109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
# File 'lib/resources/auditd_rules.rb', line 109
def parse_content
@rules = {
syscalls: [],
files: [],
}
@lines = @content.lines.map(&:chomp)
lines.each do |line|
if is_syscall?(line)
syscalls = get_syscalls line
action, list = get_action_list line
fields, opts = get_fields line
syscalls.each do |s|
@rules[:syscalls] << { syscall: s, list: list, action: action, fields: fields }.merge(opts)
end
elsif is_file?(line)
file = get_file line
perms = get_permissions line
key = get_key line
@rules[:files] << { file: file, key: key, permissions: perms }
end
end
end
|