mirror of
https://github.com/inspec/inspec
synced 2024-09-21 06:51:56 +00:00
Fix auditd resource processing of action and list (#4665)
Fix auditd resource processing of action and list
This commit is contained in:
commit
03d394a51b
3 changed files with 31 additions and 3 deletions
|
@ -187,8 +187,20 @@ module Inspec::Resources
|
|||
line.scan(/-S ([^ ]+)\s?/).flatten.first.split(",")
|
||||
end
|
||||
|
||||
# Processes the line and returns a pair of entries reflecting the 'action'
|
||||
# and 'list' items.
|
||||
#
|
||||
# @return [Array[String,String]]
|
||||
def action_list_for(line)
|
||||
line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
|
||||
action_list = line.scan(/-a ([^,]+),([^ ]+)\s?/).flatten
|
||||
|
||||
# Actions and lists can be in either order
|
||||
valid_actions = %w{never always}
|
||||
|
||||
[
|
||||
(action_list & valid_actions).first,
|
||||
(action_list - valid_actions).first,
|
||||
]
|
||||
end
|
||||
|
||||
def key_for(line)
|
||||
|
|
2
test/fixtures/cmd/auditctl
vendored
2
test/fixtures/cmd/auditctl
vendored
|
@ -2,7 +2,7 @@
|
|||
-a always,exit -F arch=b32 -S open,openat -F exit=-EPERM -F key=access
|
||||
-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod
|
||||
-a always,exit -S all -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
|
||||
-a always,exit -S all -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
|
||||
-a exit,always -S all -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
|
||||
-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config
|
||||
-w /etc/sudoers -p wa
|
||||
-w /etc/private-keys -p x
|
||||
|
|
|
@ -10,13 +10,29 @@ describe "Inspec::Resources::AuditDaemon" do
|
|||
"-a always,exit -F arch=b32 -S open,openat -F exit=-EPERM -F key=access",
|
||||
"-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod",
|
||||
"-a always,exit -S all -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged",
|
||||
"-a always,exit -S all -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged",
|
||||
# Reversed for action_list validation
|
||||
"-a exit,always -S all -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged",
|
||||
"-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config",
|
||||
"-w /etc/sudoers -p wa",
|
||||
"-w /etc/private-keys -p x",
|
||||
]
|
||||
end
|
||||
|
||||
it "auditd action_list processing" do
|
||||
resource = MockLoader.new(:centos7).load_resource("auditd")
|
||||
|
||||
list_items = []
|
||||
action_items = []
|
||||
|
||||
resource.params.each do |param|
|
||||
list_items << param["list"] if param["list"]
|
||||
action_items << param["action"] if param["action"]
|
||||
end
|
||||
|
||||
list_items.uniq.must_equal ["exit"]
|
||||
action_items.uniq.must_equal ["always"]
|
||||
end
|
||||
|
||||
it "auditd syscall interface" do
|
||||
resource = MockLoader.new(:centos7).load_resource("auditd")
|
||||
_(resource.send("syscall", "open").send("params")).must_equal [
|
||||
|
|
Loading…
Reference in a new issue