Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-15 01:17:08 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/lib/resources/auditd_rules.rb
Dominik Richter 56d8379fc9 move all resources to use the command resource 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2015-10-05 18:54:47 +02:00

51 lines
1.4 KiB
Ruby
Raw Blame History

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# license: All rights reserved
# Usage:
# describe audit_daemon_rules do
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=adjtimex,settimeofday/) }
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=stime,settimeofday,adjtimex/) }
# its("LIST_RULES") {should contain_match(/^exit,always arch=.* key=time-change syscall=clock_settime/)}
# its("LIST_RULES") {should contain_match(/^exit,always watch=\/etc\/localtime perm=wa key=time-change/)}
# end
class AuditDaemonRules < Vulcano.resource(1)
name 'audit_daemon_rules'
def initialize
@content = vulcano.command('/sbin/auditctl -l').stdout.chomp
@opts = {
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
multiple_values: true,
}
end
def params
@params ||= SimpleConfig.new(@content, @opts).params
end
def method_missing(name)
params[name.to_s]
end
def status(name)
@status_opts = {
assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
multiple_values: false,
}
@status_content ||= vulcano.command('/sbin/auditctl -s').stdout.chomp
@status_params = SimpleConfig.new(@status_content, @status_opts).params
status = @status_params['AUDIT_STATUS']
return nil if status.nil?
items = Hash[status.scan(/([^=]+)=(\w*)\s*/)]
items[name]
end
def to_s
'Audit Daemon Rules'
end
end
Reference in a new issue View git blame Copy permalink