logstash_auditor 0.0.10 → 0.0.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -4
- data/lib/logstash_auditor/auditor.rb +1 -1
- data/lib/logstash_auditor/version.rb +1 -1
- data/logstash_auditor.gemspec +1 -1
- data/sanity/Gemfile +1 -1
- data/sanity/sanity.rb +1 -4
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7078c71ac9bc1d415fc2ef731c8b1b4144f28ffc
|
|
4
|
+
data.tar.gz: 52a20a155a37a954ce73001673268ade2875ea23
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6eea2c171322c362df0bb31cedef093bb9a27b81474cf85a61ff0ddf4533e33bb8260b653fe80c9f1c2e069a73eabf874b767f476ee93dd19402db49962d3d4b
|
|
7
|
+
data.tar.gz: 36cbc1877230476134423fcf7255700b61209ac627b0daec195f018c23d8b84fc81a2183febe4648f7dc5797b189312a508536719013bbd4f9617878c7bee03f
|
data/README.md
CHANGED
|
@@ -23,6 +23,11 @@ Or install it yourself as:
|
|
|
23
23
|
|
|
24
24
|
$ gem install logstash_auditor
|
|
25
25
|
|
|
26
|
+
## Configuration of Logstash Server
|
|
27
|
+
|
|
28
|
+
The logstash server must be configured using the configuration in the folder spec/support/logstash_conf.d
|
|
29
|
+
This configuration is used by the docker image during the TDD tests which ensures that this gem and the server configuration is compatible.
|
|
30
|
+
|
|
26
31
|
## Testing
|
|
27
32
|
|
|
28
33
|
Behavioural driven testing can be performed by testing against a local ELK docker image:
|
|
@@ -79,10 +84,7 @@ class Main
|
|
|
79
84
|
"timeout" => 3}
|
|
80
85
|
@iut.configure(@logstash_configuration)
|
|
81
86
|
|
|
82
|
-
|
|
83
|
-
flow_id = Digest::SHA256.hexdigest("#{Time.now.to_i}#{rand(4000000)}")
|
|
84
|
-
|
|
85
|
-
@iut.warn("#{flow_id}:#{Time.now.utc.iso8601(3)}::test1234")
|
|
87
|
+
@iut.warn("#{SecureRandom.hex(32)}:#{Time.now.utc.iso8601(3)}:test1234")
|
|
86
88
|
end
|
|
87
89
|
end
|
|
88
90
|
|
|
@@ -5,7 +5,7 @@ module LogstashAuditor
|
|
|
5
5
|
class LogstashAuditor < SoarAuditorApi::AuditorAPI
|
|
6
6
|
|
|
7
7
|
#inversion of control method required by the AuditorAPI
|
|
8
|
-
def configuration_is_valid(configuration)
|
|
8
|
+
def configuration_is_valid?(configuration)
|
|
9
9
|
required_parameters = ["host_url", "username", "password"]
|
|
10
10
|
required_parameters.each { |parameter| return false unless configuration.include?(parameter) }
|
|
11
11
|
return true
|
data/logstash_auditor.gemspec
CHANGED
data/sanity/Gemfile
CHANGED
data/sanity/sanity.rb
CHANGED
|
@@ -11,10 +11,7 @@ class Main
|
|
|
11
11
|
"timeout" => 3}
|
|
12
12
|
@iut.configure(@logstash_configuration)
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
flow_id = Digest::SHA256.hexdigest("#{Time.now.to_i}#{rand(4000000)}")
|
|
16
|
-
|
|
17
|
-
@iut.warn("#{flow_id}:#{Time.now.utc.iso8601(3)}::test1234")
|
|
14
|
+
@iut.warn("#{SecureRandom.hex(32)}:#{Time.now.utc.iso8601(3)}:test1234")
|
|
18
15
|
end
|
|
19
16
|
end
|
|
20
17
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash_auditor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Barney de Villiers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 0.0.
|
|
103
|
+
version: 0.0.5
|
|
104
104
|
type: :runtime
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 0.0.
|
|
110
|
+
version: 0.0.5
|
|
111
111
|
description: Logstash implementation of SOAR architecture auditing allowing easy publishing
|
|
112
112
|
of events to a centralized logstash collection engine
|
|
113
113
|
email:
|