Class: LinuxAdmin::Scap
- Inherits:
-
Object
- Object
- LinuxAdmin::Scap
- Defined in:
- lib/linux_admin/scap.rb
Constant Summary collapse
- PROFILE_ID =
"xccdf_org.ssgproject.content_profile_linux-admin-scap".freeze
- SSG_XML_PATH =
Pathname.new("/usr/share/xml/scap/ssg/content/")
Instance Attribute Summary collapse
-
#platform ⇒ Object
readonly
Returns the value of attribute platform.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(platform) ⇒ Scap
constructor
A new instance of Scap.
- #lockdown(*args) ⇒ Object
- #lockdown_profile(ds_path, profile_id) ⇒ Object
Constructor Details
#initialize(platform) ⇒ Scap
Returns a new instance of Scap.
25 26 27 |
# File 'lib/linux_admin/scap.rb', line 25 def initialize(platform) @platform = platform end |
Instance Attribute Details
#platform ⇒ Object (readonly)
Returns the value of attribute platform.
8 9 10 |
# File 'lib/linux_admin/scap.rb', line 8 def platform @platform end |
Class Method Details
.ds_file(platform) ⇒ Object
21 22 23 |
# File 'lib/linux_admin/scap.rb', line 21 def self.ds_file(platform) SSG_XML_PATH.join("ssg-#{platform}-ds.xml") end |
.openscap_available? ⇒ Boolean
10 11 12 13 14 15 |
# File 'lib/linux_admin/scap.rb', line 10 def self.openscap_available? require 'openscap' true rescue LoadError false end |
.ssg_available?(platform) ⇒ Boolean
17 18 19 |
# File 'lib/linux_admin/scap.rb', line 17 def self.ssg_available?(platform) ds_file(platform).exist? end |
Instance Method Details
#lockdown(*args) ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/linux_admin/scap.rb', line 29 def lockdown(*args) raise "OpenSCAP not available" unless self.class.openscap_available? raise "SCAP Security Guide not available" unless self.class.ssg_available?(platform) values = args.last.kind_of?(Hash) ? args.pop : {} rules = args raise "No SCAP rules provided" if rules.empty? with_ds_file(rules, values) do |path| lockdown_profile(path, PROFILE_ID) end end |
#lockdown_profile(ds_path, profile_id) ⇒ Object
43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/linux_admin/scap.rb', line 43 def lockdown_profile(ds_path, profile_id) raise "OpenSCAP not available" unless self.class.openscap_available? session = OpenSCAP::Xccdf::Session.new(ds_path) session.load session.profile = profile_id session.evaluate session.remediate ensure session.destroy if session end |