foreman_scap_client 0.4.2 → 0.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/config/config.yaml.example +5 -0
- data/lib/foreman_scap_client/client.rb +4 -1
- data/lib/foreman_scap_client/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 613e57e5fe5d504abb771c1924649c18d3a01869e3d75fbf33c4d2078647dcaa
|
|
4
|
+
data.tar.gz: f5d061fd7061174a3ce2dd92348371a9cb672781b428950ccc7add94b1fa8b69
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6e7d76224ae9440cad7ba6592a0aee99909ec7be581e1da4bc9310b74161504127b9631148bd5371bc7616718eac76b64a6565c04250c0488ac24d2db5860104
|
|
7
|
+
data.tar.gz: 2c6a1f7531f5a996847718255dca2e3bf4d1d5b091242402e71748450e3971ead373031217b3ce9b96d84aa568018374aacf37943786943db4becf068150d922
|
data/config/config.yaml.example
CHANGED
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
:server: 'foreman_proxy.example.com'
|
|
3
3
|
:port: 8443
|
|
4
4
|
|
|
5
|
+
# Timeout for sending reports to proxy
|
|
6
|
+
:timeout: 60
|
|
7
|
+
|
|
5
8
|
# Should --fetch-remote-resources be added to `oscap xccdf eval` command
|
|
6
9
|
:fetch_remote_resources: true
|
|
7
10
|
|
|
@@ -15,6 +18,8 @@
|
|
|
15
18
|
:host_certificate: '/var/lib/puppet/ssl/certs/client.example.com.pem'
|
|
16
19
|
# this client private key, usually the same that puppet agent use
|
|
17
20
|
:host_private_key: '/var/lib/puppet/ssl/private_keys/client.example.com.pem'
|
|
21
|
+
# optional cipher list if endpoints are hardened
|
|
22
|
+
:ciphers: ["AES256-SHA:AES128-SHA:DES-CBC3-SHA"]
|
|
18
23
|
|
|
19
24
|
# policy (key is id as in Foreman)
|
|
20
25
|
1:
|
|
@@ -45,6 +45,7 @@ module ForemanScapClient
|
|
|
45
45
|
|
|
46
46
|
def scan
|
|
47
47
|
puts "DEBUG: running: " + scan_command
|
|
48
|
+
puts "with ENV vars: #{scan_command_env_vars}" unless scan_command_env_vars.empty?
|
|
48
49
|
|
|
49
50
|
if RUBY_VERSION.start_with? '1.8'
|
|
50
51
|
legacy_run_scan
|
|
@@ -56,7 +57,7 @@ module ForemanScapClient
|
|
|
56
57
|
def run_scan
|
|
57
58
|
stdout_str, error_str, result = Open3.capture3(scan_command_env_vars, scan_command)
|
|
58
59
|
if result.success? || result.exitstatus == 2
|
|
59
|
-
puts error_str.split("\n").select { |item| item.start_with?
|
|
60
|
+
puts error_str.split("\n").select { |item| item.start_with?('WARNING:') || item.start_with?('Downloading') }.join("\n")
|
|
60
61
|
@report = results_path
|
|
61
62
|
else
|
|
62
63
|
puts 'Scan failed'
|
|
@@ -141,6 +142,7 @@ module ForemanScapClient
|
|
|
141
142
|
uri = URI.parse(upload_uri)
|
|
142
143
|
puts "Uploading results to #{uri}"
|
|
143
144
|
https = generate_https_object(uri)
|
|
145
|
+
https.read_timeout = config[:timeout] if config[:timeout]
|
|
144
146
|
request = Net::HTTP::Post.new uri.path
|
|
145
147
|
request.body = File.read(results_bzip_path)
|
|
146
148
|
request['Content-Type'] = 'text/xml'
|
|
@@ -169,6 +171,7 @@ module ForemanScapClient
|
|
|
169
171
|
def generate_https_object(uri)
|
|
170
172
|
https = Net::HTTP.new(uri.host, uri.port)
|
|
171
173
|
https.use_ssl = true
|
|
174
|
+
https.ciphers = config[:ciphers] if config[:ciphers]
|
|
172
175
|
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
173
176
|
https.ca_file = config[:ca_file]
|
|
174
177
|
begin
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_scap_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marek Hulan
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2020-07-17 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: bundler
|
|
@@ -78,8 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
78
78
|
version: '0'
|
|
79
79
|
requirements:
|
|
80
80
|
- bzip2
|
|
81
|
-
|
|
82
|
-
rubygems_version: 2.6.8
|
|
81
|
+
rubygems_version: 3.1.2
|
|
83
82
|
signing_key:
|
|
84
83
|
specification_version: 4
|
|
85
84
|
summary: Client script that runs openscap scan and uploads the result to foreman proxy
|