foreman_scap_client 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/config.yaml.example +7 -0
- data/lib/foreman_scap_client/client.rb +48 -5
- data/lib/foreman_scap_client/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2e702d979ef4efb30e81f353704aa35d9329cdcb
|
|
4
|
+
data.tar.gz: 8637950187141f8c7b9a7ab74b8396da710d31e1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 616bb33708a3d3f2ca6644812ffc392126074d79a04e4dd7746a2a76b263dd8b4277fd8229f1ed6709f2791fdfbf415fef721750934ee579c3e180934be73a91
|
|
7
|
+
data.tar.gz: a66ed283164da3cf15c2fa32b1fd168d007ddafa6d10a0750fca694c394717185d1cd4e1fec3a7da8d77811a9e5feb6316adf8f0f71ff68bb545b0bd7ad9f047
|
data/config/config.yaml.example
CHANGED
|
@@ -2,6 +2,13 @@
|
|
|
2
2
|
:server: 'foreman_proxy.example.com'
|
|
3
3
|
:port: 8443
|
|
4
4
|
|
|
5
|
+
# Should --fetch-remote-resources be added to `oscap xccdf eval` command
|
|
6
|
+
:fetch_remote_resources: true
|
|
7
|
+
|
|
8
|
+
# HTTP proxy server for downloading remote resources
|
|
9
|
+
:http_proxy_server:
|
|
10
|
+
:http_proxy_port:
|
|
11
|
+
|
|
5
12
|
# SSL specific options
|
|
6
13
|
:ca_file: '/var/lib/puppet/ssl/certs/ca.pem'
|
|
7
14
|
# this client certificate, usually the same that puppet agent use
|
|
@@ -4,6 +4,8 @@ require 'net/http'
|
|
|
4
4
|
require 'net/https'
|
|
5
5
|
require 'uri'
|
|
6
6
|
require 'open-uri'
|
|
7
|
+
require 'open3'
|
|
8
|
+
require 'json'
|
|
7
9
|
|
|
8
10
|
module ForemanScapClient
|
|
9
11
|
CONFIG_FILE = '/etc/foreman_scap_client/config.yaml'
|
|
@@ -38,16 +40,35 @@ module ForemanScapClient
|
|
|
38
40
|
|
|
39
41
|
def scan
|
|
40
42
|
puts "DEBUG: running: " + scan_command
|
|
41
|
-
result =
|
|
42
|
-
if
|
|
43
|
+
stdout_str, error_str, result = Open3.capture3(scan_command_env_vars, scan_command)
|
|
44
|
+
if result.success? || result.exitstatus == 2
|
|
43
45
|
@report = results_path
|
|
44
46
|
else
|
|
45
47
|
puts 'Scan failed'
|
|
46
|
-
puts
|
|
48
|
+
puts stdout_str
|
|
49
|
+
puts error_str
|
|
47
50
|
exit(2)
|
|
48
51
|
end
|
|
49
52
|
end
|
|
50
53
|
|
|
54
|
+
def scan_command_env_vars
|
|
55
|
+
if http_proxy_uri
|
|
56
|
+
{
|
|
57
|
+
'HTTP_PROXY' => http_proxy_uri,
|
|
58
|
+
'HTTPS_PROXY' => http_proxy_uri
|
|
59
|
+
}
|
|
60
|
+
else
|
|
61
|
+
{}
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def http_proxy_uri
|
|
66
|
+
return nil unless config[:http_proxy_server] && config[:http_proxy_port]
|
|
67
|
+
http_proxy_server = config[:http_proxy_server]
|
|
68
|
+
http_proxy_port = config[:http_proxy_port]
|
|
69
|
+
"http://#{http_proxy_server}:#{http_proxy_port}"
|
|
70
|
+
end
|
|
71
|
+
|
|
51
72
|
def results_path
|
|
52
73
|
"#{@tmp_dir}/results.xml"
|
|
53
74
|
end
|
|
@@ -62,7 +83,12 @@ module ForemanScapClient
|
|
|
62
83
|
else
|
|
63
84
|
profile = ''
|
|
64
85
|
end
|
|
65
|
-
|
|
86
|
+
fetch_remote_resources = if config[:fetch_remote_resources]
|
|
87
|
+
'--fetch-remote-resources'
|
|
88
|
+
else
|
|
89
|
+
''
|
|
90
|
+
end
|
|
91
|
+
"oscap xccdf eval #{fetch_remote_resources} #{profile} #{tailoring_subcommand} --results-arf #{results_path} #{config[@policy_id][:content_path]}"
|
|
66
92
|
end
|
|
67
93
|
|
|
68
94
|
def tailoring_subcommand
|
|
@@ -93,7 +119,8 @@ module ForemanScapClient
|
|
|
93
119
|
request['Content-Encoding'] = 'x-bzip2'
|
|
94
120
|
begin
|
|
95
121
|
res = https.request(request)
|
|
96
|
-
res.value
|
|
122
|
+
value = res.value
|
|
123
|
+
foreman_upload_result res
|
|
97
124
|
rescue StandardError => e
|
|
98
125
|
puts res.body if res
|
|
99
126
|
puts "Upload failed: #{e.message}"
|
|
@@ -165,5 +192,21 @@ module ForemanScapClient
|
|
|
165
192
|
def download_uri(download_path)
|
|
166
193
|
foreman_proxy_uri + "#{download_path}"
|
|
167
194
|
end
|
|
195
|
+
|
|
196
|
+
def foreman_upload_result(response)
|
|
197
|
+
begin
|
|
198
|
+
print_upload_result JSON.parse(response.body)
|
|
199
|
+
rescue StandardError => e
|
|
200
|
+
# rescue and print nothing if older proxy version does not respond with json we expect
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
def print_upload_result(parsed)
|
|
205
|
+
if parsed['id']
|
|
206
|
+
puts "Report uploaded, report id: #{parsed['id']}"
|
|
207
|
+
else
|
|
208
|
+
puts "Report not uploaded from proxy to Foreman server, cause: #{parsed['result']}"
|
|
209
|
+
end
|
|
210
|
+
end
|
|
168
211
|
end
|
|
169
212
|
end
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_scap_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marek Hulan
|
|
8
|
-
-
|
|
8
|
+
- Šimon Lukašík
|
|
9
9
|
- Shlomi Zadok
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2018-10-12 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: bundler
|
|
@@ -79,7 +79,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
79
79
|
requirements:
|
|
80
80
|
- "/usr/bin/bzip2"
|
|
81
81
|
rubyforge_project:
|
|
82
|
-
rubygems_version: 2.
|
|
82
|
+
rubygems_version: 2.6.8
|
|
83
83
|
signing_key:
|
|
84
84
|
specification_version: 4
|
|
85
85
|
summary: Client script that runs openscap scan and uploads the result to foreman proxy
|