audit_log_parser 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -2
  3. data/lib/audit_log_parser/version.rb +1 -1
  4. data/lib/audit_log_parser.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0202a0ebca9afb91aba76841cc3bf2907112c90fed14b0301cf59012ebcc1678
4
- data.tar.gz: a6266d08657b1f5ba0a24d6127a5043e08eef71355584910c9c91ea1f29844e2
3
+ metadata.gz: 44f1c148dffdd203d11a2d99dabf9f4a6c61a1d054a88d445a0da9f5e35cca65
4
+ data.tar.gz: c2abf7e7037a5dab5fabbaaf2226c5e70ee57b3804a116cfc61a2a9186a8a9a4
5
5
  SHA512:
6
- metadata.gz: 630ce72caaffc1dd3e0dd09a1985a53a85e48dfabdc8554218c59e5a2ae7509af5ea425e76238369520113e35ba53f1d25907d447a4318af10bc5f29fdf186d3
7
- data.tar.gz: 5c50af811818572d925753b44956e5d3b868dc51e7bf45184833534002c0aa163132b8d47df63828d60fa99f8d385b5fbc33cc133778a6200a7001e9cc3dc121
6
+ metadata.gz: ce9037c3ac30c6853f173159bb062a9994bb88e056fc1605e0698ab87a2658cb7a8c1b8fda332715b102d24292dad4e4e422f8e8da6709d098c97d64d56d0594
7
+ data.tar.gz: 83610302f7adb5450abf919fbf6363127739bd7128ea6c7ab4c5373557ca9a7ac9f2cfe9d714e869a7f0f7f194156a4e80c8c1198a8c5cab8b09ac5bcd3d86aa
data/README.md CHANGED
@@ -28,11 +28,11 @@ Or install it yourself as:
28
28
  require 'audit_log_parser'
29
29
  require 'pp'
30
30
 
31
- audit_log = <<EOS
31
+ audit_log1 = <<EOS
32
32
  type=SYSCALL msg=audit(1364481363.243:24287): arch=c000003e syscall=2 success=no exit=-13 a0=7fffd19c5592 a1=0 a2=7fffd19c4b50 a3=a items=1 ppid=2686 pid=3538 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts0 ses=1 comm="cat" exe="/bin/cat" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="sshd_config"
33
33
  EOS
34
34
 
35
- pp AuditLogParser.parse(data)
35
+ pp AuditLogParser.parse_line(audit_log1)
36
36
  #=> {"header"=>{"type"=>"SYSCALL", "msg"=>"audit(1364481363.243:24287)"},
37
37
  # "body"=>
38
38
  # {"arch"=>"c000003e",
@@ -61,4 +61,25 @@ pp AuditLogParser.parse(data)
61
61
  # "exe"=>"\"/bin/cat\"",
62
62
  # "subj"=>"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
63
63
  # "key"=>"\"sshd_config\""}}
64
+
65
+ audit_log2 = <<EOS
66
+ type=USER_AUTH msg=audit(1364475353.159:24270): user pid=3280 uid=500 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=failed'
67
+ EOS
68
+
69
+ pp AuditLogParser.parse_line(audit_log2)
70
+ #=> {"header"=>{"type"=>"USER_AUTH", "msg"=>"audit(1364475353.159:24270)"},
71
+ # "body"=>
72
+ # {"user pid"=>"3280",
73
+ # "uid"=>"500",
74
+ # "auid"=>"500",
75
+ # "ses"=>"1",
76
+ # "subj"=>"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
77
+ # "msg"=>
78
+ # {"op"=>"PAM:authentication",
79
+ # "acct"=>"\"root\"",
80
+ # "exe"=>"\"/bin/su\"",
81
+ # "hostname"=>"?",
82
+ # "addr"=>"?",
83
+ # "terminal"=>"pts/0",
84
+ # "res"=>"failed"}}}
64
85
  ```
data/lib/audit_log_parser/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  class AuditLogParser
2
- VERSION = '0.1.0'
2
+ VERSION = '0.1.1'
3
3
  end
data/lib/audit_log_parser.rb CHANGED
@@ -67,7 +67,7 @@ class AuditLogParser
67
67
  when "'"
68
68
  nest = ss.scan_until(/'/)
69
69
  nest.chomp!("'")
70
- value = nest
70
+ value = parse_body(nest)
71
71
  else
72
72
  value << ss.scan_until(/( |\z)/)
73
73
  value.chomp!(' ')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: audit_log_parser
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - winebarrel