Class: Inspec::Resources::AuditDaemon

Inherits:

Object

• Object
• Inspec::Resources::AuditDaemon

Extended by:

Forwardable

Defined in:

lib/resources/auditd.rb

Instance Attribute Summary

• #lines ⇒ Object

  Returns the value of attribute lines.

• #params ⇒ Object readonly

  Returns the value of attribute params.

Instance Method Summary

• #file_rules_for(line) ⇒ Object
• #file_syscall_syntax_rules_for(line) ⇒ Object
• #initialize ⇒ AuditDaemon constructor

  A new instance of AuditDaemon.

• #parse_content ⇒ Object
• #status(name = nil) ⇒ Object
• #syscall_rules_for(line) ⇒ Object
• #to_s ⇒ Object

Constructor Details

#initialize ⇒ AuditDaemon

Returns a new instance of AuditDaemon.

# File 'lib/resources/auditd.rb', line 32

def initialize
  @content = inspec.command('/sbin/auditctl -l').stdout.chomp
  @params = []

  if @content =~ /^LIST_RULES:/
    return skip_resource 'The version of audit is outdated. The `auditd` resource supports versions of audit >= 2.3.'
  end
  parse_content
end

Instance Attribute Details

#lines ⇒ Object

Returns the value of attribute lines.

# File 'lib/resources/auditd.rb', line 11

def lines
  @lines
end

#params ⇒ Object (readonly)

Returns the value of attribute params.

# File 'lib/resources/auditd.rb', line 12

def params
  @params
end

Instance Method Details

#file_rules_for(line) ⇒ Object

# File 'lib/resources/auditd.rb', line 134

def file_rules_for(line)
  file = file_for(line)
  perms = permissions_for(line)
  key = key_for(line)

  @params.push(
    {
      'file' => file,
      'key' => key,
      'permissions' => perms,
    },
  )
end

#file_syscall_syntax_rules_for(line) ⇒ Object

# File 'lib/resources/auditd.rb', line 84

def file_syscall_syntax_rules_for(line)
  file = file_syscall_syntax_for(line)
  action, list = action_list_for(line)
  fields = rule_fields_for(line)
  key_field, fields_nokey = remove_key_from(fields)
  key = key_in(key_field.join(''))
  perms = perms_in(fields)

  @params.push(
    {
      'file' => file,
      'list' => list,
      'action' => action,
      'fields' => fields,
      'permissions' => perms,
      'key' => key,
      'fields_nokey' => fields_nokey,
    },
  )
end

#parse_content ⇒ Object

# File 'lib/resources/auditd.rb', line 67

def parse_content
  @lines = @content.lines.map(&:chomp)

  lines.each do |line|
    if is_file_syscall_syntax?(line)
      file_syscall_syntax_rules_for(line)
    end

    if is_syscall?(line)
      syscall_rules_for(line)

    elsif is_file?(line)
      file_rules_for(line)
    end
  end
end

#status(name = nil) ⇒ Object

# File 'lib/resources/auditd.rb', line 59

def status(name = nil)
  @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp
  @status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)]

  return @status_params[name] if name
  @status_params
end

#syscall_rules_for(line) ⇒ Object

# File 'lib/resources/auditd.rb', line 105

def syscall_rules_for(line)
  syscalls = syscalls_for(line)
  action, list = action_list_for(line)
  fields = rule_fields_for(line)
  key_field, fields_nokey = remove_key_from(fields)
  key = key_in(key_field.join(''))
  arch = arch_in(fields)
  path = path_in(fields)
  perms = perms_in(fields)
  exit_field = exit_in(fields)

  syscalls.each do |s|
    @params.push(
      {
        'syscall' => s,
        'list' => list,
        'action' => action,
        'fields' => fields,
        'key' => key,
        'arch' => arch,
        'path' => path,
        'permissions' => perms,
        'exit' => exit_field,
        'fields_nokey' => fields_nokey,
      },
    )
  end
end

#to_s ⇒ Object

# File 'lib/resources/auditd.rb', line 148

def to_s
  'Auditd Rules'
end