shutter 0.0.3 → 0.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. data/README.md +52 -9
  2. data/Rakefile +9 -0
  3. data/bin/shutter +1 -0
  4. data/lib/shutter/command_line.rb +23 -8
  5. data/lib/shutter/version.rb +1 -1
  6. data/shutter.gemspec +2 -0
  7. data/spec/content_spec.rb +9 -0
  8. data/spec/env_spec.rb +17 -0
  9. data/spec/spec_helper.rb +11 -0
  10. metadata +43 -5
data/README.md CHANGED
@@ -1,24 +1,67 @@
1
1
  # Shutter
2
2
 
3
- TODO: Write a gem description
3
+ Shutter is a tool that enables system administrators the ability to manage
4
+ iptables firewall settings through simple lists instead of complex iptables commands. Please note:
5
+ This application currently only works with Red Hat based distributions, as the need arrises more
6
+ distributions will be added.
4
7
 
5
8
  ## Installation
6
9
 
7
- Add this line to your application's Gemfile:
10
+ Instalation is through the gem package management program.
8
11
 
9
- gem 'shutter'
12
+ $ gem install shutter
10
13
 
11
- And then execute:
14
+ ## Usage
12
15
 
13
- $ bundle
16
+ #### Install the gem.
17
+
18
+ $ gem install shutter
14
19
 
15
- Or install it yourself as:
20
+ #### Create the initial configuration files.
16
21
 
17
- $ gem install shutter
22
+ $ shutter --init
18
23
 
19
- ## Usage
24
+ #### Modify the files to meet your required settings.
25
+
26
+ There are several files that you can modify:
27
+ * **base.ipt:** The one file to rule them all. Modifying this file is optional as
28
+ it is the template that is used to build the firewall. If you do modify the file,
29
+ just make sure you include the appropriate placeholder directives to allow
30
+ shutter to dynamically fill in the rules. It is possible to leave out any unwanted
31
+ placeholders. By default the files are will be found in the */etc/shutter.d* directory
32
+ * **iface.dmz:** Enter any private interfaces that will be unprotected by the firewall. One per line.
33
+ * **ip.allow:** A list of IP addresses and ranges that are allowed to access the 'private' ports
34
+ * **ip.deny:** A list of IP addresses and ranges that are denied access to both public and private ports.
35
+ * **ports.private:** A list of ports and protocols that are available to traffic that passes through the AllowIP chain
36
+ * **ports.public:** A list of ports and protocols that are available publically to everyone except the 'Bastards' listed in ip.deny
37
+
38
+ Shutter was designed to work with the Fail2ban access monitoring/management tool. It includes a
39
+ special chain called 'Jail' which is used to insert the jump rules that fail2ban uses to deny access 'on-the-fly'.
40
+ To work correctly, you configure fail2ban to use the Jail chain instead of INPUT.
41
+
42
+ #### To check your firewall you can run:
43
+
44
+ $ shutter --save
45
+
46
+ This command mimics the 'iptables-save' command which prints the rules out to the screen.
47
+ This does not modify the firewall settings.
48
+
49
+ #### To implement the changes, use:
50
+
51
+ $ shutter --restore
52
+
53
+ This command uses 'iptables-restore' under the hood to update the firewall. You can use the '--persist' option
54
+ to make the changes permanent and survive reboots.
55
+
56
+ #### Useful environment variables:
57
+ **SHUTTER_CONFIG:** Use this variable to set the location to the configuration files.
58
+
59
+ **SHUTTER_PERSIST_FILE:** Use this variable to set the location of the 'persist' file. i.e. /etc/sysconfig/iptables (default for Redhat)
60
+
61
+ **SHUTTER_MODE:** Sets the mode of operation. Currently only used for testing, but in the future it will include a development mode for increased log output for automated runs
62
+
63
+ More documentation to come...
20
64
 
21
- TODO: Write usage instructions here
22
65
 
23
66
  ## Contributing
24
67
 
data/Rakefile CHANGED
@@ -1,2 +1,11 @@
1
1
  #!/usr/bin/env rake
2
+ require 'rspec/core/rake_task'
2
3
  require "bundler/gem_tasks"
4
+
5
+ task :default => :spec
6
+
7
+ desc "Run all specs"
8
+ RSpec::Core::RakeTask.new(:spec) do |t|
9
+ t.rspec_opts = %w{--colour --format progress}
10
+ t.pattern = 'spec/*_spec.rb'
11
+ end
data/bin/shutter CHANGED
@@ -7,4 +7,5 @@ end
7
7
 
8
8
  require 'shutter'
9
9
  config_path = ENV['SHUTTER_CONFIG'] ? ENV['SHUTTER_CONFIG'] : "/etc/shutter.d"
10
+ ENV['SHUTTER_MODE'] = "production"
10
11
  Shutter::CommandLine.new(config_path).execute
data/lib/shutter/command_line.rb CHANGED
@@ -5,20 +5,21 @@ require 'shutter/os'
5
5
  module Shutter
6
6
  class CommandLine
7
7
  def initialize( path = "/etc/shutter.d")
8
- # Currently only available to RedHat variants
9
- @os = Shutter::OS.new
10
- unless @os.redhat?
11
- puts "Shutter is currently only compatible with RedHat and its variants."
12
- puts "Help make it compatible with others (github.com/rlyon/shutter)"
13
- exit
8
+ # Currently only available to RedHat variants uless testing
9
+ unless ENV['SHUTTER_MODE'] == "testing"
10
+ @os = Shutter::OS.new
11
+ unless @os.redhat?
12
+ puts "Shutter is currently only compatible with RedHat and its variants."
13
+ puts "Help make it compatible with others (github.com/rlyon/shutter)"
14
+ exit
15
+ end
14
16
  end
15
17
 
16
18
  @config_path = path
17
- @iptables = Shutter::IPTables::Base.new(@config_path)
18
-
19
19
  end
20
20
 
21
21
  def execute
22
+ @iptables = Shutter::IPTables::Base.new(@config_path)
22
23
  options = {}
23
24
  optparse = OptionParser.new do |opts|
24
25
  opts.banner = "Usage: shutter [options]"
@@ -59,6 +60,7 @@ module Shutter
59
60
  end
60
61
 
61
62
  def init
63
+ create_config_dir
62
64
  Shutter::CONFIG_FILES.each do |name|
63
65
  file = "#{@config_path}/#{name}"
64
66
  unless File.exists?(file)
@@ -71,6 +73,7 @@ module Shutter
71
73
  end
72
74
 
73
75
  def reinit
76
+ create_config_dir
74
77
  Shutter::CONFIG_FILES.each do |name|
75
78
  file = "#{@config_path}/#{name}"
76
79
  File.open(file, 'w') do |f|
@@ -101,5 +104,17 @@ module Shutter
101
104
  end
102
105
  end
103
106
 
107
+ private
108
+ def create_config_dir
109
+ # Check to see if the path to the config files exist
110
+ unless File.directory?(@config_path)
111
+ begin
112
+ Dir.mkdir(@config_path)
113
+ rescue Errno::ENOENT
114
+ raise "Could not create the configuration directory. Check to see if the parent directory exists."
115
+ end
116
+ end
117
+ end
118
+
104
119
  end
105
120
  end
data/lib/shutter/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Shutter
2
- VERSION = "0.0.3"
2
+ VERSION = "0.0.4"
3
3
  end
data/shutter.gemspec CHANGED
@@ -14,4 +14,6 @@ Gem::Specification.new do |gem|
14
14
  gem.name = "shutter"
15
15
  gem.require_paths = ["lib"]
16
16
  gem.version = Shutter::VERSION
17
+ gem.add_development_dependency('rspec')
18
+ gem.add_development_dependency('mocha')
17
19
  end
data/spec/content_spec.rb ADDED
@@ -0,0 +1,9 @@
1
+ require File.dirname(__FILE__) + '/spec_helper'
2
+
3
+ describe "Shutter" do
4
+ it "should have templates for all files" do
5
+ Shutter::CONFIG_FILES.each do |name|
6
+ Shutter.constants.include?(:"#{name.upcase.gsub(/\./, "_")}").should == true
7
+ end
8
+ end
9
+ end
data/spec/env_spec.rb ADDED
@@ -0,0 +1,17 @@
1
+ require File.dirname(__FILE__) + '/spec_helper'
2
+
3
+ describe "Environment Sanity Check" do
4
+ it "should have the SHUTTER_CONFIG variable set to ./tmp" do
5
+ ENV['SHUTTER_CONFIG'].should == "./tmp"
6
+ end
7
+
8
+ it "should have the SHUTTER_PERSIST_FILE variable set to ./tmp/iptables" do
9
+ ENV['SHUTTER_PERSIST_FILE'].should == "./tmp/iptables"
10
+ end
11
+
12
+ it "should be able to write to ./tmp" do
13
+ File.open("./tmp/test", "w") { |f| f.write("Foo") }
14
+ IO.read("./tmp/test").should == "Foo"
15
+ File.unlink("./tmp/test")
16
+ end
17
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,11 @@
1
+ require 'rubygems'
2
+ require 'bundler/setup'
3
+ require 'shutter'
4
+
5
+ RSpec.configure do |config|
6
+ config.mock_with :mocha
7
+ end
8
+
9
+ ENV['SHUTTER_CONFIG'] = "./tmp"
10
+ ENV['SHUTTER_PERSIST_FILE'] = "./tmp/iptables"
11
+ ENV['SHUTTER_MODE'] = "testing"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shutter
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.4
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,8 +9,40 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-06-22 00:00:00.000000000 Z
13
- dependencies: []
12
+ date: 2012-06-27 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rspec
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :development
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ! '>='
28
+ - !ruby/object:Gem::Version
29
+ version: '0'
30
+ - !ruby/object:Gem::Dependency
31
+ name: mocha
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :development
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
14
46
  description: Shutter helps maintain firewalls
15
47
  email:
16
48
  - nosignsoflifehere@gmail.com
@@ -37,6 +69,9 @@ files:
37
69
  - lib/shutter/os.rb
38
70
  - lib/shutter/version.rb
39
71
  - shutter.gemspec
72
+ - spec/content_spec.rb
73
+ - spec/env_spec.rb
74
+ - spec/spec_helper.rb
40
75
  homepage: ''
41
76
  licenses: []
42
77
  post_install_message:
@@ -57,8 +92,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
57
92
  version: '0'
58
93
  requirements: []
59
94
  rubyforge_project:
60
- rubygems_version: 1.8.24
95
+ rubygems_version: 1.8.20
61
96
  signing_key:
62
97
  specification_version: 3
63
98
  summary: Shutter helps maintain firewalls
64
- test_files: []
99
+ test_files:
100
+ - spec/content_spec.rb
101
+ - spec/env_spec.rb
102
+ - spec/spec_helper.rb