audit_log_parser 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -2
  3. data/lib/audit_log_parser/version.rb +1 -1
  4. data/lib/audit_log_parser.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0202a0ebca9afb91aba76841cc3bf2907112c90fed14b0301cf59012ebcc1678
4
- data.tar.gz: a6266d08657b1f5ba0a24d6127a5043e08eef71355584910c9c91ea1f29844e2
3
+ metadata.gz: 44f1c148dffdd203d11a2d99dabf9f4a6c61a1d054a88d445a0da9f5e35cca65
4
+ data.tar.gz: c2abf7e7037a5dab5fabbaaf2226c5e70ee57b3804a116cfc61a2a9186a8a9a4
5
5
  SHA512:
6
- metadata.gz: 630ce72caaffc1dd3e0dd09a1985a53a85e48dfabdc8554218c59e5a2ae7509af5ea425e76238369520113e35ba53f1d25907d447a4318af10bc5f29fdf186d3
7
- data.tar.gz: 5c50af811818572d925753b44956e5d3b868dc51e7bf45184833534002c0aa163132b8d47df63828d60fa99f8d385b5fbc33cc133778a6200a7001e9cc3dc121
6
+ metadata.gz: ce9037c3ac30c6853f173159bb062a9994bb88e056fc1605e0698ab87a2658cb7a8c1b8fda332715b102d24292dad4e4e422f8e8da6709d098c97d64d56d0594
7
+ data.tar.gz: 83610302f7adb5450abf919fbf6363127739bd7128ea6c7ab4c5373557ca9a7ac9f2cfe9d714e869a7f0f7f194156a4e80c8c1198a8c5cab8b09ac5bcd3d86aa
data/README.md CHANGED
@@ -28,11 +28,11 @@ Or install it yourself as:
28
28
  require 'audit_log_parser'
29
29
  require 'pp'
30
30
 
31
- audit_log = <<EOS
31
+ audit_log1 = <<EOS
32
32
  type=SYSCALL msg=audit(1364481363.243:24287): arch=c000003e syscall=2 success=no exit=-13 a0=7fffd19c5592 a1=0 a2=7fffd19c4b50 a3=a items=1 ppid=2686 pid=3538 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts0 ses=1 comm="cat" exe="/bin/cat" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="sshd_config"
33
33
  EOS
34
34
 
35
- pp AuditLogParser.parse(data)
35
+ pp AuditLogParser.parse_line(audit_log1)
36
36
  #=> {"header"=>{"type"=>"SYSCALL", "msg"=>"audit(1364481363.243:24287)"},
37
37
  # "body"=>
38
38
  # {"arch"=>"c000003e",
@@ -61,4 +61,25 @@ pp AuditLogParser.parse(data)
61
61
  # "exe"=>"\"/bin/cat\"",
62
62
  # "subj"=>"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
63
63
  # "key"=>"\"sshd_config\""}}
64
+
65
+ audit_log2 = <<EOS
66
+ type=USER_AUTH msg=audit(1364475353.159:24270): user pid=3280 uid=500 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=failed'
67
+ EOS
68
+
69
+ pp AuditLogParser.parse_line(audit_log2)
70
+ #=> {"header"=>{"type"=>"USER_AUTH", "msg"=>"audit(1364475353.159:24270)"},
71
+ # "body"=>
72
+ # {"user pid"=>"3280",
73
+ # "uid"=>"500",
74
+ # "auid"=>"500",
75
+ # "ses"=>"1",
76
+ # "subj"=>"unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023",
77
+ # "msg"=>
78
+ # {"op"=>"PAM:authentication",
79
+ # "acct"=>"\"root\"",
80
+ # "exe"=>"\"/bin/su\"",
81
+ # "hostname"=>"?",
82
+ # "addr"=>"?",
83
+ # "terminal"=>"pts/0",
84
+ # "res"=>"failed"}}}
64
85
  ```
data/lib/audit_log_parser/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  class AuditLogParser
2
- VERSION = '0.1.0'
2
+ VERSION = '0.1.1'
3
3
  end
data/lib/audit_log_parser.rb CHANGED
@@ -67,7 +67,7 @@ class AuditLogParser
67
67
  when "'"
68
68
  nest = ss.scan_until(/'/)
69
69
  nest.chomp!("'")
70
- value = nest
70
+ value = parse_body(nest)
71
71
  else
72
72
  value << ss.scan_until(/( |\z)/)
73
73
  value.chomp!(' ')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: audit_log_parser
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - winebarrel