inspec/lib/resources/auditd_rules.rb

51 lines
1.4 KiB
Ruby
Raw Normal View History

2015-07-26 20:44:01 +00:00
# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# license: All rights reserved
2015-09-05 21:07:34 +00:00
# Usage:
# describe audit_daemon_rules do
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=adjtimex,settimeofday/) }
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=stime,settimeofday,adjtimex/) }
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=clock_settime/)}
# its("LIST_RULES") {should contain_match(/^exit,always watch=\/etc\/localtime perm=wa key=time-change/)}
# end
class AuditDaemonRules < Vulcano.resource(1)
name 'audit_daemon_rules'
2015-07-26 20:44:01 +00:00
def initialize
2015-09-03 21:18:28 +00:00
@content = vulcano.run_command('/sbin/auditctl -l').stdout.chomp
2015-07-26 20:44:01 +00:00
@opts = {
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
multiple_values: true
}
end
def params
@params ||= SimpleConfig.new(@content, @opts).params
2015-07-26 20:44:01 +00:00
end
2015-09-03 18:43:58 +00:00
def method_missing(name)
params[name.to_s]
2015-07-26 20:44:01 +00:00
end
2015-09-03 18:43:58 +00:00
def status(name)
2015-07-26 20:44:01 +00:00
@status_opts = {
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
multiple_values: false
}
2015-09-03 21:18:28 +00:00
@status_content ||= vulcano.run_command('/sbin/auditctl -s').stdout.chomp
2015-07-26 20:44:01 +00:00
@status_params = SimpleConfig.new(@status_content, @status_opts).params
2015-09-03 18:35:23 +00:00
status = @status_params['AUDIT_STATUS']
2015-07-26 20:44:01 +00:00
if (status == nil) then return nil end
items = Hash[status.scan(/([^=]+)=(\w*)\s*/)]
2015-09-03 18:45:37 +00:00
items[name]
2015-07-26 20:44:01 +00:00
end
def to_s
'Audit Daemon Rules'
2015-07-26 20:44:01 +00:00
end
end