HEX
Server: Apache
System: Linux server.enlacediseno.com 4.18.0-553.62.1.el8_10.x86_64 #1 SMP Wed Jul 16 04:08:25 EDT 2025 x86_64
User: maor (1069)
PHP: 7.3.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /var/lib/puppet/lib/puppet/type/
Upload Files
File: //var/lib/puppet/lib/puppet/type/csf.rb
require 'facter'

module Puppet
	newtype(:csf) do
		@doc = "Setup allowed IPs, TCP/UDP ports, CSF state, and ICMP settings"

		def validate_ips(values, arg)
			if values != :absent and ! values.respond_to?(:each)
				raise ArgumentError, "%s must be an array, or absent" % values
			elsif values != :absent
				values.each do |value|
					if value !~ /^(\d{1,3}\.){3}\d{1,3}$/
						raise ArgumentError, "IP '%s' must be an IP address (full string was '%s' for '%s')" % [value, values.join(','), arg]
					end
				end
			end
			true
		end

		def validate_ports(values, arg)
			if values != :absent and ! values.respond_to?(:each)
				raise ArgumentError, "%s must be an array, or absent. Got type %s" % [values, values.class]
			elsif values != :absent
				values.each do |value|
					if value.to_i == 0
						raise ArgumentError, "Port '%s' must be an integer, or a string that is an integer (full string was '%s' for '%s')" % [value, values.join(','), arg]
					end
				end
			end
			true
		end

		def ips_in_sync(is, should)
				res = true
				if should != [:absent] and should != :absent
					should.each do |ip|
						if ! is.include?(ip)
							res = false
							break
						end
					end
					if res == true and self[:purge] == :true
						is.each do |ip|
							if ! should.include?(ip)
								res = false
								break
							end
						end
					end
				end
				return res
		end


		def ports_in_sync(is, should)

				res = true
				if should != [:absent] and should != :absent
					should.each do |p|
						if ! is.include?(p)
							res = false
							break
						end
					end
					if res == true and self[:purge] == :true
						is.each do |p|
							if ! should.include?(p)
								res = false
								break
							end
						end
					end
				end
				if res == true and self[:closed_ports] != [:absent] and self[:closed_ports] != :absent
					self[:closed_ports].each do |p|
						if is.include?(p)
							res = false
							break
						end
					end
				end
				return res
		end

		newproperty(:tcp_out, :array_matching => :all) do
			defaultto :absent

			def insync?(is)
				return resource.ports_in_sync(is, @should)
			end

			def validate(values)
				resource.validate_ports(values,:tcp_out)
				super
			end
		end

		newproperty(:tcp_in, :array_matching => :all) do
			defaultto :absent

			def insync?(is)
				return resource.ports_in_sync(is, @should)
			end

			def validate(values)
				resource.validate_ports(values,:tcp_in)
				super
			end

		end

		newproperty(:udp_out, :array_matching => :all) do
			defaultto :absent

			def insync?(is)
				return resource.ports_in_sync(is, @should)
			end

			def validate(values)
				resource.validate_ports(values,:udp_out)
				super
			end
		end

		newproperty(:udp_in, :array_matching => :all) do
			defaultto :absent

			def insync?(is)
				return resource.ports_in_sync(is, @should)
			end

			def validate(values)
				resource.validate_ports(values,:udp_in)
				super
			end
		end

		newparam(:closed_ports, :array_matching => :all) do
			defaultto :absent

			def validate(values)
				resource.validate_ports(values,:closed_ports)
				super
			end
		end

		newproperty(:allowed_ips, :array_matching => :all) do
			defaultto :absent

			def insync?(is)
				return resource.ips_in_sync(is, @should)
			end

			def validate(values)
				resource.validate_ips(values,:allowed_ips)
				super
			end
		end

		newproperty(:blocked_ips, :array_matching => :all) do
			defaultto :absent

			def insync?(is)
				return resource.ips_in_sync(is, @should)
			end

			def validate(values)
				resource.validate_ips(values,:blocked_ips)
				super
			end
		end

		newproperty(:allow_icmp) do
			defaultto :absent

			def insync?(is)
				if @should[0] == :absent
					return true
				else
					return is == @should[0]
				end
			end

			def validate(value)
				if value != :absent and value != true and value != false
					raise ArgumentException "Invalid value for 'allow_icmp' (%s)" % value.to_s
				end
				return true
			end
		end

		newproperty(:icmp_rate) do
			defaultto :absent

			def insync?(is)
				if @should[0] == :absent
					return true
				else
					return is == @should[0]
				end
			end

			def validate(value)
				if value != :absent and value !~ /^\d+\/s$/
					raise ArgumentException "Invalid value for 'icmp_rate' (%s)" % value.to_s
				end
				return true
			end
		end

		newparam(:purge) do
			newvalues(:true,:false,:absent)
			defaultto :false
		end

		newproperty(:enabled) do
			newvalues(:true,:false,:absent)
			defaultto :absent

			def insync?(is)
				if ! @resource.provider.skip_enable_check
					if @should[0] == :true and Facter.value(:csf_enabled) == "false"
						false
					elsif @should[0] == :false and Facter.value(:csf_enabled) == "true"
						false
					else
						true
					end
				else
					true
				end
			end
		end



		newparam(:name) do
			desc "The SSH key comment. This attribute is currently used as a
			system-wide primary key and therefore has to be unique."

			isnamevar

			validate do |value|
				raise Puppet::Error, "Resourcename must not contain whitespace: #{value}" if value =~ /\s/
			end
		end
	end
end
@ Telegram