Class: Inspec::Resources::AuditDaemonRules
- Inherits:
-
Object
- Object
- Inspec::Resources::AuditDaemonRules
- Extended by:
- Forwardable
- Defined in:
- lib/resources/auditd_rules.rb
Overview
rubocop:disable Metrics/ClassLength
Instance Attribute Summary collapse
-
#lines ⇒ Object
Returns the value of attribute lines.
-
#rules ⇒ Object
Returns the value of attribute rules.
Instance Method Summary collapse
- #file(name) ⇒ Object
-
#initialize ⇒ AuditDaemonRules
constructor
A new instance of AuditDaemonRules.
-
#key(name) ⇒ Object
both files and syscalls have ‘key` identifiers.
-
#LIST_RULES ⇒ Object
non-legacy instances are not asked for ‘its(’LIST_RULES’)‘ rubocop:disable Style/MethodName.
- #parse_content ⇒ Object
- #status(name = nil) ⇒ Object
- #syscall(name) ⇒ Object
- #to_s ⇒ Object
Constructor Details
#initialize ⇒ AuditDaemonRules
Returns a new instance of AuditDaemonRules.
78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/resources/auditd_rules.rb', line 78 def initialize @content = inspec.command('/sbin/auditctl -l').stdout.chomp if @content =~ /^LIST_RULES:/ # do not warn on centos 5 unless inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5 warn '[WARN] this version of auditd is outdated. Updating it allows for using more precise matchers.' end @legacy = AuditdRulesLegacy.new(@content) else parse_content end end |
Instance Attribute Details
#lines ⇒ Object
Returns the value of attribute lines.
51 52 53 |
# File 'lib/resources/auditd_rules.rb', line 51 def lines @lines end |
#rules ⇒ Object
Returns the value of attribute rules.
51 52 53 |
# File 'lib/resources/auditd_rules.rb', line 51 def rules @rules end |
Instance Method Details
#file(name) ⇒ Object
140 141 142 |
# File 'lib/resources/auditd_rules.rb', line 140 def file(name) select_name(:file, name) end |
#key(name) ⇒ Object
both files and syscalls have ‘key` identifiers
145 146 147 148 |
# File 'lib/resources/auditd_rules.rb', line 145 def key(name) res = rules.values.flatten.find_all { |rule| rule[:key] == name } FilterArray.new(res) end |
#LIST_RULES ⇒ Object
non-legacy instances are not asked for ‘its(’LIST_RULES’)‘ rubocop:disable Style/MethodName
94 95 96 97 |
# File 'lib/resources/auditd_rules.rb', line 94 def LIST_RULES return @legacy.LIST_RULES if @legacy fail 'Using legacy auditd_rules LIST_RULES interface with non-legacy audit package. Please use the new syntax.' end |
#parse_content ⇒ Object
109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 |
# File 'lib/resources/auditd_rules.rb', line 109 def parse_content @rules = { syscalls: [], files: [], } @lines = @content.lines.map(&:chomp) lines.each do |line| if is_syscall?(line) syscalls = get_syscalls line action, list = get_action_list line fields, opts = get_fields line # create a 'flatter' structure because sanity syscalls.each do |s| @rules[:syscalls] << { syscall: s, list: list, action: action, fields: fields }.merge(opts) end elsif is_file?(line) file = get_file line perms = line key = get_key line @rules[:files] << { file: file, key: key, permissions: perms } end end end |
#status(name = nil) ⇒ Object
99 100 101 102 103 104 105 106 107 |
# File 'lib/resources/auditd_rules.rb', line 99 def status(name = nil) return @legacy.status(name) if @legacy @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp @status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)] return @status_params[name] if name @status_params end |
#syscall(name) ⇒ Object
136 137 138 |
# File 'lib/resources/auditd_rules.rb', line 136 def syscall(name) select_name(:syscall, name) end |
#to_s ⇒ Object
150 151 152 |
# File 'lib/resources/auditd_rules.rb', line 150 def to_s 'Audit Daemon Rules' end |