foreman_scap_client 0.4.2 → 0.4.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/config/config.yaml.example +5 -0
- data/lib/foreman_scap_client/client.rb +4 -1
- data/lib/foreman_scap_client/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 613e57e5fe5d504abb771c1924649c18d3a01869e3d75fbf33c4d2078647dcaa
|
4
|
+
data.tar.gz: f5d061fd7061174a3ce2dd92348371a9cb672781b428950ccc7add94b1fa8b69
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6e7d76224ae9440cad7ba6592a0aee99909ec7be581e1da4bc9310b74161504127b9631148bd5371bc7616718eac76b64a6565c04250c0488ac24d2db5860104
|
7
|
+
data.tar.gz: 2c6a1f7531f5a996847718255dca2e3bf4d1d5b091242402e71748450e3971ead373031217b3ce9b96d84aa568018374aacf37943786943db4becf068150d922
|
data/config/config.yaml.example
CHANGED
@@ -2,6 +2,9 @@
|
|
2
2
|
:server: 'foreman_proxy.example.com'
|
3
3
|
:port: 8443
|
4
4
|
|
5
|
+
# Timeout for sending reports to proxy
|
6
|
+
:timeout: 60
|
7
|
+
|
5
8
|
# Should --fetch-remote-resources be added to `oscap xccdf eval` command
|
6
9
|
:fetch_remote_resources: true
|
7
10
|
|
@@ -15,6 +18,8 @@
|
|
15
18
|
:host_certificate: '/var/lib/puppet/ssl/certs/client.example.com.pem'
|
16
19
|
# this client private key, usually the same that puppet agent use
|
17
20
|
:host_private_key: '/var/lib/puppet/ssl/private_keys/client.example.com.pem'
|
21
|
+
# optional cipher list if endpoints are hardened
|
22
|
+
:ciphers: ["AES256-SHA:AES128-SHA:DES-CBC3-SHA"]
|
18
23
|
|
19
24
|
# policy (key is id as in Foreman)
|
20
25
|
1:
|
@@ -45,6 +45,7 @@ module ForemanScapClient
|
|
45
45
|
|
46
46
|
def scan
|
47
47
|
puts "DEBUG: running: " + scan_command
|
48
|
+
puts "with ENV vars: #{scan_command_env_vars}" unless scan_command_env_vars.empty?
|
48
49
|
|
49
50
|
if RUBY_VERSION.start_with? '1.8'
|
50
51
|
legacy_run_scan
|
@@ -56,7 +57,7 @@ module ForemanScapClient
|
|
56
57
|
def run_scan
|
57
58
|
stdout_str, error_str, result = Open3.capture3(scan_command_env_vars, scan_command)
|
58
59
|
if result.success? || result.exitstatus == 2
|
59
|
-
puts error_str.split("\n").select { |item| item.start_with?
|
60
|
+
puts error_str.split("\n").select { |item| item.start_with?('WARNING:') || item.start_with?('Downloading') }.join("\n")
|
60
61
|
@report = results_path
|
61
62
|
else
|
62
63
|
puts 'Scan failed'
|
@@ -141,6 +142,7 @@ module ForemanScapClient
|
|
141
142
|
uri = URI.parse(upload_uri)
|
142
143
|
puts "Uploading results to #{uri}"
|
143
144
|
https = generate_https_object(uri)
|
145
|
+
https.read_timeout = config[:timeout] if config[:timeout]
|
144
146
|
request = Net::HTTP::Post.new uri.path
|
145
147
|
request.body = File.read(results_bzip_path)
|
146
148
|
request['Content-Type'] = 'text/xml'
|
@@ -169,6 +171,7 @@ module ForemanScapClient
|
|
169
171
|
def generate_https_object(uri)
|
170
172
|
https = Net::HTTP.new(uri.host, uri.port)
|
171
173
|
https.use_ssl = true
|
174
|
+
https.ciphers = config[:ciphers] if config[:ciphers]
|
172
175
|
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
173
176
|
https.ca_file = config[:ca_file]
|
174
177
|
begin
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: foreman_scap_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marek Hulan
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2020-07-17 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: bundler
|
@@ -78,8 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
78
78
|
version: '0'
|
79
79
|
requirements:
|
80
80
|
- bzip2
|
81
|
-
|
82
|
-
rubygems_version: 2.6.8
|
81
|
+
rubygems_version: 3.1.2
|
83
82
|
signing_key:
|
84
83
|
specification_version: 4
|
85
84
|
summary: Client script that runs openscap scan and uploads the result to foreman proxy
|