2015-07-26 20:44:01 +00:00
|
|
|
# encoding: utf-8
|
|
|
|
# copyright: 2015, Vulcano Security GmbH
|
|
|
|
# license: All rights reserved
|
|
|
|
|
2015-09-05 21:07:34 +00:00
|
|
|
# Usage:
|
|
|
|
# describe audit_daemon_rules do
|
|
|
|
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=adjtimex,settimeofday/) }
|
|
|
|
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=stime,settimeofday,adjtimex/) }
|
|
|
|
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=clock_settime/)}
|
|
|
|
# its("LIST_RULES") {should contain_match(/^exit,always watch=\/etc\/localtime perm=wa key=time-change/)}
|
|
|
|
# end
|
|
|
|
|
2015-08-28 23:04:52 +00:00
|
|
|
class AuditDaemonRules < Vulcano.resource(1)
|
|
|
|
name 'audit_daemon_rules'
|
2015-07-26 20:44:01 +00:00
|
|
|
|
|
|
|
def initialize
|
2015-09-03 21:18:28 +00:00
|
|
|
@content = vulcano.run_command('/sbin/auditctl -l').stdout.chomp
|
2015-07-26 20:44:01 +00:00
|
|
|
|
|
|
|
@opts = {
|
|
|
|
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
|
|
|
multiple_values: true
|
|
|
|
}
|
2015-08-28 23:04:52 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def params
|
|
|
|
@params ||= SimpleConfig.new(@content, @opts).params
|
2015-07-26 20:44:01 +00:00
|
|
|
end
|
|
|
|
|
2015-09-03 18:43:58 +00:00
|
|
|
def method_missing(name)
|
2015-08-28 23:04:52 +00:00
|
|
|
params[name.to_s]
|
2015-07-26 20:44:01 +00:00
|
|
|
end
|
|
|
|
|
2015-09-03 18:43:58 +00:00
|
|
|
def status(name)
|
2015-07-26 20:44:01 +00:00
|
|
|
@status_opts = {
|
|
|
|
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
|
|
|
|
multiple_values: false
|
|
|
|
}
|
2015-09-03 21:18:28 +00:00
|
|
|
@status_content ||= vulcano.run_command('/sbin/auditctl -s').stdout.chomp
|
2015-07-26 20:44:01 +00:00
|
|
|
@status_params = SimpleConfig.new(@status_content, @status_opts).params
|
2015-09-03 18:35:23 +00:00
|
|
|
status = @status_params['AUDIT_STATUS']
|
2015-07-26 20:44:01 +00:00
|
|
|
if (status == nil) then return nil end
|
|
|
|
|
|
|
|
items = Hash[status.scan(/([^=]+)=(\w*)\s*/)]
|
2015-09-03 18:45:37 +00:00
|
|
|
items[name]
|
2015-07-26 20:44:01 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def to_s
|
2015-08-28 23:04:52 +00:00
|
|
|
'Audit Daemon Rules'
|
2015-07-26 20:44:01 +00:00
|
|
|
end
|
|
|
|
end
|