logstash_auditor 0.0.5 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -2
  3. data/lib/logstash_auditor/auditor.rb +24 -84
  4. data/lib/logstash_auditor/version.rb +1 -1
  5. data/logstash_auditor.gemspec +2 -1
  6. data/sanity/sanity.rb +3 -4
  7. metadata +16 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4a48638193dc463da2061eabdf14e5c0fdd301ef
4
- data.tar.gz: 22fece4261c92559d60f777a1523b2d2e3ed2f66
3
+ metadata.gz: 030aece775d1f1ce076e855a14509541b9033677
4
+ data.tar.gz: 7b324939d42281d8081c63fc2c34fcfa827b0024
5
5
  SHA512:
6
- metadata.gz: 7c02dcd0bb18389ca6679c76e22fb7178e39ff9566ec730b202b6321aac09c3528ba61bda10e2a4fac1179e9d04d3fa07ef1c8965abb105b89df782c766a58b6
7
- data.tar.gz: a29d438577478f3d09907eb0e9adc14b6974121f177f7c24b07e3b911fab84bf465399296de059c9a585a8804e428eecfbdf58c5e6f5b0b26fb7496c52c23e37
6
+ metadata.gz: 8ddc607e7296a894cea671daba9408a25dc6782634f9256b7bba979ec3a2960a7ec7ad69658f3ddef78242d8dd34db7a6eabfe956f19c2c676ba5f73fa6f8665
7
+ data.tar.gz: e6b6cfa9edfda84fd7d70ec929bdf1c906bea5eb3c0b0535d3cdbc0a017560c64dcc7e42dc5e15b4ba536a59ed11eac8e1b3b81a6ca9e7bcab835d15bcc13c8b
data/README.md CHANGED
@@ -50,14 +50,13 @@ Initialize and configure the auditor so:
50
50
  @iut = LogstashAuditor::LogstashAuditor.new
51
51
  @logstash_configuration =
52
52
  { "host_url" => "http://localhost:8080",
53
- "use_ssl" => false,
54
53
  "username" => "something",
55
54
  "password" => "something",
56
55
  "timeout" => 3}
57
56
  @iut.configure(@valid_logstash_configuration)
58
57
  ```
59
58
 
60
- Audit using the API methods, e.g.:
59
+ Audit using the inherited API methods, e.g.:
61
60
 
62
61
  ```
63
62
  @iut.event(flow_id, "This is a test event")
data/lib/logstash_auditor/auditor.rb CHANGED
@@ -1,105 +1,45 @@
1
- require 'json'
2
1
  require "net/http"
3
- require "uri"
2
+ require "soar_auditor_api"
4
3
 
5
4
  module LogstashAuditor
6
- class LogstashAuditor
7
- attr_reader :has_been_configured
8
- attr_reader :configuration
5
+ class LogstashAuditor < SoarAuditorApi::SoarAuditorAPI
9
6
 
10
- def initialize
11
- @has_been_configured = false
12
- end
13
-
14
- def configure(configuration = nil)
15
- raise ArgumentError, "No configuration provided" if configuration == nil
16
- raise ArgumentError, "Invalid configuration provided" unless configuration_is_good(configuration)
17
-
18
- @configuration = configuration
19
- @has_been_configured = true
20
- end
21
-
22
- def debug(data)
23
- event(data)
24
- end
25
-
26
- def info(data)
27
- event(data)
28
- end
29
-
30
- def error(data)
31
- event(data)
32
- end
33
-
34
- def warn(data)
35
- event(data)
36
- end
37
-
38
- def fatal(data)
39
- event(data)
40
- end
41
-
42
- def <<(data)
43
- event(data)
7
+ #inversion of control method required by the SoarAuditorAPI
8
+ def configuration_is_valid(configuration)
9
+ required_parameters = ["host_url", "username", "password"]
10
+ required_parameters.each { |parameter| return false unless configuration.include?(parameter) }
11
+ return true
44
12
  end
45
13
 
46
- def event(data)
47
- data = { "message" => data }
48
- send_event( data )
14
+ #inversion of control method required by the SoarAuditorAPI
15
+ def audit(audit_data)
16
+ request = create_request(audit_data)
17
+ http = create_http_transport
18
+ send_request_to_server(http, request)
49
19
  end
50
20
 
51
21
  private
52
22
 
53
- def send_event(data)
23
+ def create_http_transport
54
24
  uri = URI.parse(@configuration["host_url"])
55
25
  http = Net::HTTP.new(uri.host, uri.port)
26
+ http.use_ssl = true if uri.is_a?(URI::HTTPS)
56
27
  http.read_timeout = @configuration["timeout"]
57
28
  http.open_timeout = @configuration["timeout"]
29
+ return http
30
+ end
58
31
 
59
- if @configuration["use_ssl"]
60
- http.use_ssl = true
61
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE
62
- end
63
-
64
- request = Net::HTTP::Post.new(uri.request_uri, initheader = {'Content-Type' =>'application/json'})
32
+ def create_request(audit_data)
33
+ request = Net::HTTP::Post.new("/", initheader = {'Content-Type' => 'application/json'})
65
34
  request.basic_auth(@configuration["username"], @configuration["password"])
66
- request.body = data.to_json
67
-
68
- response = http.request(request)
69
-
70
- case response.code
71
- when "200"
72
- return :success
73
- when "401"
74
- puts "Authorization failure contacting to logstash"
75
- else
76
- puts "Failure " + response.code + " communicating with logstash"
77
- end
78
- return :failure
35
+ request.body = audit_data
36
+ return request
79
37
  end
80
38
 
81
- def configuration_is_good(configuration)
82
- unless configuration.include?("host_url")
83
- puts "Parameter host_url not provided in configuration"
84
- return false
85
- end
86
- unless configuration.include?("use_ssl")
87
- puts "Parameter use_ssl not provided in configuration"
88
- return false
89
- end
90
- unless configuration.include?("username")
91
- puts "Parameter username not provided in configuration"
92
- return false
93
- end
94
- unless configuration.include?("password")
95
- puts "Parameter password not provided in configuration"
96
- return false
97
- end
98
- unless configuration.include?("timeout")
99
- puts "Parameter timeout not provided in configuration"
100
- return false
101
- end
102
- return true
39
+ def send_request_to_server(http, request)
40
+ response = http.request(request) rescue nil
41
+ raise StandardError, 'Failed to create connection' if response.nil?
42
+ raise StandardError, "Server rejected post with error code #{response.code}" unless response.code == "200"
103
43
  end
104
44
  end
105
45
  end
data/lib/logstash_auditor/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module LogstashAuditor
2
- VERSION = "0.0.5"
2
+ VERSION = "0.0.6"
3
3
  end
data/logstash_auditor.gemspec CHANGED
@@ -26,5 +26,6 @@ Gem::Specification.new do |spec|
26
26
  spec.add_development_dependency "elasticsearch", "~> 1"
27
27
 
28
28
  spec.add_dependency "http", "~> 2"
29
-
29
+ spec.add_dependency "soar_auditor_api", "~> 0.0"
30
+
30
31
  end
data/sanity/sanity.rb CHANGED
@@ -5,16 +5,15 @@ class Main
5
5
  @iut = LogstashAuditor::LogstashAuditor.new
6
6
  @valid_logstash_configuration =
7
7
  { "host_url" => "http://localhost:8080",
8
- "use_ssl" => false,
9
- "username" => "something",
10
- "password" => "something",
8
+ "username" => "auditorusername",
9
+ "password" => "auditorpassword",
11
10
  "timeout" => 3}
12
11
  @iut.configure(@valid_logstash_configuration)
13
12
 
14
13
  require 'digest'
15
14
  flow_id = Digest::SHA256.hexdigest("#{Time.now.to_i}#{rand(4000000)}")
16
15
 
17
- @iut.event(flow_id, "This is a test event")
16
+ @iut.warn(flow_id, "This is a test event")
18
17
  end
19
18
  end
20
19
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash_auditor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Barney de Villiers
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-05-18 00:00:00.000000000 Z
11
+ date: 2016-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -94,6 +94,20 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '2'
97
+ - !ruby/object:Gem::Dependency
98
+ name: soar_auditor_api
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '0.0'
104
+ type: :runtime
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '0.0'
97
111
  description: Logstash implementation of SOAR architecture auditing allowing easy publishing
98
112
  of events to a centralized logstash collection engine
99
113
  email: