Class: LinuxAdmin::Scap

Inherits:

Object

Object
LinuxAdmin::Scap

Defined in:: lib/linux_admin/scap.rb

Constant Summary collapse

PROFILE_ID =

"xccdf_org.ssgproject.content_profile_linux-admin-scap".freeze

SSG_XML_PATH =

Pathname.new("/usr/share/xml/scap/ssg/content/")

Instance Attribute Summary collapse

#platform ⇒ Object readonly

Returns the value of attribute platform.

Class Method Summary collapse

Instance Method Summary collapse

#initialize(platform) ⇒ Scap constructor

A new instance of Scap.
#lockdown(*args) ⇒ Object
#lockdown_profile(ds_path, profile_id) ⇒ Object

Constructor Details

#initialize(platform) ⇒ `Scap`

Returns a new instance of Scap.



25
26
27

# File 'lib/linux_admin/scap.rb', line 25

def initialize(platform)
  @platform = platform
end

Instance Attribute Details

#platform ⇒ `Object` (readonly)

Returns the value of attribute platform.



8
9
10

# File 'lib/linux_admin/scap.rb', line 8

def platform
  @platform
end

Class Method Details

.ds_file(platform) ⇒ `Object`



21
22
23

# File 'lib/linux_admin/scap.rb', line 21

def self.ds_file(platform)
  SSG_XML_PATH.join("ssg-#{platform}-ds.xml")
end

.openscap_available? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/linux_admin/scap.rb', line 10

def self.openscap_available?
  require 'openscap'
  true
rescue LoadError
  false
end

.ssg_available?(platform) ⇒ `Boolean`

Returns:

(Boolean)



17
18
19

# File 'lib/linux_admin/scap.rb', line 17

def self.ssg_available?(platform)
  ds_file(platform).exist?
end

Instance Method Details

#lockdown(*args) ⇒ `Object`

# File 'lib/linux_admin/scap.rb', line 29

def lockdown(*args)
  raise "OpenSCAP not available" unless self.class.openscap_available?
  raise "SCAP Security Guide not available" unless self.class.ssg_available?(platform)

  values = args.last.kind_of?(Hash) ? args.pop : {}
  rules = args

  raise "No SCAP rules provided" if rules.empty?

  with_ds_file(rules, values) do |path|
    lockdown_profile(path, PROFILE_ID)
  end
end

#lockdown_profile(ds_path, profile_id) ⇒ `Object`

# File 'lib/linux_admin/scap.rb', line 43

def lockdown_profile(ds_path, profile_id)
  raise "OpenSCAP not available" unless self.class.openscap_available?

  session = OpenSCAP::Xccdf::Session.new(ds_path)
  session.load
  session.profile = profile_id
  session.evaluate
  session.remediate
ensure
  session.destroy if session
end

Class: LinuxAdmin::Scap

Constant Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(platform) ⇒ Scap

Instance Attribute Details

#platform ⇒ Object (readonly)

Class Method Details

.ds_file(platform) ⇒ Object

.openscap_available? ⇒ Boolean

.ssg_available?(platform) ⇒ Boolean

Instance Method Details

#lockdown(*args) ⇒ Object

#lockdown_profile(ds_path, profile_id) ⇒ Object

#initialize(platform) ⇒ `Scap`

#platform ⇒ `Object` (readonly)

.ds_file(platform) ⇒ `Object`

.openscap_available? ⇒ `Boolean`

.ssg_available?(platform) ⇒ `Boolean`

#lockdown(*args) ⇒ `Object`

#lockdown_profile(ds_path, profile_id) ⇒ `Object`