mirror of
https://github.com/inspec/inspec
synced 2024-11-11 07:34:15 +00:00
Expose label for processes only on linux
This commit is contained in:
Victoria Jeffrey
parent
6670a8f502
commit
1811eb6666
4 changed files with 82 additions and 20 deletions
|
|
@ -45,18 +45,48 @@ module Inspec::Resources
|
||||||
private
|
private
|
||||||
|
|
||||||
def ps_aux
|
def ps_aux
|
||||||
# get all running processes
|
os = inspec.os
|
||||||
cmd = inspec.command('ps aux')
|
|
||||||
|
if os.linux?
|
||||||
|
command = 'ps auxZ'
|
||||||
|
regex = /^([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(.*)$/
|
||||||
|
else
|
||||||
|
command = 'ps aux'
|
||||||
|
regex = /^([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(.*)$/
|
||||||
|
end
|
||||||
|
build_process_list(command, regex, os)
|
||||||
|
end
|
||||||
|
|
||||||
|
def build_process_list(command, regex, os) # rubocop:disable MethodLength, Metrics/AbcSize
|
||||||
|
cmd = inspec.command(command)
|
||||||
all = cmd.stdout.split("\n")[1..-1]
|
all = cmd.stdout.split("\n")[1..-1]
|
||||||
return [] if all.nil?
|
return [] if all.nil?
|
||||||
|
|
||||||
lines = all.map do |line|
|
lines = all.map do |line|
|
||||||
# user 32296 0.0 0.0 42592 7972 pts/15 Ss+ Apr06 0:00 zsh
|
line.match(regex)
|
||||||
line.match(/^([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(.*)$/)
|
|
||||||
end.compact
|
end.compact
|
||||||
|
|
||||||
|
if os.linux?
|
||||||
lines.map do |m|
|
lines.map do |m|
|
||||||
{
|
{
|
||||||
|
label: m[1],
|
||||||
|
user: m[2],
|
||||||
|
pid: m[3].to_i,
|
||||||
|
cpu: m[4],
|
||||||
|
mem: m[5],
|
||||||
|
vsz: m[6].to_i,
|
||||||
|
rss: m[7].to_i,
|
||||||
|
tty: m[8],
|
||||||
|
stat: m[9],
|
||||||
|
start: m[10],
|
||||||
|
time: m[11],
|
||||||
|
command: m[12],
|
||||||
|
}
|
||||||
|
end
|
||||||
|
else
|
||||||
|
lines.map do |m|
|
||||||
|
{
|
||||||
|
label: nil,
|
||||||
user: m[1],
|
user: m[1],
|
||||||
pid: m[2].to_i,
|
pid: m[2].to_i,
|
||||||
cpu: m[3],
|
cpu: m[3],
|
||||||
|
|
@ -73,3 +103,4 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
|
||||||
|
|
@ -137,6 +137,7 @@ class MockLoader
|
||||||
|
|
||||||
mock.commands = {
|
mock.commands = {
|
||||||
'ps aux' => cmd.call('ps-aux'),
|
'ps aux' => cmd.call('ps-aux'),
|
||||||
|
'ps auxZ' => cmd.call('ps-auxZ'),
|
||||||
'Get-Content win_secpol.cfg' => cmd.call('secedit-export'),
|
'Get-Content win_secpol.cfg' => cmd.call('secedit-export'),
|
||||||
'secedit /export /cfg win_secpol.cfg' => cmd.call('success'),
|
'secedit /export /cfg win_secpol.cfg' => cmd.call('success'),
|
||||||
'Remove-Item win_secpol.cfg' => cmd.call('success'),
|
'Remove-Item win_secpol.cfg' => cmd.call('success'),
|
||||||
|
|
|
||||||
3
test/unit/mock/cmd/ps-auxZ
Normal file
3
test/unit/mock/cmd/ps-auxZ
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
LABEL USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
|
||||||
|
system_u:system_r:kernel_t:s0 root 1 0.0 0.0 19232 1492 ? Ss May04 0:01 /sbin/init
|
||||||
|
system_u:system_r:kernel_t:s0 root 39 0.0 0.0 0 0 ? S May04 0:00 crypto/0
|
||||||
|
|
@ -12,8 +12,9 @@ describe 'Inspec::Resources::Processes' do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'verify processes resource' do
|
it 'verify processes resource' do
|
||||||
resource = load_resource('processes', '/bin/bash')
|
resource = MockLoader.new(:freebsd10).load_resource('processes', '/bin/bash')
|
||||||
_(resource.list).must_equal [{
|
_(resource.list).must_equal [{
|
||||||
|
label: nil,
|
||||||
user: 'root',
|
user: 'root',
|
||||||
pid: 1,
|
pid: 1,
|
||||||
cpu: '0.0',
|
cpu: '0.0',
|
||||||
|
|
@ -30,9 +31,35 @@ describe 'Inspec::Resources::Processes' do
|
||||||
_(resource.list.length).must_equal 1
|
_(resource.list.length).must_equal 1
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'verify processes resource on linux os' do
|
||||||
|
resource = MockLoader.new(:centos6).load_resource('processes', '/sbin/init')
|
||||||
|
_(resource.list).must_equal [{
|
||||||
|
label: 'system_u:system_r:kernel_t:s0',
|
||||||
|
user: 'root',
|
||||||
|
pid: 1,
|
||||||
|
cpu: '0.0',
|
||||||
|
mem: '0.0',
|
||||||
|
vsz: 19232,
|
||||||
|
rss: 1492,
|
||||||
|
tty: '?',
|
||||||
|
stat: 'Ss',
|
||||||
|
start: 'May04',
|
||||||
|
time: '0:01',
|
||||||
|
command: '/sbin/init',
|
||||||
|
}]
|
||||||
|
|
||||||
|
_(resource.list.length).must_equal 1
|
||||||
|
end
|
||||||
|
|
||||||
it 'retrieves the users and states as arrays' do
|
it 'retrieves the users and states as arrays' do
|
||||||
resource = load_resource('processes', 'svc')
|
resource = MockLoader.new(:freebsd10).load_resource('processes', 'svc')
|
||||||
_(resource.users.sort).must_equal ['noot']
|
_(resource.users.sort).must_equal ['noot']
|
||||||
_(resource.states.sort).must_equal ['S', 'Ss']
|
_(resource.states.sort).must_equal ['S', 'Ss']
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'retrieves the users and states as arrays on linux os' do
|
||||||
|
resource = MockLoader.new(:centos6).load_resource('processes', 'crypto/0')
|
||||||
|
_(resource.users.sort).must_equal ['root']
|
||||||
|
_(resource.states.sort).must_equal ['S']
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue