/usr/lib/ruby/vendor_ruby/serverspec/type/linux_audit_system.rb is in ruby-serverspec 2.37.2-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | module Serverspec::Type
class LinuxAuditSystem < Base
def initialize(name=nil)
@name = 'linux_audit_system'
@runner = Specinfra::Runner
@rules_content = nil
end
def enabled?
status_of('enabled') == '1'
end
def running?
pid = status_of('pid')
(!pid.nil? && pid.size > 0 && pid != '0')
end
def rules
if @rules_content.nil?
@rules_content = @runner.run_command('/sbin/auditctl -l').stdout || ''
end
@rules_content
end
private
def status_of(part)
cmd = "/sbin/auditctl -s"
status_str = @runner.run_command(cmd).stdout.chomp
status_map = parse_status(status_str)
status_map[part] || ''
end
def parse_status(status_str)
map = nil
if status_str =~ /^AUDIT_STATUS/ then
map = status_str.split(' ')[1..-1].inject({}) { |res,elem| a = elem.split('='); res.store(a[0],a[1] || ''); res }
else
map = status_str.split("\n").inject({}) { |res,elem| a = elem.split(' '); res.store(a[0],a[1] || ''); res }
end
map
end
end
end
|