foreman_scap_client 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/config/config.yaml.example +7 -0
- data/lib/foreman_scap_client/client.rb +48 -5
- data/lib/foreman_scap_client/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2e702d979ef4efb30e81f353704aa35d9329cdcb
|
|
4
|
+
data.tar.gz: 8637950187141f8c7b9a7ab74b8396da710d31e1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 616bb33708a3d3f2ca6644812ffc392126074d79a04e4dd7746a2a76b263dd8b4277fd8229f1ed6709f2791fdfbf415fef721750934ee579c3e180934be73a91
|
|
7
|
+
data.tar.gz: a66ed283164da3cf15c2fa32b1fd168d007ddafa6d10a0750fca694c394717185d1cd4e1fec3a7da8d77811a9e5feb6316adf8f0f71ff68bb545b0bd7ad9f047
|
data/config/config.yaml.example
CHANGED
|
@@ -2,6 +2,13 @@
|
|
|
2
2
|
:server: 'foreman_proxy.example.com'
|
|
3
3
|
:port: 8443
|
|
4
4
|
|
|
5
|
+
# Should --fetch-remote-resources be added to `oscap xccdf eval` command
|
|
6
|
+
:fetch_remote_resources: true
|
|
7
|
+
|
|
8
|
+
# HTTP proxy server for downloading remote resources
|
|
9
|
+
:http_proxy_server:
|
|
10
|
+
:http_proxy_port:
|
|
11
|
+
|
|
5
12
|
# SSL specific options
|
|
6
13
|
:ca_file: '/var/lib/puppet/ssl/certs/ca.pem'
|
|
7
14
|
# this client certificate, usually the same that puppet agent use
|
|
@@ -4,6 +4,8 @@ require 'net/http'
|
|
|
4
4
|
require 'net/https'
|
|
5
5
|
require 'uri'
|
|
6
6
|
require 'open-uri'
|
|
7
|
+
require 'open3'
|
|
8
|
+
require 'json'
|
|
7
9
|
|
|
8
10
|
module ForemanScapClient
|
|
9
11
|
CONFIG_FILE = '/etc/foreman_scap_client/config.yaml'
|
|
@@ -38,16 +40,35 @@ module ForemanScapClient
|
|
|
38
40
|
|
|
39
41
|
def scan
|
|
40
42
|
puts "DEBUG: running: " + scan_command
|
|
41
|
-
result =
|
|
42
|
-
if
|
|
43
|
+
stdout_str, error_str, result = Open3.capture3(scan_command_env_vars, scan_command)
|
|
44
|
+
if result.success? || result.exitstatus == 2
|
|
43
45
|
@report = results_path
|
|
44
46
|
else
|
|
45
47
|
puts 'Scan failed'
|
|
46
|
-
puts
|
|
48
|
+
puts stdout_str
|
|
49
|
+
puts error_str
|
|
47
50
|
exit(2)
|
|
48
51
|
end
|
|
49
52
|
end
|
|
50
53
|
|
|
54
|
+
def scan_command_env_vars
|
|
55
|
+
if http_proxy_uri
|
|
56
|
+
{
|
|
57
|
+
'HTTP_PROXY' => http_proxy_uri,
|
|
58
|
+
'HTTPS_PROXY' => http_proxy_uri
|
|
59
|
+
}
|
|
60
|
+
else
|
|
61
|
+
{}
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def http_proxy_uri
|
|
66
|
+
return nil unless config[:http_proxy_server] && config[:http_proxy_port]
|
|
67
|
+
http_proxy_server = config[:http_proxy_server]
|
|
68
|
+
http_proxy_port = config[:http_proxy_port]
|
|
69
|
+
"http://#{http_proxy_server}:#{http_proxy_port}"
|
|
70
|
+
end
|
|
71
|
+
|
|
51
72
|
def results_path
|
|
52
73
|
"#{@tmp_dir}/results.xml"
|
|
53
74
|
end
|
|
@@ -62,7 +83,12 @@ module ForemanScapClient
|
|
|
62
83
|
else
|
|
63
84
|
profile = ''
|
|
64
85
|
end
|
|
65
|
-
|
|
86
|
+
fetch_remote_resources = if config[:fetch_remote_resources]
|
|
87
|
+
'--fetch-remote-resources'
|
|
88
|
+
else
|
|
89
|
+
''
|
|
90
|
+
end
|
|
91
|
+
"oscap xccdf eval #{fetch_remote_resources} #{profile} #{tailoring_subcommand} --results-arf #{results_path} #{config[@policy_id][:content_path]}"
|
|
66
92
|
end
|
|
67
93
|
|
|
68
94
|
def tailoring_subcommand
|
|
@@ -93,7 +119,8 @@ module ForemanScapClient
|
|
|
93
119
|
request['Content-Encoding'] = 'x-bzip2'
|
|
94
120
|
begin
|
|
95
121
|
res = https.request(request)
|
|
96
|
-
res.value
|
|
122
|
+
value = res.value
|
|
123
|
+
foreman_upload_result res
|
|
97
124
|
rescue StandardError => e
|
|
98
125
|
puts res.body if res
|
|
99
126
|
puts "Upload failed: #{e.message}"
|
|
@@ -165,5 +192,21 @@ module ForemanScapClient
|
|
|
165
192
|
def download_uri(download_path)
|
|
166
193
|
foreman_proxy_uri + "#{download_path}"
|
|
167
194
|
end
|
|
195
|
+
|
|
196
|
+
def foreman_upload_result(response)
|
|
197
|
+
begin
|
|
198
|
+
print_upload_result JSON.parse(response.body)
|
|
199
|
+
rescue StandardError => e
|
|
200
|
+
# rescue and print nothing if older proxy version does not respond with json we expect
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
def print_upload_result(parsed)
|
|
205
|
+
if parsed['id']
|
|
206
|
+
puts "Report uploaded, report id: #{parsed['id']}"
|
|
207
|
+
else
|
|
208
|
+
puts "Report not uploaded from proxy to Foreman server, cause: #{parsed['result']}"
|
|
209
|
+
end
|
|
210
|
+
end
|
|
168
211
|
end
|
|
169
212
|
end
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_scap_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marek Hulan
|
|
8
|
-
-
|
|
8
|
+
- Šimon Lukašík
|
|
9
9
|
- Shlomi Zadok
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date:
|
|
13
|
+
date: 2018-10-12 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: bundler
|
|
@@ -79,7 +79,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
79
79
|
requirements:
|
|
80
80
|
- "/usr/bin/bzip2"
|
|
81
81
|
rubyforge_project:
|
|
82
|
-
rubygems_version: 2.
|
|
82
|
+
rubygems_version: 2.6.8
|
|
83
83
|
signing_key:
|
|
84
84
|
specification_version: 4
|
|
85
85
|
summary: Client script that runs openscap scan and uploads the result to foreman proxy
|