inspec/lib/resources/processes.rb

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# author: Dominik Richter
# author: Christoph Hartmann
# license: All rights reserved

module Inspec::Resources
  class Processes < Inspec.resource(1)
    name 'processes'
    desc 'Use the processes InSpec audit resource to test properties for programs that are running on the system.'
    example "
      describe processes('mysqld') do
        its('list.length') { should eq 1 }
        its('users') { should eq ['mysql'] }
        its('states') { should include 'S' }
      end
    "

    attr_reader :list,
                :users,
                :states

    def initialize(grep)
      # turn into a regexp if it isn't one yet
      if grep.class == String
        grep = '(/[^/]*)*'+grep if grep[0] != '/'
        grep = Regexp.new('^' + grep + '(\s|$)')
      end

      all_cmds = ps_aux
      @list = all_cmds.find_all do |hm|
        hm[:command] =~ grep
      end

      { users: :user,
        states: :stat }.each do |var, key|
        instance_variable_set("@#{var}", @list.map { |l| l[key] }.uniq)
      end
    end

    def to_s
      'Processes'
    end

    private

    def ps_aux
      os = inspec.os

      if os.linux?
        command = 'ps auxZ'
        regex = /^([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(.*)$/
      else
        command = 'ps aux'
        regex = /^([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(.*)$/
      end
      build_process_list(command, regex, os)
    end

    def build_process_list(command, regex, os) # rubocop:disable MethodLength, Metrics/AbcSize
      cmd = inspec.command(command)
      all = cmd.stdout.split("\n")[1..-1]
      return [] if all.nil?

      lines = all.map do |line|
        line.match(regex)
      end.compact

      if os.linux?
        lines.map do |m|
          {
            label: m[1],
            user: m[2],
            pid: m[3].to_i,
            cpu: m[4],
            mem: m[5],
            vsz: m[6].to_i,
            rss: m[7].to_i,
            tty: m[8],
            stat: m[9],
            start: m[10],
            time: m[11],
            command: m[12],
          }
        end
      else
        lines.map do |m|
          {
            label: nil,
            user: m[1],
            pid: m[2].to_i,
            cpu: m[3],
            mem: m[4],
            vsz: m[5].to_i,
            rss: m[6].to_i,
            tty: m[7],
            stat: m[8],
            start: m[9],
            time: m[10],
            command: m[11],
          }
        end
      end
    end
  end
end