wtf icon indicating copy to clipboard operation
wtf copied to clipboard
verified publisher icon wtfutil

feat: module/security - support iptables and nftables detection without higher privileges

Open toby-bro opened this issue 9 months ago • 2 comments

Change the detection method for ufw so as not to be obliged to change privileges such as described in the documentation
https://github.com/wtfutil/wtfdocs/blob/8af8a1a46c81d993d09d1108a04bf493188328d9/docs/modules/security.md?plain=1#L52-L53

Check the status of firewalls with systemctl after having checked which are installed.

Will update the documentation if accepted

closes https://github.com/wtfutil/wtf/issues/1717

toby-bro avatar Mar 29 '25 16:03 toby-bro

It passes the CI once https://github.com/wtfutil/wtf/pull/1720 is merged

toby-bro avatar Mar 29 '25 16:03 toby-bro

Oh and it also closes #1700

toby-bro avatar Apr 03 '25 15:04 toby-bro

Just rebased as #1700 was merged (to solve any merge conflicts) if @docsmooth finds that systemctl is not sufficient then I guess I can revert the method used to check if ufw is running...

toby-bro avatar Jun 28 '25 07:06 toby-bro

btw I thought of two improvements for this PR:

  • support the absence of systemctl...
  • support macos specific firewalls, if there are any mac users of this project I have no idea how firewalls work on macOS so did not add specifics for them. But if anyone has a mac I guess there must be equivalents. But I suppose as long as no one opens an issue on any of these problems then adressing them is not that important :sweat_smile:

toby-bro avatar Jun 28 '25 07:06 toby-bro

Just tested the PR. Looks good. 👍🏽 Down the line, I'm hoping we had more functionality like this, modules that support multiple alternatives, rather than one module per alternative. Great stuff.

This is scheduled to be in the next minor release, v0.46.0.

FelicianoTech avatar Jul 12 '25 19:07 FelicianoTech