shutter 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +52 -9
- data/Rakefile +9 -0
- data/bin/shutter +1 -0
- data/lib/shutter/command_line.rb +23 -8
- data/lib/shutter/version.rb +1 -1
- data/shutter.gemspec +2 -0
- data/spec/content_spec.rb +9 -0
- data/spec/env_spec.rb +17 -0
- data/spec/spec_helper.rb +11 -0
- metadata +43 -5
data/README.md
CHANGED
|
@@ -1,24 +1,67 @@
|
|
|
1
1
|
# Shutter
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Shutter is a tool that enables system administrators the ability to manage
|
|
4
|
+
iptables firewall settings through simple lists instead of complex iptables commands. Please note:
|
|
5
|
+
This application currently only works with Red Hat based distributions, as the need arrises more
|
|
6
|
+
distributions will be added.
|
|
4
7
|
|
|
5
8
|
## Installation
|
|
6
9
|
|
|
7
|
-
|
|
10
|
+
Instalation is through the gem package management program.
|
|
8
11
|
|
|
9
|
-
gem
|
|
12
|
+
$ gem install shutter
|
|
10
13
|
|
|
11
|
-
|
|
14
|
+
## Usage
|
|
12
15
|
|
|
13
|
-
|
|
16
|
+
#### Install the gem.
|
|
17
|
+
|
|
18
|
+
$ gem install shutter
|
|
14
19
|
|
|
15
|
-
|
|
20
|
+
#### Create the initial configuration files.
|
|
16
21
|
|
|
17
|
-
$
|
|
22
|
+
$ shutter --init
|
|
18
23
|
|
|
19
|
-
|
|
24
|
+
#### Modify the files to meet your required settings.
|
|
25
|
+
|
|
26
|
+
There are several files that you can modify:
|
|
27
|
+
* **base.ipt:** The one file to rule them all. Modifying this file is optional as
|
|
28
|
+
it is the template that is used to build the firewall. If you do modify the file,
|
|
29
|
+
just make sure you include the appropriate placeholder directives to allow
|
|
30
|
+
shutter to dynamically fill in the rules. It is possible to leave out any unwanted
|
|
31
|
+
placeholders. By default the files are will be found in the */etc/shutter.d* directory
|
|
32
|
+
* **iface.dmz:** Enter any private interfaces that will be unprotected by the firewall. One per line.
|
|
33
|
+
* **ip.allow:** A list of IP addresses and ranges that are allowed to access the 'private' ports
|
|
34
|
+
* **ip.deny:** A list of IP addresses and ranges that are denied access to both public and private ports.
|
|
35
|
+
* **ports.private:** A list of ports and protocols that are available to traffic that passes through the AllowIP chain
|
|
36
|
+
* **ports.public:** A list of ports and protocols that are available publically to everyone except the 'Bastards' listed in ip.deny
|
|
37
|
+
|
|
38
|
+
Shutter was designed to work with the Fail2ban access monitoring/management tool. It includes a
|
|
39
|
+
special chain called 'Jail' which is used to insert the jump rules that fail2ban uses to deny access 'on-the-fly'.
|
|
40
|
+
To work correctly, you configure fail2ban to use the Jail chain instead of INPUT.
|
|
41
|
+
|
|
42
|
+
#### To check your firewall you can run:
|
|
43
|
+
|
|
44
|
+
$ shutter --save
|
|
45
|
+
|
|
46
|
+
This command mimics the 'iptables-save' command which prints the rules out to the screen.
|
|
47
|
+
This does not modify the firewall settings.
|
|
48
|
+
|
|
49
|
+
#### To implement the changes, use:
|
|
50
|
+
|
|
51
|
+
$ shutter --restore
|
|
52
|
+
|
|
53
|
+
This command uses 'iptables-restore' under the hood to update the firewall. You can use the '--persist' option
|
|
54
|
+
to make the changes permanent and survive reboots.
|
|
55
|
+
|
|
56
|
+
#### Useful environment variables:
|
|
57
|
+
**SHUTTER_CONFIG:** Use this variable to set the location to the configuration files.
|
|
58
|
+
|
|
59
|
+
**SHUTTER_PERSIST_FILE:** Use this variable to set the location of the 'persist' file. i.e. /etc/sysconfig/iptables (default for Redhat)
|
|
60
|
+
|
|
61
|
+
**SHUTTER_MODE:** Sets the mode of operation. Currently only used for testing, but in the future it will include a development mode for increased log output for automated runs
|
|
62
|
+
|
|
63
|
+
More documentation to come...
|
|
20
64
|
|
|
21
|
-
TODO: Write usage instructions here
|
|
22
65
|
|
|
23
66
|
## Contributing
|
|
24
67
|
|
data/Rakefile
CHANGED
|
@@ -1,2 +1,11 @@
|
|
|
1
1
|
#!/usr/bin/env rake
|
|
2
|
+
require 'rspec/core/rake_task'
|
|
2
3
|
require "bundler/gem_tasks"
|
|
4
|
+
|
|
5
|
+
task :default => :spec
|
|
6
|
+
|
|
7
|
+
desc "Run all specs"
|
|
8
|
+
RSpec::Core::RakeTask.new(:spec) do |t|
|
|
9
|
+
t.rspec_opts = %w{--colour --format progress}
|
|
10
|
+
t.pattern = 'spec/*_spec.rb'
|
|
11
|
+
end
|
data/bin/shutter
CHANGED
data/lib/shutter/command_line.rb
CHANGED
|
@@ -5,20 +5,21 @@ require 'shutter/os'
|
|
|
5
5
|
module Shutter
|
|
6
6
|
class CommandLine
|
|
7
7
|
def initialize( path = "/etc/shutter.d")
|
|
8
|
-
# Currently only available to RedHat variants
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
8
|
+
# Currently only available to RedHat variants uless testing
|
|
9
|
+
unless ENV['SHUTTER_MODE'] == "testing"
|
|
10
|
+
@os = Shutter::OS.new
|
|
11
|
+
unless @os.redhat?
|
|
12
|
+
puts "Shutter is currently only compatible with RedHat and its variants."
|
|
13
|
+
puts "Help make it compatible with others (github.com/rlyon/shutter)"
|
|
14
|
+
exit
|
|
15
|
+
end
|
|
14
16
|
end
|
|
15
17
|
|
|
16
18
|
@config_path = path
|
|
17
|
-
@iptables = Shutter::IPTables::Base.new(@config_path)
|
|
18
|
-
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def execute
|
|
22
|
+
@iptables = Shutter::IPTables::Base.new(@config_path)
|
|
22
23
|
options = {}
|
|
23
24
|
optparse = OptionParser.new do |opts|
|
|
24
25
|
opts.banner = "Usage: shutter [options]"
|
|
@@ -59,6 +60,7 @@ module Shutter
|
|
|
59
60
|
end
|
|
60
61
|
|
|
61
62
|
def init
|
|
63
|
+
create_config_dir
|
|
62
64
|
Shutter::CONFIG_FILES.each do |name|
|
|
63
65
|
file = "#{@config_path}/#{name}"
|
|
64
66
|
unless File.exists?(file)
|
|
@@ -71,6 +73,7 @@ module Shutter
|
|
|
71
73
|
end
|
|
72
74
|
|
|
73
75
|
def reinit
|
|
76
|
+
create_config_dir
|
|
74
77
|
Shutter::CONFIG_FILES.each do |name|
|
|
75
78
|
file = "#{@config_path}/#{name}"
|
|
76
79
|
File.open(file, 'w') do |f|
|
|
@@ -101,5 +104,17 @@ module Shutter
|
|
|
101
104
|
end
|
|
102
105
|
end
|
|
103
106
|
|
|
107
|
+
private
|
|
108
|
+
def create_config_dir
|
|
109
|
+
# Check to see if the path to the config files exist
|
|
110
|
+
unless File.directory?(@config_path)
|
|
111
|
+
begin
|
|
112
|
+
Dir.mkdir(@config_path)
|
|
113
|
+
rescue Errno::ENOENT
|
|
114
|
+
raise "Could not create the configuration directory. Check to see if the parent directory exists."
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
104
119
|
end
|
|
105
120
|
end
|
data/lib/shutter/version.rb
CHANGED
data/shutter.gemspec
CHANGED
data/spec/env_spec.rb
ADDED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
require File.dirname(__FILE__) + '/spec_helper'
|
|
2
|
+
|
|
3
|
+
describe "Environment Sanity Check" do
|
|
4
|
+
it "should have the SHUTTER_CONFIG variable set to ./tmp" do
|
|
5
|
+
ENV['SHUTTER_CONFIG'].should == "./tmp"
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
it "should have the SHUTTER_PERSIST_FILE variable set to ./tmp/iptables" do
|
|
9
|
+
ENV['SHUTTER_PERSIST_FILE'].should == "./tmp/iptables"
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
it "should be able to write to ./tmp" do
|
|
13
|
+
File.open("./tmp/test", "w") { |f| f.write("Foo") }
|
|
14
|
+
IO.read("./tmp/test").should == "Foo"
|
|
15
|
+
File.unlink("./tmp/test")
|
|
16
|
+
end
|
|
17
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shutter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,8 +9,40 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-06-
|
|
13
|
-
dependencies:
|
|
12
|
+
date: 2012-06-27 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: rspec
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '0'
|
|
22
|
+
type: :development
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
26
|
+
requirements:
|
|
27
|
+
- - ! '>='
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0'
|
|
30
|
+
- !ruby/object:Gem::Dependency
|
|
31
|
+
name: mocha
|
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
34
|
+
requirements:
|
|
35
|
+
- - ! '>='
|
|
36
|
+
- !ruby/object:Gem::Version
|
|
37
|
+
version: '0'
|
|
38
|
+
type: :development
|
|
39
|
+
prerelease: false
|
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
42
|
+
requirements:
|
|
43
|
+
- - ! '>='
|
|
44
|
+
- !ruby/object:Gem::Version
|
|
45
|
+
version: '0'
|
|
14
46
|
description: Shutter helps maintain firewalls
|
|
15
47
|
email:
|
|
16
48
|
- nosignsoflifehere@gmail.com
|
|
@@ -37,6 +69,9 @@ files:
|
|
|
37
69
|
- lib/shutter/os.rb
|
|
38
70
|
- lib/shutter/version.rb
|
|
39
71
|
- shutter.gemspec
|
|
72
|
+
- spec/content_spec.rb
|
|
73
|
+
- spec/env_spec.rb
|
|
74
|
+
- spec/spec_helper.rb
|
|
40
75
|
homepage: ''
|
|
41
76
|
licenses: []
|
|
42
77
|
post_install_message:
|
|
@@ -57,8 +92,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
57
92
|
version: '0'
|
|
58
93
|
requirements: []
|
|
59
94
|
rubyforge_project:
|
|
60
|
-
rubygems_version: 1.8.
|
|
95
|
+
rubygems_version: 1.8.20
|
|
61
96
|
signing_key:
|
|
62
97
|
specification_version: 3
|
|
63
98
|
summary: Shutter helps maintain firewalls
|
|
64
|
-
test_files:
|
|
99
|
+
test_files:
|
|
100
|
+
- spec/content_spec.rb
|
|
101
|
+
- spec/env_spec.rb
|
|
102
|
+
- spec/spec_helper.rb
|