Last active
December 20, 2023 19:41
-
-
Save r0x0d/847c5892803172d5fde5575cfe3cb8a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CLEANUP_MODULES_ON_EXIT_REGEX = re.compile(r"(?i)CleanupModulesOnExit\s*=\s*(yes|true)") | |
def _is_modules_cleanup_enabled(): | |
"""Verify firewalld modules cleanup config is enabled. | |
:returns: Whether or not the CleanupModulesOnExit is set to true in | |
firewalld config. | |
:rtype: bool | |
""" | |
# Return false if the config file does not exist. Either it means that | |
# firewalld is not installed or the config file was removed. | |
if not os.path.exists(FIREWALLD_CONFIG_FILE): | |
logger.debug("%s does not exist." % FIREWALLD_CONFIG_FILE) | |
return False | |
contents = [] | |
with open(FIREWALLD_CONFIG_FILE, mode="r") as handler: | |
contents = [line.strip() for line in handler.readlines() if line.strip()] | |
# Contents list is empty for some reason, better to assume that there | |
# is no content in the file that was read. | |
if not contents: | |
logger.debug("%s is empty." % FIREWALLD_CONFIG_FILE) | |
return True | |
# If the CleanupModulesOnExit is not present inside the contents list, we | |
# can return True since the default behavior for firewalld is to consider | |
# CleanupModulesOnExit as true. | |
if "CleanupModulesOnExit" not in contents: | |
logger.debug( | |
"Couldn't find CleanupModulesOnExit in firewalld.conf. Treating it as enabled because of default behavior." | |
) | |
return True | |
# If the config file has this option set to true/yes, then we need to | |
# return True to ask the user to change it to False. | |
if list(filter(CLEANUP_MODULES_ON_EXIT_REGEX.match, contents)): | |
logger.debug("CleanupModulesOnExit option enabled in %s" % FIREWALLD_CONFIG_FILE) | |
return True | |
# Default to return False as it is possible that the CleanupModulesOnExit | |
# is set to no in the config already. | |
return False |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment