Class: Inspec::Resources::AuditDaemon
- Inherits:
-
Object
- Object
- Inspec::Resources::AuditDaemon
- Extended by:
- Forwardable
- Defined in:
- lib/resources/auditd.rb
Instance Attribute Summary collapse
-
#lines ⇒ Object
Returns the value of attribute lines.
-
#params ⇒ Object
readonly
Returns the value of attribute params.
Instance Method Summary collapse
- #file_rules_for(line) ⇒ Object
- #file_syscall_syntax_rules_for(line) ⇒ Object
-
#initialize ⇒ AuditDaemon
constructor
A new instance of AuditDaemon.
- #parse_content ⇒ Object
- #status(name = nil) ⇒ Object
- #syscall_rules_for(line) ⇒ Object
- #to_s ⇒ Object
Constructor Details
#initialize ⇒ AuditDaemon
Returns a new instance of AuditDaemon.
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/resources/auditd.rb', line 32 def initialize unless inspec.command('/sbin/auditctl').exist? raise Inspec::Exceptions::ResourceFailed, 'Command `/sbin/auditctl` does not exist' end auditctl_cmd = '/sbin/auditctl -l' result = inspec.command(auditctl_cmd) if result.exit_status != 0 raise Inspec::Exceptions::ResourceFailed, "Command `#{auditctl_cmd}` failed with error: #{result.stderr}" end @content = result.stdout @params = [] if @content =~ /^LIST_RULES:/ raise Inspec::Exceptions::RsourceFailed, 'The version of audit is outdated.' \ 'The `auditd` resource supports versions of audit >= 2.3.' end parse_content end |
Instance Attribute Details
#lines ⇒ Object
Returns the value of attribute lines.
11 12 13 |
# File 'lib/resources/auditd.rb', line 11 def lines @lines end |
#params ⇒ Object (readonly)
Returns the value of attribute params.
12 13 14 |
# File 'lib/resources/auditd.rb', line 12 def params @params end |
Instance Method Details
#file_rules_for(line) ⇒ Object
155 156 157 158 159 160 161 162 163 164 165 166 167 |
# File 'lib/resources/auditd.rb', line 155 def file_rules_for(line) file = file_for(line) perms = (line) key = key_for(line) @params.push( { 'file' => file, 'key' => key, 'permissions' => perms, }, ) end |
#file_syscall_syntax_rules_for(line) ⇒ Object
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/resources/auditd.rb', line 105 def file_syscall_syntax_rules_for(line) file = file_syscall_syntax_for(line) action, list = action_list_for(line) fields = rule_fields_for(line) key_field, fields_nokey = remove_key_from(fields) key = key_in(key_field.join('')) perms = perms_in(fields) @params.push( { 'file' => file, 'list' => list, 'action' => action, 'fields' => fields, 'permissions' => perms, 'key' => key, 'fields_nokey' => fields_nokey, }, ) end |
#parse_content ⇒ Object
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/resources/auditd.rb', line 88 def parse_content @lines = @content.lines.map(&:chomp) lines.each do |line| if is_file_syscall_syntax?(line) file_syscall_syntax_rules_for(line) end if is_syscall?(line) syscall_rules_for(line) elsif is_file?(line) file_rules_for(line) end end end |
#status(name = nil) ⇒ Object
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/resources/auditd.rb', line 72 def status(name = nil) @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp # See: https://github.com/inspec/inspec/issues/3113 if @status_content =~ /^AUDIT_STATUS/ @status_content = @status_content.gsub('AUDIT_STATUS: ', '') .tr(' ', "\n") .tr('=', ' ') end @status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)] return @status_params[name] if name @status_params end |
#syscall_rules_for(line) ⇒ Object
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
# File 'lib/resources/auditd.rb', line 126 def syscall_rules_for(line) syscalls = syscalls_for(line) action, list = action_list_for(line) fields = rule_fields_for(line) key_field, fields_nokey = remove_key_from(fields) key = key_in(key_field.join('')) arch = arch_in(fields) path = path_in(fields) perms = perms_in(fields) exit_field = exit_in(fields) syscalls.each do |s| @params.push( { 'syscall' => s, 'list' => list, 'action' => action, 'fields' => fields, 'key' => key, 'arch' => arch, 'path' => path, 'permissions' => perms, 'exit' => exit_field, 'fields_nokey' => fields_nokey, }, ) end end |
#to_s ⇒ Object
169 170 171 |
# File 'lib/resources/auditd.rb', line 169 def to_s 'Auditd Rules' end |