fluent-plugin-syscheck 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +21 -0
- data/lib/fluent/plugin/in_syscheck_mounts.rb +60 -16
- metadata +15 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1fc9cd18d52c75a1db0b29d655b74a9b4830b66aab86b3e04d291cf2f1555261
|
|
4
|
+
data.tar.gz: 46d2984fdbe048eda60e01787cb2e7cddbc1e5a7589e1cb1223d35b327d40538
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b42c43682f9af8cff35d02fb7684065c8fbdcf73834504f0c266b798147eccdf56c3071149987f8482447c023a95de1d04e22860f79052cd091c2c5f54344da8
|
|
7
|
+
data.tar.gz: f8407c1f94804b6fa23949f72412d96ad3fe57dbb1eaaaccd6fd522aaeb5d0c6653778b371fc8a691fb88ed6cebc4871145a002b4cda3fd65d861e120482dba9
|
data/README.md
CHANGED
|
@@ -32,8 +32,29 @@ $ bundle
|
|
|
32
32
|
|
|
33
33
|
### configuration
|
|
34
34
|
|
|
35
|
+
Parameters are:
|
|
36
|
+
|
|
37
|
+
| parameter | type | purpose |
|
|
38
|
+
|-------------------|--------|------------------------------------------|
|
|
39
|
+
| tag | string | tag to emit event on |
|
|
40
|
+
| interval | time | interval to exec mount check |
|
|
41
|
+
| timeout | time | timeout for a mountpoint check |
|
|
42
|
+
| enabled_fs_types | array | list of fstype to enable only |
|
|
43
|
+
| disabled_fs_types | array | list of fstype to disable explicitly |
|
|
44
|
+
| error_only | bool | generate event on mount check error only |
|
|
45
|
+
|
|
35
46
|
### examples
|
|
36
47
|
|
|
48
|
+
``` text
|
|
49
|
+
<source>
|
|
50
|
+
@type syscheck_mounts
|
|
51
|
+
|
|
52
|
+
tag test
|
|
53
|
+
interval 10
|
|
54
|
+
enabled_fs_types zfs, xfs
|
|
55
|
+
error_only false
|
|
56
|
+
</source>
|
|
57
|
+
```
|
|
37
58
|
|
|
38
59
|
## Copyright
|
|
39
60
|
|
|
@@ -15,11 +15,9 @@
|
|
|
15
15
|
# See the License for the specific language governing permissions and
|
|
16
16
|
# limitations under the License.
|
|
17
17
|
|
|
18
|
-
require 'ostruct'
|
|
19
|
-
|
|
20
18
|
require 'fluent/plugin/input'
|
|
21
19
|
|
|
22
|
-
# rubocop:disable Metrics/AbcSize, Metrics/MethodLength
|
|
20
|
+
# rubocop:disable Metrics/AbcSize, Metrics/ClassLength, Metrics/MethodLength
|
|
23
21
|
module Fluent
|
|
24
22
|
module Plugin
|
|
25
23
|
class SyscheckMountsInput < Fluent::Plugin::Input
|
|
@@ -36,17 +34,43 @@ module Fluent
|
|
|
36
34
|
desc 'interval for probe execution'
|
|
37
35
|
config_param :interval, :time, default: INTERVAL
|
|
38
36
|
desc 'The timeout in second for the check execution'
|
|
39
|
-
config_param :timeout, :
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
37
|
+
config_param :timeout, :time, default: TIMEOUT
|
|
38
|
+
|
|
39
|
+
ENABLED_FS_TYPES = nil
|
|
40
|
+
DISABLED_FS_TYPES = %w[
|
|
41
|
+
binfmt_misc
|
|
42
|
+
bpf
|
|
43
|
+
cgroup
|
|
44
|
+
cgroup2
|
|
45
|
+
configfs
|
|
46
|
+
debugfs
|
|
47
|
+
devpts
|
|
48
|
+
devtmpfs
|
|
49
|
+
efivarfs
|
|
50
|
+
fusectl
|
|
51
|
+
hugetlbfs
|
|
52
|
+
mqueue
|
|
53
|
+
proc
|
|
54
|
+
pstore
|
|
55
|
+
rpc_pipefs
|
|
56
|
+
securityfs
|
|
57
|
+
squashfs
|
|
58
|
+
sysfs
|
|
59
|
+
tracefs
|
|
60
|
+
].freeze
|
|
45
61
|
|
|
46
62
|
desc 'Enabled FS types'
|
|
47
|
-
config_param :enabled_fs_types, :array, value_type: :string, default:
|
|
63
|
+
config_param :enabled_fs_types, :array, value_type: :string, default: ENABLED_FS_TYPES
|
|
48
64
|
desc 'Disabled FS types'
|
|
49
|
-
config_param :disabled_fs_types, :array, value_type: :string, default:
|
|
65
|
+
config_param :disabled_fs_types, :array, value_type: :string, default: DISABLED_FS_TYPES
|
|
66
|
+
|
|
67
|
+
ENABLED_PATHS = nil
|
|
68
|
+
DISABLED_PATHS = [].freeze
|
|
69
|
+
|
|
70
|
+
desc 'Enabled Paths'
|
|
71
|
+
config_param :enabled_paths, :array, value_type: :regexp, default: ENABLED_PATHS
|
|
72
|
+
desc 'Disabled Paths'
|
|
73
|
+
config_param :disabled_paths, :array, value_type: :regexp, default: DISABLED_PATHS
|
|
50
74
|
|
|
51
75
|
ERROR_ONLY = true
|
|
52
76
|
|
|
@@ -82,13 +106,35 @@ module Fluent
|
|
|
82
106
|
def system_mounts
|
|
83
107
|
File.readlines('/proc/mounts').map do |mount_line|
|
|
84
108
|
device, mountpoint, fstype, _rest = mount_line.split
|
|
85
|
-
next
|
|
86
|
-
next if
|
|
109
|
+
next unless enabled_fs_type?(fstype)
|
|
110
|
+
next if disabled_fs_type?(fstype)
|
|
111
|
+
next unless enabled_path?(mountpoint)
|
|
112
|
+
next if disabled_path?(mountpoint)
|
|
87
113
|
|
|
88
114
|
SysMount.new(device: device, mountpoint: mountpoint, fstype: fstype)
|
|
89
115
|
end.compact
|
|
90
116
|
end
|
|
91
117
|
|
|
118
|
+
def enabled_fs_type?(fstype)
|
|
119
|
+
return true unless enabled_fs_types
|
|
120
|
+
|
|
121
|
+
enabled_fs_types.include?(fstype)
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
def disabled_fs_type?(fstype)
|
|
125
|
+
disabled_fs_types&.include?(fstype)
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
def enabled_path?(path)
|
|
129
|
+
return true unless enabled_paths
|
|
130
|
+
|
|
131
|
+
enabled_paths.any? { |path_pattern| path_pattern.match?(path) }
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
def disabled_path?(path)
|
|
135
|
+
disabled_paths.any? { |path_pattern| path_pattern.match?(path) }
|
|
136
|
+
end
|
|
137
|
+
|
|
92
138
|
def stat_async(mount)
|
|
93
139
|
reader, writer = IO.pipe
|
|
94
140
|
|
|
@@ -119,8 +165,6 @@ module Fluent
|
|
|
119
165
|
SysMountStatus.new(result)
|
|
120
166
|
end
|
|
121
167
|
|
|
122
|
-
|
|
123
|
-
|
|
124
168
|
def emit_mount_status(mount, status)
|
|
125
169
|
log.debug "#{mount.mountpoint} (#{mount.fstype}): status - #{status}"
|
|
126
170
|
|
|
@@ -178,4 +222,4 @@ module Fluent
|
|
|
178
222
|
end
|
|
179
223
|
end
|
|
180
224
|
end
|
|
181
|
-
# rubocop:enable Metrics/AbcSize, Metrics/MethodLength
|
|
225
|
+
# rubocop:enable Metrics/AbcSize, Metrics/ClassLength, Metrics/MethodLength
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-syscheck
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Tych
|
|
@@ -63,6 +63,20 @@ dependencies:
|
|
|
63
63
|
- - ">="
|
|
64
64
|
- !ruby/object:Gem::Version
|
|
65
65
|
version: 11.1.3
|
|
66
|
+
- !ruby/object:Gem::Dependency
|
|
67
|
+
name: irb
|
|
68
|
+
requirement: !ruby/object:Gem::Requirement
|
|
69
|
+
requirements:
|
|
70
|
+
- - ">="
|
|
71
|
+
- !ruby/object:Gem::Version
|
|
72
|
+
version: '0'
|
|
73
|
+
type: :development
|
|
74
|
+
prerelease: false
|
|
75
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
76
|
+
requirements:
|
|
77
|
+
- - ">="
|
|
78
|
+
- !ruby/object:Gem::Version
|
|
79
|
+
version: '0'
|
|
66
80
|
- !ruby/object:Gem::Dependency
|
|
67
81
|
name: mocha
|
|
68
82
|
requirement: !ruby/object:Gem::Requirement
|