp" do
|
13
|
+
File.open("./tmp/test", "w") { |f| f.write("Foo") }
|
14
|
+
IO.read("./tmp/test").should == "Foo"
|
15
|
+
File.unlink("./tmp/test")
|
16
|
+
end
|
17
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: shutter
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,8 +9,40 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-06-
|
13
|
-
dependencies:
|
12
|
+
date: 2012-06-27 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: rspec
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: mocha
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ! '>='
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
14
46
|
description: Shutter helps maintain firewalls
|
15
47
|
email:
|
16
48
|
- nosignsoflifehere@gmail.com
|
@@ -37,6 +69,9 @@ files:
|
|
37
69
|
- lib/shutter/os.rb
|
38
70
|
- lib/shutter/version.rb
|
39
71
|
- shutter.gemspec
|
72
|
+
- spec/content_spec.rb
|
73
|
+
- spec/env_spec.rb
|
74
|
+
- spec/spec_helper.rb
|
40
75
|
homepage: ''
|
41
76
|
licenses: []
|
42
77
|
post_install_message:
|
@@ -57,8 +92,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
57
92
|
version: '0'
|
58
93
|
requirements: []
|
59
94
|
rubyforge_project:
|
60
|
-
rubygems_version: 1.8.
|
95
|
+
rubygems_version: 1.8.20
|
61
96
|
signing_key:
|
62
97
|
specification_version: 3
|
63
98
|
summary: Shutter helps maintain firewalls
|
64
|
-
test_files:
|
99
|
+
test_files:
|
100
|
+
- spec/content_spec.rb
|
101
|
+
- spec/env_spec.rb
|
102
|
+
- spec/spec_helper.rb
|