detecting installer iptables and firewalld with if conditions / bash

Question

Creating script to detect

installer (yum or apt-get)
iptables
firewalld

Current system:

Debian 8
iptables NOT installed
firewalld NOT installed

Theoretically it must be working, but missing something:

#!/bin/bash
installer_check () {
  if [[ $(apt-get -V >/dev/null 2>&1) -eq 0 ]]; then
    installer=apt
  elif [[ $(yum --version >/dev/null 2>&1) -eq 0 ]]; then
    installer=yum
  fi
}

frw_det_yum () {
  if [[ $(rpm -qa iptables >/dev/null 2>&1) -ne 0 ]]; then
    ipt_status_y=installed_none
  elif [[ $(rpm -qa firewalld >/dev/null 2>&1) -ne 0 ]]; then
    frd_status_y=installed_none
  fi
}

frw_det_apt () {
  if [[ $(dpkg -s iptables >/dev/null 2>&1) -ne 0 ]]; then
    ipt_status_a=installed_none
  elif [[ $(dpkg -s firewalld >/dev/null 2>&1) -ne 0 ]]; then
    frd_status_a=installed_none
  fi
}

echo "checking installer"
installer_check
echo -e "$installer detected"

if [ "$installer" = "yum" ]; then
  echo "runing firewallcheck for yum"
  frw_det_yum
  echo $ipt_status
fi

if  [ "$installer" = "apt" ]; then
  echo "checking installer for apt"
  frw_det_apt
  echo $frd_status_a
fi

output I'm getting:

~# ./script
checking installer
apt detected
checking installer for apt

So in this current system I'm not getting any value for $frd_status_a

"`if [[ $(rpm -qa iptables >/dev/null 2>&1) -ne 0 ]]; then`" What? — Ignacio Vazquez-Abrams, Apr 02 '17 at 17:26
Checking a command's *output* and checking its *exit status* are entirely different things. `if rpm -q iptables >/dev/null 2>&1; then ...` is sufficient to determine whether a package is installed, relying on exit status alone. No `[[ ]]`, no `$()`. — Charles Duffy, Apr 02 '17 at 17:36
@Charles Duffy I had it that way at the beginning, but still wasn't able to get an output, so simplified this way to avoid any confusion first .... but still can't get output — , Apr 02 '17 at 17:40
"Simplified" it ain't. You're testing a completely different thing. — Charles Duffy, Apr 02 '17 at 17:41
Anyhow, if you truly want to simplify, take out all the code not directly mandatory to show the bug your question is, at its core, about. http://stackoverflow.com/help/mcve discusses that process. — Charles Duffy, Apr 02 '17 at 17:42
# dpkg -s iptables >/dev/null 2>&1 has output of 127 #echo $? output 127, its not a 0, right , why should I get ipt_status_y=installed_none executed, ? so echo $ipt_status_a I understand should give an output of installed_none .... — , Apr 02 '17 at 17:49
If `dpkg -s iptables` gives an exit status of 127, then `if ! dpkg -s iptables; then ...` will execute. It **doesn't** tell you anything at all about what `if [[ $(dpkg -s iptables >/dev/null 2>&1) -ne 0 ]]` will do, because that latter one is testing the **stdout** of the `dpkg` command, not the exit status. — Charles Duffy, Apr 02 '17 at 17:51

score 0 · Accepted Answer · answered Apr 02 '17 at 17:46

You expect the body of the following to be invoked if firewalld is not installed:

if [[ $(dpkg -s firewalld >/dev/null 2>&1) -ne 0 ]]; then
  frd_status_a=installed_none
fi

However, let's look at what this actually does:

redirect stdout and stderr of the command dpkg -s firewalld to /dev/null
capture the stdout of that command, and compare it numerically to the value 0
If the stdout of that command (which has no stdout because you redirected it) has a numeric value other than 0, then we set the flag.

Of course that flag will never be set, no matter what the dpkg command does when it's invoked, and no matter what its output is.

Consider instead:

if ! dpkg-query -l firewalld; then
  frd_status_a=installed_none
fi

detecting installer iptables and firewalld with if conditions / bash

1 Answers1