foreman_scap_client 0.4.3 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/bin/foreman_scap_client +16 -5
- data/config/config.yaml.example +9 -0
- data/lib/foreman_scap_client.rb +1 -0
- data/lib/foreman_scap_client/base_client.rb +240 -0
- data/lib/foreman_scap_client/client.rb +14 -194
- data/lib/foreman_scap_client/oval_client.rb +31 -0
- data/lib/foreman_scap_client/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 83d36963b277620c532c048595b0bc57f024918bcf0ee44073930bd0297b4b56
|
4
|
+
data.tar.gz: 9acaf0257a5c1b18ab6f096a2f4025e8d5732ee4e7a45ef195853fe70ab9dd55
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4d68a98ce43eb6ebae0f268a56c1ca87d2f84748e783c1bfda80ffbf170cf4443929b32543d9a30da85a6c554ff7b2952a275a90f98b521c63cae63ff562ebad
|
7
|
+
data.tar.gz: fc864752d527e1118ed4f4a147921ea4b5dd5c49f995e298a10a9400561f7df2bbf2a88bb8137a9c9262b781d791aad4fea672b652a1692d63e075aa3199e777
|
data/bin/foreman_scap_client
CHANGED
@@ -2,11 +2,22 @@
|
|
2
2
|
require 'rubygems'
|
3
3
|
require 'foreman_scap_client'
|
4
4
|
|
5
|
-
if ARGV.
|
6
|
-
|
7
|
-
|
8
|
-
exit 2
|
5
|
+
if ARGV.last == '--skip-upload'
|
6
|
+
skip_upload = true
|
7
|
+
args = ARGV[0...-1]
|
9
8
|
else
|
10
|
-
|
9
|
+
skip_upload = false
|
10
|
+
args = ARGV
|
11
11
|
end
|
12
12
|
|
13
|
+
if args.size == 1
|
14
|
+
ForemanScapClient::Client.new.run(args[0].to_i, skip_upload)
|
15
|
+
elsif args.size == 2 && args[0] == 'ds'
|
16
|
+
ForemanScapClient::Client.new.run(args[1].to_i, skip_upload)
|
17
|
+
elsif args.size == 2 && args[0] == 'oval'
|
18
|
+
ForemanScapClient::OvalClient.new.run(args[1].to_i, skip_upload)
|
19
|
+
else
|
20
|
+
puts "Usage: #{$0} [ds | oval] policy_id [--skip-upload]"
|
21
|
+
puts " where policy_id is a key used in config file"
|
22
|
+
exit 2
|
23
|
+
end
|
data/config/config.yaml.example
CHANGED
@@ -2,6 +2,9 @@
|
|
2
2
|
:server: 'foreman_proxy.example.com'
|
3
3
|
:port: 8443
|
4
4
|
|
5
|
+
# Timeout for sending reports to proxy
|
6
|
+
:timeout: 60
|
7
|
+
|
5
8
|
# Should --fetch-remote-resources be added to `oscap xccdf eval` command
|
6
9
|
:fetch_remote_resources: true
|
7
10
|
|
@@ -15,6 +18,8 @@
|
|
15
18
|
:host_certificate: '/var/lib/puppet/ssl/certs/client.example.com.pem'
|
16
19
|
# this client private key, usually the same that puppet agent use
|
17
20
|
:host_private_key: '/var/lib/puppet/ssl/private_keys/client.example.com.pem'
|
21
|
+
# optional cipher list if endpoints are hardened
|
22
|
+
:ciphers: ["AES256-SHA:AES128-SHA:DES-CBC3-SHA"]
|
18
23
|
|
19
24
|
# policy (key is id as in Foreman)
|
20
25
|
1:
|
@@ -28,3 +33,7 @@
|
|
28
33
|
2:
|
29
34
|
:profile: 'xccdf_org.ssgproject.content_profile_common'
|
30
35
|
:content_path: '/usr/share/xml/scap/ssg/fedora/ssg-fedora-ds.xml'
|
36
|
+
|
37
|
+
:oval:
|
38
|
+
3:
|
39
|
+
:content_path: '/var/lib/openscap/oval_content/ansible-2.9.oval.xml.bz2'
|
data/lib/foreman_scap_client.rb
CHANGED
@@ -0,0 +1,240 @@
|
|
1
|
+
require 'rubygems' if RUBY_VERSION.start_with? '1.8'
|
2
|
+
require 'yaml'
|
3
|
+
require 'tmpdir'
|
4
|
+
require 'net/http'
|
5
|
+
require 'net/https'
|
6
|
+
require 'uri'
|
7
|
+
require 'open-uri'
|
8
|
+
require 'open3'
|
9
|
+
require 'json'
|
10
|
+
|
11
|
+
module ForemanScapClient
|
12
|
+
class BaseClient
|
13
|
+
attr_reader :policy_id, :config
|
14
|
+
|
15
|
+
CONFIG_FILE = '/etc/foreman_scap_client/config.yaml'
|
16
|
+
|
17
|
+
def run(policy_id, skip_upload = false)
|
18
|
+
@policy_id = policy_id
|
19
|
+
load_config
|
20
|
+
ensure_scan_files
|
21
|
+
run_in_tmpdir skip_upload
|
22
|
+
end
|
23
|
+
|
24
|
+
private
|
25
|
+
|
26
|
+
def ensure_scan_files
|
27
|
+
raise NotImplementedError
|
28
|
+
end
|
29
|
+
|
30
|
+
def policy_namespace
|
31
|
+
raise NotImplementedError
|
32
|
+
end
|
33
|
+
|
34
|
+
def upload_uri
|
35
|
+
raise NotImplementedError
|
36
|
+
end
|
37
|
+
|
38
|
+
def scan_command
|
39
|
+
raise NotImplementedError
|
40
|
+
end
|
41
|
+
|
42
|
+
def run_in_tmpdir(skip_upload)
|
43
|
+
if skip_upload
|
44
|
+
@tmp_dir = Dir.mktmpdir
|
45
|
+
scan
|
46
|
+
bzip
|
47
|
+
else
|
48
|
+
Dir.mktmpdir do |dir|
|
49
|
+
@tmp_dir = dir
|
50
|
+
scan
|
51
|
+
bzip
|
52
|
+
upload
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def policy_from_config
|
58
|
+
config && config[policy_namespace] && config[policy_namespace][@policy_id]
|
59
|
+
end
|
60
|
+
|
61
|
+
def load_config
|
62
|
+
@config ||= YAML.load_file(CONFIG_FILE)
|
63
|
+
ensure_policy_exists
|
64
|
+
rescue => e
|
65
|
+
puts 'Config file could not be loaded'
|
66
|
+
puts e.message
|
67
|
+
exit(1)
|
68
|
+
end
|
69
|
+
|
70
|
+
def scan
|
71
|
+
puts "DEBUG: running: " + scan_command
|
72
|
+
puts "with ENV vars: #{scan_command_env_vars}" unless scan_command_env_vars.empty?
|
73
|
+
|
74
|
+
if RUBY_VERSION.start_with? '1.8'
|
75
|
+
legacy_run_scan
|
76
|
+
else
|
77
|
+
run_scan
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
def run_scan
|
82
|
+
stdout_str, error_str, result = Open3.capture3(scan_command_env_vars, scan_command)
|
83
|
+
if result.success? || result.exitstatus == 2
|
84
|
+
puts error_str.split("\n").select { |item| item.start_with?('WARNING:') || item.start_with?('Downloading') }.join("\n")
|
85
|
+
@report = results_path
|
86
|
+
else
|
87
|
+
puts 'Scan failed'
|
88
|
+
puts stdout_str
|
89
|
+
puts error_str
|
90
|
+
exit(2)
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
def legacy_run_scan
|
95
|
+
warn_proxy_not_supported
|
96
|
+
result = `#{scan_command}`
|
97
|
+
|
98
|
+
if $?.success? || $?.exitstatus == 2
|
99
|
+
@report = results_path
|
100
|
+
else
|
101
|
+
puts 'Scan failed'
|
102
|
+
puts result
|
103
|
+
exit(2)
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
def scan_command_env_vars
|
108
|
+
if http_proxy_uri
|
109
|
+
{
|
110
|
+
'HTTP_PROXY' => http_proxy_uri,
|
111
|
+
'HTTPS_PROXY' => http_proxy_uri
|
112
|
+
}
|
113
|
+
else
|
114
|
+
{}
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
def http_proxy_uri
|
119
|
+
return nil unless config[:http_proxy_server] && config[:http_proxy_port]
|
120
|
+
http_proxy_server = config[:http_proxy_server]
|
121
|
+
http_proxy_port = config[:http_proxy_port]
|
122
|
+
"http://#{http_proxy_server}:#{http_proxy_port}"
|
123
|
+
end
|
124
|
+
|
125
|
+
def results_path
|
126
|
+
"#{@tmp_dir}/results.xml"
|
127
|
+
end
|
128
|
+
|
129
|
+
def results_bzip_path
|
130
|
+
"#{results_path}.bz2"
|
131
|
+
end
|
132
|
+
|
133
|
+
def warn_proxy_not_supported
|
134
|
+
puts 'Configuration for HTTP(S) proxy found but not supported for ruby 1.8' if http_proxy_uri
|
135
|
+
end
|
136
|
+
|
137
|
+
def bzip_command
|
138
|
+
"/usr/bin/env bzip2 #{results_path}"
|
139
|
+
end
|
140
|
+
|
141
|
+
def bzip
|
142
|
+
puts 'DEBUG: running: ' + bzip_command
|
143
|
+
result = `#{bzip_command}`
|
144
|
+
if !$?.success?
|
145
|
+
puts 'bzip failed'
|
146
|
+
puts results
|
147
|
+
exit(2)
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
def upload
|
152
|
+
uri = URI.parse(upload_uri)
|
153
|
+
puts "Uploading results to #{uri}"
|
154
|
+
https = generate_https_object(uri)
|
155
|
+
https.read_timeout = config[:timeout] if config[:timeout]
|
156
|
+
request = Net::HTTP::Post.new uri.path
|
157
|
+
request.body = File.read(results_bzip_path)
|
158
|
+
request['Content-Type'] = 'text/xml'
|
159
|
+
request['Content-Encoding'] = 'x-bzip2'
|
160
|
+
begin
|
161
|
+
res = https.request(request)
|
162
|
+
value = res.value
|
163
|
+
foreman_upload_result res
|
164
|
+
rescue StandardError => e
|
165
|
+
puts res.body if res
|
166
|
+
puts "Upload failed: #{e.message}"
|
167
|
+
exit(4)
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
def foreman_proxy_uri
|
172
|
+
foreman_proxy_fqdn = config[:server]
|
173
|
+
foreman_proxy_port = config[:port]
|
174
|
+
"https://#{foreman_proxy_fqdn}:#{foreman_proxy_port}"
|
175
|
+
end
|
176
|
+
|
177
|
+
def generate_https_object(uri)
|
178
|
+
https = Net::HTTP.new(uri.host, uri.port)
|
179
|
+
https.use_ssl = true
|
180
|
+
https.ciphers = config[:ciphers] if config[:ciphers]
|
181
|
+
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
182
|
+
https.ca_file = config[:ca_file]
|
183
|
+
begin
|
184
|
+
https.cert = OpenSSL::X509::Certificate.new File.read(config[:host_certificate])
|
185
|
+
https.key = OpenSSL::PKey::RSA.new File.read(config[:host_private_key])
|
186
|
+
rescue StandardError => e
|
187
|
+
puts 'Unable to load certs'
|
188
|
+
puts e.message
|
189
|
+
exit(3)
|
190
|
+
end
|
191
|
+
https
|
192
|
+
end
|
193
|
+
|
194
|
+
def ensure_policy_exists
|
195
|
+
if policy_from_config.nil?
|
196
|
+
puts "Policy id #{@policy_id} not found."
|
197
|
+
exit(1)
|
198
|
+
end
|
199
|
+
end
|
200
|
+
|
201
|
+
def ensure_file(dir, download_path, type_humanized)
|
202
|
+
return if File.exist?(policy_from_config[dir])
|
203
|
+
puts "File #{policy_from_config[dir]} is missing. Downloading it from proxy."
|
204
|
+
begin
|
205
|
+
FileUtils.mkdir_p(File.dirname(policy_from_config[dir]))
|
206
|
+
uri = URI.parse(download_uri(policy_from_config[download_path]))
|
207
|
+
puts "Download #{type_humanized} xml from: #{uri}"
|
208
|
+
request = generate_https_object(uri).get(uri.path)
|
209
|
+
request.value
|
210
|
+
content_xml = request.body
|
211
|
+
open(policy_from_config[dir], 'wb') do |file|
|
212
|
+
file << content_xml
|
213
|
+
end
|
214
|
+
rescue StandardError => e
|
215
|
+
puts "#{type_humanized} is missing and download failed with error: #{e.message}"
|
216
|
+
exit(5)
|
217
|
+
end
|
218
|
+
end
|
219
|
+
|
220
|
+
def download_uri(download_path)
|
221
|
+
foreman_proxy_uri + "#{download_path}"
|
222
|
+
end
|
223
|
+
|
224
|
+
def foreman_upload_result(response)
|
225
|
+
begin
|
226
|
+
print_upload_result JSON.parse(response.body)
|
227
|
+
rescue StandardError => e
|
228
|
+
# rescue and print nothing if older proxy version does not respond with json we expect
|
229
|
+
end
|
230
|
+
end
|
231
|
+
|
232
|
+
def print_upload_result(parsed)
|
233
|
+
if parsed['id']
|
234
|
+
puts "Report uploaded, report id: #{parsed['id']}"
|
235
|
+
else
|
236
|
+
puts "Report not uploaded from proxy to Foreman server, cause: #{parsed['result']}"
|
237
|
+
end
|
238
|
+
end
|
239
|
+
end
|
240
|
+
end
|
@@ -1,107 +1,28 @@
|
|
1
|
-
require '
|
2
|
-
require 'yaml'
|
3
|
-
require 'tmpdir'
|
4
|
-
require 'net/http'
|
5
|
-
require 'net/https'
|
6
|
-
require 'uri'
|
7
|
-
require 'open-uri'
|
8
|
-
require 'open3'
|
9
|
-
require 'json'
|
1
|
+
require 'foreman_scap_client/base_client'
|
10
2
|
|
11
3
|
module ForemanScapClient
|
12
|
-
|
13
|
-
|
14
|
-
class Client
|
15
|
-
attr_reader :config, :policy_id, :tailored
|
16
|
-
|
17
|
-
def run(policy_id)
|
18
|
-
@policy_id = policy_id
|
19
|
-
load_config
|
20
|
-
ensure_scan_file
|
21
|
-
ensure_tailoring_file
|
22
|
-
Dir.mktmpdir do |dir|
|
23
|
-
@tmp_dir = dir
|
24
|
-
scan
|
25
|
-
bzip
|
26
|
-
upload
|
27
|
-
end
|
28
|
-
end
|
4
|
+
class Client < BaseClient
|
5
|
+
attr_reader :tailored
|
29
6
|
|
30
7
|
private
|
31
8
|
|
32
|
-
def
|
33
|
-
|
34
|
-
end
|
35
|
-
|
36
|
-
def load_config
|
37
|
-
@config ||= YAML.load_file(CONFIG_FILE)
|
38
|
-
ensure_policy_exist
|
39
|
-
@tailored = @config[policy_id][:tailoring_path] && !@config[policy_id][:tailoring_path].empty?
|
40
|
-
rescue => e
|
41
|
-
puts 'Config file could not be loaded'
|
42
|
-
puts e.message
|
43
|
-
exit(1)
|
9
|
+
def policy_namespace
|
10
|
+
:ds
|
44
11
|
end
|
45
12
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
if RUBY_VERSION.start_with? '1.8'
|
50
|
-
legacy_run_scan
|
51
|
-
else
|
52
|
-
run_scan
|
53
|
-
end
|
13
|
+
# remove when we have made changes to puppet module/ansible role to start namespacing existing ds policies in config
|
14
|
+
def policy_from_config
|
15
|
+
super || @config[policy_id]
|
54
16
|
end
|
55
17
|
|
56
|
-
def
|
57
|
-
|
58
|
-
|
59
|
-
puts error_str
|
60
|
-
@report = results_path
|
61
|
-
else
|
62
|
-
puts 'Scan failed'
|
63
|
-
puts stdout_str
|
64
|
-
puts error_str
|
65
|
-
exit(2)
|
66
|
-
end
|
18
|
+
def ensure_policy_exists
|
19
|
+
super
|
20
|
+
@tailored = policy_from_config[:tailoring_path] && !policy_from_config[:tailoring_path].empty?
|
67
21
|
end
|
68
22
|
|
69
|
-
def
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
if $?.success? || $?.exitstatus == 2
|
74
|
-
@report = results_path
|
75
|
-
else
|
76
|
-
puts 'Scan failed'
|
77
|
-
puts result
|
78
|
-
exit(2)
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
def scan_command_env_vars
|
83
|
-
if http_proxy_uri
|
84
|
-
{
|
85
|
-
'HTTP_PROXY' => http_proxy_uri
|
86
|
-
}
|
87
|
-
else
|
88
|
-
{}
|
89
|
-
end
|
90
|
-
end
|
91
|
-
|
92
|
-
def http_proxy_uri
|
93
|
-
return nil unless config[:http_proxy_server] && config[:http_proxy_port]
|
94
|
-
http_proxy_server = config[:http_proxy_server]
|
95
|
-
http_proxy_port = config[:http_proxy_port]
|
96
|
-
"http://#{http_proxy_server}:#{http_proxy_port}"
|
97
|
-
end
|
98
|
-
|
99
|
-
def results_path
|
100
|
-
"#{@tmp_dir}/results.xml"
|
101
|
-
end
|
102
|
-
|
103
|
-
def results_bzip_path
|
104
|
-
"#{results_path}.bz2"
|
23
|
+
def ensure_scan_files
|
24
|
+
ensure_scan_file
|
25
|
+
ensure_tailoring_file if tailored
|
105
26
|
end
|
106
27
|
|
107
28
|
def scan_command
|
@@ -122,118 +43,17 @@ module ForemanScapClient
|
|
122
43
|
tailored ? "--tailoring-file #{config[policy_id][:tailoring_path]}" : ""
|
123
44
|
end
|
124
45
|
|
125
|
-
def bzip_command
|
126
|
-
"/usr/bin/env bzip2 #{results_path}"
|
127
|
-
end
|
128
|
-
|
129
|
-
def bzip
|
130
|
-
puts 'DEBUG: running: ' + bzip_command
|
131
|
-
result = `#{bzip_command}`
|
132
|
-
if !$?.success?
|
133
|
-
puts 'bzip failed'
|
134
|
-
puts results
|
135
|
-
exit(2)
|
136
|
-
end
|
137
|
-
end
|
138
|
-
|
139
|
-
def upload
|
140
|
-
uri = URI.parse(upload_uri)
|
141
|
-
puts "Uploading results to #{uri}"
|
142
|
-
https = generate_https_object(uri)
|
143
|
-
request = Net::HTTP::Post.new uri.path
|
144
|
-
request.body = File.read(results_bzip_path)
|
145
|
-
request['Content-Type'] = 'text/xml'
|
146
|
-
request['Content-Encoding'] = 'x-bzip2'
|
147
|
-
begin
|
148
|
-
res = https.request(request)
|
149
|
-
value = res.value
|
150
|
-
foreman_upload_result res
|
151
|
-
rescue StandardError => e
|
152
|
-
puts res.body if res
|
153
|
-
puts "Upload failed: #{e.message}"
|
154
|
-
exit(4)
|
155
|
-
end
|
156
|
-
end
|
157
46
|
|
158
47
|
def upload_uri
|
159
48
|
foreman_proxy_uri + "/compliance/arf/#{@policy_id}"
|
160
49
|
end
|
161
50
|
|
162
|
-
def foreman_proxy_uri
|
163
|
-
foreman_proxy_fqdn = config[:server]
|
164
|
-
foreman_proxy_port = config[:port]
|
165
|
-
"https://#{foreman_proxy_fqdn}:#{foreman_proxy_port}"
|
166
|
-
end
|
167
|
-
|
168
|
-
def generate_https_object(uri)
|
169
|
-
https = Net::HTTP.new(uri.host, uri.port)
|
170
|
-
https.use_ssl = true
|
171
|
-
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
172
|
-
https.ca_file = config[:ca_file]
|
173
|
-
begin
|
174
|
-
https.cert = OpenSSL::X509::Certificate.new File.read(config[:host_certificate])
|
175
|
-
https.key = OpenSSL::PKey::RSA.new File.read(config[:host_private_key])
|
176
|
-
rescue StandardError => e
|
177
|
-
puts 'Unable to load certs'
|
178
|
-
puts e.message
|
179
|
-
exit(3)
|
180
|
-
end
|
181
|
-
https
|
182
|
-
end
|
183
|
-
|
184
|
-
def ensure_policy_exist
|
185
|
-
if config[@policy_id].nil?
|
186
|
-
puts "Policy id #{@policy_id} not found."
|
187
|
-
exit(1)
|
188
|
-
end
|
189
|
-
end
|
190
|
-
|
191
|
-
def ensure_file(dir, download_path, type_humanized)
|
192
|
-
return if File.exist?(config[policy_id][dir])
|
193
|
-
puts "File #{config[policy_id][dir]} is missing. Downloading it from proxy."
|
194
|
-
begin
|
195
|
-
FileUtils.mkdir_p(File.dirname(config[policy_id][dir]))
|
196
|
-
uri = URI.parse(download_uri(config[policy_id][download_path]))
|
197
|
-
puts "Download #{type_humanized} xml from: #{uri}"
|
198
|
-
request = generate_https_object(uri).get(uri.path)
|
199
|
-
request.value
|
200
|
-
ds_content_xml = request.body
|
201
|
-
open(config[policy_id][dir], 'wb') do |file|
|
202
|
-
file << ds_content_xml
|
203
|
-
end
|
204
|
-
rescue StandardError => e
|
205
|
-
puts "#{type_humanized} is missing and download failed with error: #{e.message}"
|
206
|
-
exit(5)
|
207
|
-
end
|
208
|
-
end
|
209
|
-
|
210
51
|
def ensure_scan_file
|
211
52
|
ensure_file :content_path, :download_path, "SCAP content"
|
212
53
|
end
|
213
54
|
|
214
55
|
def ensure_tailoring_file
|
215
|
-
return unless tailored
|
216
56
|
ensure_file :tailoring_path, :tailoring_download_path, "Tailoring file"
|
217
57
|
end
|
218
|
-
|
219
|
-
def download_uri(download_path)
|
220
|
-
foreman_proxy_uri + "#{download_path}"
|
221
|
-
end
|
222
|
-
|
223
|
-
def foreman_upload_result(response)
|
224
|
-
begin
|
225
|
-
print_upload_result JSON.parse(response.body)
|
226
|
-
rescue StandardError => e
|
227
|
-
# rescue and print nothing if older proxy version does not respond with json we expect
|
228
|
-
end
|
229
|
-
end
|
230
|
-
|
231
|
-
def print_upload_result(parsed)
|
232
|
-
if parsed['id']
|
233
|
-
puts "Report uploaded, report id: #{parsed['id']}"
|
234
|
-
else
|
235
|
-
puts "Report not uploaded from proxy to Foreman server, cause: #{parsed['result']}"
|
236
|
-
end
|
237
|
-
end
|
238
58
|
end
|
239
59
|
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require 'foreman_scap_client/base_client'
|
2
|
+
|
3
|
+
module ForemanScapClient
|
4
|
+
class OvalClient < BaseClient
|
5
|
+
private
|
6
|
+
|
7
|
+
def policy_namespace
|
8
|
+
:oval
|
9
|
+
end
|
10
|
+
|
11
|
+
def ensure_scan_files
|
12
|
+
ensure_file :content_path, :download_path, "OVAL content"
|
13
|
+
end
|
14
|
+
|
15
|
+
def upload_uri
|
16
|
+
foreman_proxy_uri + "/compliance/oval_reports/#{@policy_id}"
|
17
|
+
end
|
18
|
+
|
19
|
+
def scan_command
|
20
|
+
"oscap oval eval --results #{results_path} #{policy_from_config[:content_path]}"
|
21
|
+
end
|
22
|
+
|
23
|
+
def print_upload_result(parsed)
|
24
|
+
if parsed['reported_at']
|
25
|
+
puts "Report successfully uploaded at #{parsed['reported_at']}"
|
26
|
+
else
|
27
|
+
puts "Report not uploaded, cause: #{parsed['result']}"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: foreman_scap_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marek Hulan
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2021-05-18 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: bundler
|
@@ -56,7 +56,9 @@ files:
|
|
56
56
|
- bin/foreman_scap_client
|
57
57
|
- config/config.yaml.example
|
58
58
|
- lib/foreman_scap_client.rb
|
59
|
+
- lib/foreman_scap_client/base_client.rb
|
59
60
|
- lib/foreman_scap_client/client.rb
|
61
|
+
- lib/foreman_scap_client/oval_client.rb
|
60
62
|
- lib/foreman_scap_client/version.rb
|
61
63
|
homepage: https://github.com/openscap/foreman_scap_client
|
62
64
|
licenses:
|
@@ -78,8 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
78
80
|
version: '0'
|
79
81
|
requirements:
|
80
82
|
- bzip2
|
81
|
-
|
82
|
-
rubygems_version: 2.6.8
|
83
|
+
rubygems_version: 3.1.2
|
83
84
|
signing_key:
|
84
85
|
specification_version: 4
|
85
86
|
summary: Client script that runs openscap scan and uploads the result to foreman proxy
|