RubyGems - logstash_auditor - Versions diffs - 1.0.1 → 1.1.0 - Mend

logstash_auditor 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +28 -9
data/lib/logstash_auditor/auditor.rb +5 -0
data/lib/logstash_auditor/version.rb +1 -1
data/logstash_auditor.gemspec +1 -1
data/sanity/Gemfile +1 -1
data/sanity/sanity.rb +6 -0
metadata +5 -6
data/.travis.yml +0 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1e0fd6676dbd7bd6b2049f89f663176671632706
-  data.tar.gz: b595f455e1be70f9794aabfe557fde24f52c821b
+  metadata.gz: 2ab15fbb437df572cc228b13e35469d7a2800946
+  data.tar.gz: c8078a1bfc77a5c22d55f8ab544831392d3a3799
 SHA512:
-  metadata.gz: 43bdd4f0b32ed2eb4ec328ce9705724cc77ea640adb8e337a4afcd2328982459c28a697fc1baddbea5282ad1b4c51a1a575b5e2ca81f06594ad6902352814722
-  data.tar.gz: a1fc333997aac59cae05e55b35cd5afaccc1b657df3d5033c7188b3cc55bae2caa4853aaa0937b939f331913010c4691d374cf60c778eafbfc293247d8475547
+  metadata.gz: cce478ec437587c1a5bcff5214f96e52bd207037289fb21d01402a4f0a781200bb62647d09b693ad08c65e61ba68a9b3ce288519d9ddc0305c3f3f08cc95ca0f
+  data.tar.gz: e961399424d11bc91aad6b8216e2deed082148179f31b8d87f7a404f5b9709294d074380247e703652e5f0d52789667630e7e461714ca5015e11a9ed62cbbcef

data/README.md CHANGED Viewed

@@ -17,11 +17,15 @@ gem 'logstash_auditor'
 And then execute:
-    $ bundle
+```bash
+  bundle
+```
 Or install it yourself as:
-    $ gem install logstash_auditor
+```bash
+  gem install logstash_auditor
+  ```
 ## Configuration of Logstash Server
@@ -34,27 +38,42 @@ Behavioural driven testing can be performed by testing against a local ELK docke
 First you need to generate the certificates needed for authenticating the client to the server and the server itself.
-    $ ./spec/support/certificates/setup_certificates_for_logstash_testing.sh
+```bash
+  ./spec/support/certificates/setup_certificates_for_logstash_testing.sh
+```
 Start a docker container with the ELK stack:
-    $ docker run -d --name elk_test_service -v $(pwd)/spec/support/logstash_conf.d:/etc/logstash/conf.d -v $(pwd)/spec/support/certificates:/etc/logstash/certs -p 9300:9300 -p 9200:9200 -p 5000:5000 -p 5044:5044 -p 5601:5601 -p 8081:8080 sebp/elk
+```bash
+  docker run -d --name elk_test_service -v $(pwd)/spec/support/logstash_conf.d:/etc/logstash/conf.d -v $(pwd)/spec/support/certificates:/etc/logstash/certs -p 9300:9300 -p 9200:9200 -p 5000:5000 -p 5044:5044 -p 5601:5601 -p 8081:8080 sebp/elk:es234_l234_k453
+```
 Wait about 30 seconds for image to fire up. Then perform the tests:
-    $ bundle exec rspec -cfd spec/*
+```bash
+  bundle exec rspec -cfd spec/*
+```
 Note that in order to ensure that the processing has occurred on Elastic Search
 there is a 2 second delay between each event submission request and the search request
 Debugging the docker image:
-    $ docker exec -it elk_test_service bash
-    $ docker stop elk_test_service
-    $ docker rm -f elk_test_service
+```bash
+  docker exec -it elk_test_service bash
+  docker stop elk_test_service
+  docker rm -f elk_test_service
+```
 Manual sending of an audit event to docker ELK stack:
+```bash
+  curl -iv -E ./spec/support/certificates/selfsigned/selfsigned_registered.cert.pem --key ./spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem https://localhost:8081 -d "message=soar_logstash_test" --insecure
+```
-    $ curl -iv -E ./spec/support/certificates/selfsigned/selfsigned_registered.cert.pem --key ./spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem https://localhost:8081 -d "message=soar_logstash_test" --insecure
+View the audit events created on the Kibana interface:
+```bash
+  http://localhost:5601/app/kibana#/discover?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-15m,mode:quick,to:now))&_a=(columns:!(_source),index:'*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!('@timestamp',desc))
+```
 ## Usage

data/lib/logstash_auditor/auditor.rb CHANGED Viewed

@@ -10,6 +10,11 @@ module LogstashAuditor
       certificate_auth_configuration_valid?(configuration)
     end
+    #inversion of control method required by the AuditorAPI
+    def prefer_direct_call?
+      false
+    end
     #inversion of control method required by the AuditorAPI
     def audit(audit_data)
       request = create_request(audit_data)

data/lib/logstash_auditor/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module LogstashAuditor
-  VERSION = "1.0.1"
+  VERSION = "1.1.0"
 end

data/logstash_auditor.gemspec CHANGED Viewed

@@ -27,6 +27,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "soar_auditing_format", "~> 0.0.5"
   spec.add_dependency "http", "~> 2"
-  spec.add_dependency "soar_auditor_api", "~> 0.0.12"
+  spec.add_dependency "soar_auditor_api", "~> 1.0"
 end

data/sanity/Gemfile CHANGED Viewed

@@ -1,4 +1,4 @@
 source 'https://rubygems.org'
-gem 'logstash_auditor', "~> 1.0.1"
+gem 'logstash_auditor', path: '../'
 gem "soar_auditing_format", "~> 0.0.5"

data/sanity/sanity.rb CHANGED Viewed

@@ -16,6 +16,12 @@ class Main
     my_optional_operation_field = SoarAuditingFormatter::Formatter.optional_field_format("operation", "Http.Get")
     my_optional_method_name_field = SoarAuditingFormatter::Formatter.optional_field_format("method", "#{self.class}::#{__method__}::#{__LINE__}")
     @iut.debug(SoarAuditingFormatter::Formatter.format(:debug,'my-sanity-service-id',SecureRandom.hex(32),Time.now.iso8601(3),"#{my_optional_method_name_field}#{my_optional_operation_field} test message with optional fields"))
+    my_optional_analytics_field = SoarAuditingFormatter::Formatter.optional_field_format("soar_time_value", rand() * 10)
+    @iut.debug(SoarAuditingFormatter::Formatter.format(:debug,'my-sanity-service-id',SecureRandom.hex(32),Time.now.iso8601(3),"#{my_optional_analytics_field}test message with analytics field"))
+    @iut.debug(SoarAuditingFormatter::Formatter.format(:debug,'my-sanity-service-id',SecureRandom.hex(32),Time.now.iso8601(3),"test message without analytics field"))
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash_auditor
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Barney de Villiers
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-09-02 00:00:00.000000000 Z
+date: 2017-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.12
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.12
+        version: '1.0'
 description: Logstash implementation of SOAR architecture auditing allowing easy publishing
   of events to a centralized logstash collection engine
 email:
@@ -134,7 +134,6 @@ files:
 - ".rspec"
 - ".ruby-gemset"
 - ".ruby-version"
-- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -169,7 +168,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: Logstash implementation of SOAR architecture auditing

data/.travis.yml DELETED Viewed

@@ -1,4 +0,0 @@
-language: ruby
-rvm:
-  - 2.2.2
-before_install: gem install bundler -v 1.11.2