vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From arku...@apache.org
Subject svn commit: r1792937 - /vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/ufw.pm
Date Thu, 27 Apr 2017 18:26:37 GMT
Author: arkurth
Date: Thu Apr 27 18:26:37 2017
New Revision: 1792937

URL: http://svn.apache.org/viewvc?rev=1792937&view=rev
Log:
VCL-971
Set subversion properties on ufw.pm.

Modified:
    vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/ufw.pm   (contents, props changed)

Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/ufw.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/ufw.pm?rev=1792937&r1=1792936&r2=1792937&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/ufw.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/ufw.pm Thu Apr 27 18:26:37 2017
@@ -1,236 +1,236 @@
-#!/usr/bin/perl -w
-###############################################################################
-# $Id: $
-###############################################################################
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-###############################################################################
-
-=head1 NAME
-
-VCL::Module::OS::Linux::firewall::ufw.pm
-
-=head1 DESCRIPTION
-
- This module provides support for configuring ufw-based firewalls.
-
-=cut
-
-##############################################################################
-package VCL::Module::OS::Linux::firewall::ufw;
-
-# Specify the lib path using FindBin
-use FindBin;
-use lib "$FindBin::Bin/../../../../..";
-
-# Configure inheritance
-use base qw(VCL::Module::OS::Linux::firewall::iptables);
-
-# Specify the version of this module
-our $VERSION = '2.4.2';
-
-our @ISA;
-
-# Specify the version of Perl to use
-use 5.008000;
-
-use strict;
-use warnings;
-use diagnostics;
-
-use VCL::utils;
-
-##############################################################################
-
-=head1 OBJECT METHODS
-
-=cut
-
-#/////////////////////////////////////////////////////////////////////////////
-
-=head2 initialize
-
- Parameters  : none
- Returns     : boolean
- Description : Returns true if the ufw and iptables-save commands exist on the
-               computer. Returns false if the command does not exist.
-
-=cut
-
-sub initialize {
-	my $self = shift;
-	if (ref($self) !~ /VCL::Module/i) {
-		notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called
as a class method");
-		return 0;
-	}
-	
-	my $arguments = shift || {};
-	
-	my $computer_name = $self->data->get_computer_hostname();
-	
-	notify($ERRORS{'DEBUG'}, 0, "initializing " . ref($self) . " object to control $computer_name");
-	
-	if (!$self->os->command_exists('ufw')) {
-		notify($ERRORS{'DEBUG'}, 0, ref($self) . " object not initialized to control $computer_name,
ufw command does not exist");
-		return 0;
-	}
-	elsif (!$self->os->command_exists('iptables-save')) {
-		notify($ERRORS{'DEBUG'}, 0, ref($self) . " object not initialized to control $computer_name,
iptables-save command does not exist");
-		return 0;
-	}
-	
-	notify($ERRORS{'DEBUG'}, 0, ref($self) . " object initialized to control $computer_name");
-	return 1;
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
-=head2 save_configuration
-
- Parameters  : none
- Returns     : boolean
- Description : Executes iptables-save and writes all lines containing 'vcl-' to
-               the end of /etc/ufw/after.rules. A comment beginning with
-               "DISCLAIMER" along with user instructions is added before the
-               section added by VCL. If this exists prior to the execution of
-               this subroutine, the "DISCLAIMER" line and everything underneath
-               it are first removed.
-               
-               "ufw enable" is executed after the .rules file is modified. This
-               reloads the configuration and ensures the firewall is enabled.
-
-=cut
-
-sub save_configuration {
-	my $self = shift;
-	if (ref($self) !~ /VCL::Module/i) {
-		notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called
as a class method");
-		return 0;
-	}
-	
-	my $computer_name = $self->data->get_computer_short_name();
-	
-	my $rules_file_path = '/etc/ufw/after.rules';
-	
-	# Make a backup copy of after.rules
-	my $timestamp = makedatestring();
-	my $file_timestamp = $timestamp;
-	$file_timestamp =~ s/:+/-/g;
-	$file_timestamp =~ s/\s+/_/g;
-	my $backup_rules_file_path = "/tmp/ufw-after.rules.$file_timestamp";
-	$self->os->copy_file($rules_file_path, $backup_rules_file_path);
-	
-	my @original_lines = $self->os->get_file_contents($rules_file_path);
-	if (!@original_lines) {
-		notify($ERRORS{'WARNING'}, 0, "failed to save ufw firewall configuration on $computer_name,
contents of $rules_file_path could not be retrieved");
-		return;
-	}
-	
-	my @updated_lines;
-	for my $original_line (@original_lines) {
-		if ($original_line !~ /#.*(VCL|DISCLAIMER)/) {
-			push @updated_lines, $original_line;
-		}
-		else {
-			# Ignore all lines after the first line containing '# VCL' is found
-			last;
-		}
-	}
-	
-	# Call iptables-save
-	# All lines added by vcl should contain a 'vcl-'
-	my $command = "iptables-save |grep 'vcl-'";
-	my ($exit_status, $output) = $self->os->execute($command);
-	if (!defined($output)) {
-		notify($ERRORS{'WARNING'}, 0, "failed to execute command to retrieve iptables rules containing
'vcl-' from $computer_name: $command");
-		return;
-	}
-	elsif ($exit_status ne '0') {
-		notify($ERRORS{'WARNING'}, 0, "failed to retrieve iptables rules containing 'vcl-' from
$computer_name, exit status: $exit_status, command:\n$command\noutput:\n" . join("\n", @$output));
-		return 0;
-	}
-	else {
-		notify($ERRORS{'OK'}, 0, "retrieved iptables rules containing 'vcl-' from $computer_name
on $computer_name:\n" . join("\n", @$output));
-	}
-	
-	# Note: Do not use "WARNING" in the message or else it will show up in vcld.log, creating
noise when searching for WARNING messages
-	push @updated_lines, <<EOF;
-# DISCLAIMER: The remainder of this file has been automatically configured by VCL ($timestamp)
-# Do not modify this line or any lines below
-# Custom firewall configuration lines may be added to this file but must be located above
this line
-*filter
-EOF
-	
-	push @updated_lines, @$output;
-	push @updated_lines, 'COMMIT';
-	
-	my $updated_string = join("\n", @updated_lines);
-	if ($self->os->create_text_file($rules_file_path, $updated_string)) {
-		notify($ERRORS{'OK'}, 0, "saved ufw firewall configuration on $computer_name to $rules_file_path:\n$updated_string");
-	}
-	else {
-		notify($ERRORS{'WARNING'}, 0, "failed to save ufw firewall configuration on $computer_name,
$rules_file_path could not be updated");
-		return;
-	}
-	
-	return $self->enable();
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
-=head2 enable
-
- Parameters  : none
- Returns     : boolean
- Description : Calls "ufw --force enable" to reload the ufw firewall and enable
-               it on boot.
-
-=cut
-
-sub enable {
-	my $self = shift;
-	if (ref($self) !~ /VCL::Module/i) {
-		notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called
as a class method");
-		return 0;
-	}
-	
-	my $computer_name = $self->data->get_computer_short_name();
-	
-	my $command = 'ufw --force enable';
-	my ($exit_status, $output) = $self->os->execute($command, 1);
-	if (!defined($output)) {
-		notify($ERRORS{'WARNING'}, 0, "failed to execute command on $computer_name: $command");
-		return;
-	}
-	elsif ($exit_status ne '0') {
-		notify($ERRORS{'WARNING'}, 0, "failed to enable ufw on $computer_name, exit status: $exit_status,
command:\n$command\noutput:\n" . join("\n", @$output));
-		return 0;
-	}
-	else {
-		notify($ERRORS{'OK'}, 0, "enabled ufw on $computer_name");
-		return 1;
-	}
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
-1;
-__END__
-
-=head1 SEE ALSO
-
-L<http://cwiki.apache.org/VCL/>
-
-=cut
+#!/usr/bin/perl -w
+###############################################################################
+# $Id$
+###############################################################################
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###############################################################################
+
+=head1 NAME
+
+VCL::Module::OS::Linux::firewall::ufw.pm
+
+=head1 DESCRIPTION
+
+ This module provides support for configuring ufw-based firewalls.
+
+=cut
+
+##############################################################################
+package VCL::Module::OS::Linux::firewall::ufw;
+
+# Specify the lib path using FindBin
+use FindBin;
+use lib "$FindBin::Bin/../../../../..";
+
+# Configure inheritance
+use base qw(VCL::Module::OS::Linux::firewall::iptables);
+
+# Specify the version of this module
+our $VERSION = '2.4.2';
+
+our @ISA;
+
+# Specify the version of Perl to use
+use 5.008000;
+
+use strict;
+use warnings;
+use diagnostics;
+
+use VCL::utils;
+
+##############################################################################
+
+=head1 OBJECT METHODS
+
+=cut
+
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 initialize
+
+ Parameters  : none
+ Returns     : boolean
+ Description : Returns true if the ufw and iptables-save commands exist on the
+               computer. Returns false if the command does not exist.
+
+=cut
+
+sub initialize {
+	my $self = shift;
+	if (ref($self) !~ /VCL::Module/i) {
+		notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called
as a class method");
+		return 0;
+	}
+	
+	my $arguments = shift || {};
+	
+	my $computer_name = $self->data->get_computer_hostname();
+	
+	notify($ERRORS{'DEBUG'}, 0, "initializing " . ref($self) . " object to control $computer_name");
+	
+	if (!$self->os->command_exists('ufw')) {
+		notify($ERRORS{'DEBUG'}, 0, ref($self) . " object not initialized to control $computer_name,
ufw command does not exist");
+		return 0;
+	}
+	elsif (!$self->os->command_exists('iptables-save')) {
+		notify($ERRORS{'DEBUG'}, 0, ref($self) . " object not initialized to control $computer_name,
iptables-save command does not exist");
+		return 0;
+	}
+	
+	notify($ERRORS{'DEBUG'}, 0, ref($self) . " object initialized to control $computer_name");
+	return 1;
+}
+
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 save_configuration
+
+ Parameters  : none
+ Returns     : boolean
+ Description : Executes iptables-save and writes all lines containing 'vcl-' to
+               the end of /etc/ufw/after.rules. A comment beginning with
+               "DISCLAIMER" along with user instructions is added before the
+               section added by VCL. If this exists prior to the execution of
+               this subroutine, the "DISCLAIMER" line and everything underneath
+               it are first removed.
+               
+               "ufw enable" is executed after the .rules file is modified. This
+               reloads the configuration and ensures the firewall is enabled.
+
+=cut
+
+sub save_configuration {
+	my $self = shift;
+	if (ref($self) !~ /VCL::Module/i) {
+		notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called
as a class method");
+		return 0;
+	}
+	
+	my $computer_name = $self->data->get_computer_short_name();
+	
+	my $rules_file_path = '/etc/ufw/after.rules';
+	
+	# Make a backup copy of after.rules
+	my $timestamp = makedatestring();
+	my $file_timestamp = $timestamp;
+	$file_timestamp =~ s/:+/-/g;
+	$file_timestamp =~ s/\s+/_/g;
+	my $backup_rules_file_path = "/tmp/ufw-after.rules.$file_timestamp";
+	$self->os->copy_file($rules_file_path, $backup_rules_file_path);
+	
+	my @original_lines = $self->os->get_file_contents($rules_file_path);
+	if (!@original_lines) {
+		notify($ERRORS{'WARNING'}, 0, "failed to save ufw firewall configuration on $computer_name,
contents of $rules_file_path could not be retrieved");
+		return;
+	}
+	
+	my @updated_lines;
+	for my $original_line (@original_lines) {
+		if ($original_line !~ /#.*(VCL|DISCLAIMER)/) {
+			push @updated_lines, $original_line;
+		}
+		else {
+			# Ignore all lines after the first line containing '# VCL' is found
+			last;
+		}
+	}
+	
+	# Call iptables-save
+	# All lines added by vcl should contain a 'vcl-'
+	my $command = "iptables-save |grep 'vcl-'";
+	my ($exit_status, $output) = $self->os->execute($command);
+	if (!defined($output)) {
+		notify($ERRORS{'WARNING'}, 0, "failed to execute command to retrieve iptables rules containing
'vcl-' from $computer_name: $command");
+		return;
+	}
+	elsif ($exit_status ne '0') {
+		notify($ERRORS{'WARNING'}, 0, "failed to retrieve iptables rules containing 'vcl-' from
$computer_name, exit status: $exit_status, command:\n$command\noutput:\n" . join("\n", @$output));
+		return 0;
+	}
+	else {
+		notify($ERRORS{'OK'}, 0, "retrieved iptables rules containing 'vcl-' from $computer_name
on $computer_name:\n" . join("\n", @$output));
+	}
+	
+	# Note: Do not use "WARNING" in the message or else it will show up in vcld.log, creating
noise when searching for WARNING messages
+	push @updated_lines, <<EOF;
+# DISCLAIMER: The remainder of this file has been automatically configured by VCL ($timestamp)
+# Do not modify this line or any lines below
+# Custom firewall configuration lines may be added to this file but must be located above
this line
+*filter
+EOF
+	
+	push @updated_lines, @$output;
+	push @updated_lines, 'COMMIT';
+	
+	my $updated_string = join("\n", @updated_lines);
+	if ($self->os->create_text_file($rules_file_path, $updated_string)) {
+		notify($ERRORS{'OK'}, 0, "saved ufw firewall configuration on $computer_name to $rules_file_path:\n$updated_string");
+	}
+	else {
+		notify($ERRORS{'WARNING'}, 0, "failed to save ufw firewall configuration on $computer_name,
$rules_file_path could not be updated");
+		return;
+	}
+	
+	return $self->enable();
+}
+
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 enable
+
+ Parameters  : none
+ Returns     : boolean
+ Description : Calls "ufw --force enable" to reload the ufw firewall and enable
+               it on boot.
+
+=cut
+
+sub enable {
+	my $self = shift;
+	if (ref($self) !~ /VCL::Module/i) {
+		notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called
as a class method");
+		return 0;
+	}
+	
+	my $computer_name = $self->data->get_computer_short_name();
+	
+	my $command = 'ufw --force enable';
+	my ($exit_status, $output) = $self->os->execute($command, 1);
+	if (!defined($output)) {
+		notify($ERRORS{'WARNING'}, 0, "failed to execute command on $computer_name: $command");
+		return;
+	}
+	elsif ($exit_status ne '0') {
+		notify($ERRORS{'WARNING'}, 0, "failed to enable ufw on $computer_name, exit status: $exit_status,
command:\n$command\noutput:\n" . join("\n", @$output));
+		return 0;
+	}
+	else {
+		notify($ERRORS{'OK'}, 0, "enabled ufw on $computer_name");
+		return 1;
+	}
+}
+
+#/////////////////////////////////////////////////////////////////////////////
+
+1;
+__END__
+
+=head1 SEE ALSO
+
+L<http://cwiki.apache.org/VCL/>
+
+=cut

Propchange: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/ufw.pm
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/ufw.pm
------------------------------------------------------------------------------
    svn:keywords = Date Revision Author HeadURL Id



Mime
View raw message