2015-04-09 20:01:23 +00:00
# encoding: utf-8
2015-07-15 13:15:18 +00:00
# copyright: 2015, Vulcano Security GmbH
2015-10-06 16:55:44 +00:00
# author: Dominik Richter
2015-04-09 20:01:23 +00:00
# license: All rights reserved
2015-09-30 10:19:55 +00:00
require 'utils/simpleconfig'
2015-08-03 03:11:01 +00:00
require 'utils/find_files'
2015-09-10 09:26:04 +00:00
require 'utils/hash'
2015-08-01 07:31:57 +00:00
require 'resources/mysql'
2015-04-09 20:01:23 +00:00
2015-06-22 13:51:44 +00:00
class MysqlConfEntry
2015-09-03 18:43:58 +00:00
def initialize ( path , params )
2015-06-22 13:51:44 +00:00
@params = params
@path = path
end
2015-08-28 19:41:48 +00:00
2015-09-09 16:37:16 +00:00
def method_missing ( name , * _ )
2015-06-22 13:51:44 +00:00
k = name . to_s
res = @params [ k ]
return true if res . nil? && @params . key? ( k )
@params [ k ]
end
2015-08-28 19:41:48 +00:00
2015-06-22 13:51:44 +00:00
def to_s
" MySQL Config entry [ #{ @path . join ( ' ' ) } ] "
end
end
2015-10-26 03:04:18 +00:00
class MysqlConf < Inspec . resource ( 1 )
2015-08-28 19:41:48 +00:00
name 'mysql_conf'
2015-11-27 13:02:38 +00:00
desc 'Use the mysql_conf InSpec audit resource to test the contents of the configuration file for MySQL, typically located at /etc/mysql/my.cnf or /etc/my.cnf.'
example "
describe mysql_conf ( 'path' ) do
its ( 'setting' ) { should eq 'value' }
end
"
2015-04-09 20:01:23 +00:00
2015-09-10 09:19:29 +00:00
include FindFiles
2015-10-26 15:58:42 +00:00
def initialize ( conf_path = nil )
@conf_path = conf_path || inspec . mysql . conf_path
2015-04-09 20:01:23 +00:00
@files_contents = { }
@content = nil
@params = nil
read_content
end
def content
@content || = read_content
end
2015-09-03 18:43:58 +00:00
def params ( * opts )
2015-04-09 20:01:23 +00:00
@params || read_content
res = @params
opts . each do | opt |
res = res [ opt ] unless res . nil?
end
2015-06-22 13:51:44 +00:00
MysqlConfEntry . new ( opts , res )
end
2015-09-03 18:43:58 +00:00
def method_missing ( name )
2015-06-22 13:51:44 +00:00
@params || read_content
@params [ name . to_s ]
2015-04-09 20:01:23 +00:00
end
def read_content
2015-09-03 21:18:28 +00:00
@content = ''
2015-04-09 20:01:23 +00:00
@params = { }
2015-08-03 03:27:34 +00:00
# skip if the main configuration file doesn't exist
2015-10-26 03:04:18 +00:00
if ! inspec . file ( @conf_path ) . file?
2015-08-03 03:27:34 +00:00
return skip_resource " Can't find file \" #{ @conf_path } \" "
end
2015-08-03 03:35:18 +00:00
raw_conf = read_file ( @conf_path )
2015-10-26 03:04:18 +00:00
if raw_conf . empty? && inspec . file ( @conf_path ) . size > 0
2015-08-03 03:35:18 +00:00
return skip_resource ( " Can't read file \" #{ @conf_path } \" " )
end
2015-08-03 03:27:34 +00:00
2015-04-09 20:01:23 +00:00
to_read = [ @conf_path ]
2015-09-09 16:37:16 +00:00
until to_read . empty?
2015-09-10 09:19:29 +00:00
cur_file = to_read [ 0 ]
raw_conf = read_file ( cur_file )
2015-04-09 20:01:23 +00:00
@content += raw_conf
2015-06-22 13:51:44 +00:00
2015-09-30 10:19:55 +00:00
params = SimpleConfig . new ( raw_conf ) . params
2015-09-10 09:26:04 +00:00
@params = @params . deep_merge ( params )
2015-04-09 20:01:23 +00:00
to_read = to_read . drop ( 1 )
# see if there is more stuff to include
2015-09-09 17:15:51 +00:00
2015-09-10 09:19:29 +00:00
dir = File . dirname ( cur_file )
to_read += include_files ( dir , raw_conf ) . find_all do | fp |
2015-04-09 20:01:23 +00:00
not @files_contents . key? fp
end
end
#
@content
end
2015-09-10 09:19:29 +00:00
def include_files ( reldir , conf )
files = conf . scan ( / ^!include \ s+(.*) \ s* / ) . flatten . compact . map { | x | abs_path ( reldir , x ) }
dirs = conf . scan ( / ^!includedir \ s+(.*) \ s* / ) . flatten . compact . map { | x | abs_path ( reldir , x ) }
2015-09-09 17:15:51 +00:00
dirs . map do | dir |
# @TODO: non local glob
2015-09-10 09:19:29 +00:00
files += find_files ( dir , depth : 1 , type : 'file' )
2015-09-09 17:15:51 +00:00
end
files
end
2015-09-10 09:19:29 +00:00
def abs_path ( dir , f )
return f if f . start_with? '/'
File . join ( dir , f )
end
2015-04-09 20:01:23 +00:00
def read_file ( path )
2015-10-26 03:04:18 +00:00
@files_contents [ path ] || = inspec . file ( path ) . content
2015-04-09 20:01:23 +00:00
end
2015-10-12 11:01:58 +00:00
def to_s
'MySQL Configuration'
end
2015-04-09 20:01:23 +00:00
end