Class: Inspec::Resources::AuditDaemon
- Inherits:
-
Object
- Object
- Inspec::Resources::AuditDaemon
- Extended by:
- Forwardable
- Defined in:
- lib/resources/auditd.rb
Instance Attribute Summary collapse
-
#lines ⇒ Object
Returns the value of attribute lines.
-
#params ⇒ Object
readonly
Returns the value of attribute params.
Instance Method Summary collapse
- #file_rules_for(line) ⇒ Object
- #file_syscall_syntax_rules_for(line) ⇒ Object
-
#initialize ⇒ AuditDaemon
constructor
A new instance of AuditDaemon.
- #parse_content ⇒ Object
- #status(name = nil) ⇒ Object
- #syscall_rules_for(line) ⇒ Object
- #to_s ⇒ Object
Constructor Details
#initialize ⇒ AuditDaemon
Returns a new instance of AuditDaemon.
32 33 34 35 36 37 38 39 40 |
# File 'lib/resources/auditd.rb', line 32 def initialize @content = inspec.command('/sbin/auditctl -l').stdout.chomp @params = [] if @content =~ /^LIST_RULES:/ return skip_resource 'The version of audit is outdated. The `auditd` resource supports versions of audit >= 2.3.' end parse_content end |
Instance Attribute Details
#lines ⇒ Object
Returns the value of attribute lines.
11 12 13 |
# File 'lib/resources/auditd.rb', line 11 def lines @lines end |
#params ⇒ Object (readonly)
Returns the value of attribute params.
12 13 14 |
# File 'lib/resources/auditd.rb', line 12 def params @params end |
Instance Method Details
#file_rules_for(line) ⇒ Object
134 135 136 137 138 139 140 141 142 143 144 145 146 |
# File 'lib/resources/auditd.rb', line 134 def file_rules_for(line) file = file_for(line) perms = (line) key = key_for(line) @params.push( { 'file' => file, 'key' => key, 'permissions' => perms, }, ) end |
#file_syscall_syntax_rules_for(line) ⇒ Object
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/resources/auditd.rb', line 84 def file_syscall_syntax_rules_for(line) file = file_syscall_syntax_for(line) action, list = action_list_for(line) fields = rule_fields_for(line) key_field, fields_nokey = remove_key_from(fields) key = key_in(key_field.join('')) perms = perms_in(fields) @params.push( { 'file' => file, 'list' => list, 'action' => action, 'fields' => fields, 'permissions' => perms, 'key' => key, 'fields_nokey' => fields_nokey, }, ) end |
#parse_content ⇒ Object
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/resources/auditd.rb', line 67 def parse_content @lines = @content.lines.map(&:chomp) lines.each do |line| if is_file_syscall_syntax?(line) file_syscall_syntax_rules_for(line) end if is_syscall?(line) syscall_rules_for(line) elsif is_file?(line) file_rules_for(line) end end end |
#status(name = nil) ⇒ Object
59 60 61 62 63 64 65 |
# File 'lib/resources/auditd.rb', line 59 def status(name = nil) @status_content ||= inspec.command('/sbin/auditctl -s').stdout.chomp @status_params ||= Hash[@status_content.scan(/^([^ ]+) (.*)$/)] return @status_params[name] if name @status_params end |
#syscall_rules_for(line) ⇒ Object
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 |
# File 'lib/resources/auditd.rb', line 105 def syscall_rules_for(line) syscalls = syscalls_for(line) action, list = action_list_for(line) fields = rule_fields_for(line) key_field, fields_nokey = remove_key_from(fields) key = key_in(key_field.join('')) arch = arch_in(fields) path = path_in(fields) perms = perms_in(fields) exit_field = exit_in(fields) syscalls.each do |s| @params.push( { 'syscall' => s, 'list' => list, 'action' => action, 'fields' => fields, 'key' => key, 'arch' => arch, 'path' => path, 'permissions' => perms, 'exit' => exit_field, 'fields_nokey' => fields_nokey, }, ) end end |
#to_s ⇒ Object
148 149 150 |
# File 'lib/resources/auditd.rb', line 148 def to_s 'Auditd Rules' end |