Class: Pipeline::FIM
Instance Attribute Summary
Attributes inherited from BaseTask
#appname, #description, #findings, #labels, #name, #stage, #trigger, #warnings
Instance Method Summary
collapse
Methods inherited from BaseTask
#report, #severity, #warn
Constructor Details
#initialize(trigger, tracker) ⇒ FIM
10
11
12
13
14
15
16
17
|
# File 'lib/pipeline/tasks/fim.rb', line 10
def initialize(trigger, tracker)
super(trigger,tracker)
@name = "FIM"
@description = "File integrity monitor"
@stage = :file
@result = ''
@labels << "filesystem"
end
|
Instance Method Details
#analyze ⇒ Object
47
48
49
50
51
52
53
54
|
# File 'lib/pipeline/tasks/fim.rb', line 47
def analyze
list = @result.split(/\n/)
list.each do |v|
Pipeline.notify v
report "File changed.", v, @name, :low
end
end
|
#run ⇒ Object
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# File 'lib/pipeline/tasks/fim.rb', line 19
def run
Pipeline.notify "#{@name}"
rootpath = @trigger.path
if File.exists?("/area81/tmp/#{rootpath}/filehash")
Pipeline.notify "File Hashes found, comparing to file system"
cmd="hashdeep -j99 -r -a -vv -k /area81/tmp/#{rootpath}/filehash #{rootpath}"
r=/(.*): No match/
Open3.popen3(cmd) do |stdin, stdout, stderr, wait_thr|
while line = stdout.gets
if line.match r
@result << line
end
end
end
else
Pipeline.notify "No existing baseline - generating initial hashes"
cmd="mkdir -p /area81/tmp/#{rootpath}; hashdeep -j99 -r #{rootpath} > /area81/tmp/#{rootpath}/filehash"
Open3.popen3(cmd) do |stdin, stdout, stderr, wait_thr|
while line = stdout.gets
puts "."
end
end
@result = ''
end
end
|
#supported? ⇒ Boolean
56
57
58
59
|
# File 'lib/pipeline/tasks/fim.rb', line 56
def supported?
return true
end
|