inspec/lib/resources/processes.rb

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# author: Dominik Richter
# author: Christoph Hartmann
# license: All rights reserved

module Inspec::Resources
  class Processes < Inspec.resource(1)
    name 'processes'
    desc 'Use the processes InSpec audit resource to test properties for programs that are running on the system.'
    example "
      describe processes('mysqld') do
        its('list.length') { should eq 1 }
        its('users') { should eq ['mysql'] }
        its('states') { should include 'S' }
      end
    "

    attr_reader :list,
                :users,
                :states

    def initialize(grep)
      # turn into a regexp if it isn't one yet
      if grep.class == String
        grep = '(/[^/]*)*'+grep if grep[0] != '/'
        grep = Regexp.new('^' + grep + '(\s|$)')
      end

      all_cmds = ps_aux
      @list = all_cmds.find_all do |hm|
        hm[:command] =~ grep
      end

      { users: :user,
        states: :stat }.each do |var, key|
        instance_variable_set("@#{var}", @list.map { |l| l[key] }.uniq)
      end
    end

    def to_s
      'Processes'
    end

    private

    def ps_aux
      # get all running processes
      cmd = inspec.command('ps aux')
      all = cmd.stdout.split("\n")[1..-1]
      return [] if all.nil?

      lines = all.map do |line|
        # user   32296  0.0  0.0  42592  7972 pts/15   Ss+  Apr06   0:00 zsh
        line.match(/^([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+([^ ]+)\s+(.*)$/)
      end.compact

      lines.map do |m|
        {
          user: m[1],
          pid: m[2].to_i,
          cpu: m[3],
          mem: m[4],
          vsz: m[5].to_i,
          rss: m[6].to_i,
          tty: m[7],
          stat: m[8],
          start: m[9],
          time: m[10],
          command: m[11],
        }
      end
    end
  end
end