logstash_auditor 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2ab15fbb437df572cc228b13e35469d7a2800946
4
- data.tar.gz: c8078a1bfc77a5c22d55f8ab544831392d3a3799
3
+ metadata.gz: cf167e8f8c9c9fa493029eb5e3ac225f881bf02b
4
+ data.tar.gz: 7d90420e878b53fbf68401d8d59a98156c63019b
5
5
  SHA512:
6
- metadata.gz: cce478ec437587c1a5bcff5214f96e52bd207037289fb21d01402a4f0a781200bb62647d09b693ad08c65e61ba68a9b3ce288519d9ddc0305c3f3f08cc95ca0f
7
- data.tar.gz: e961399424d11bc91aad6b8216e2deed082148179f31b8d87f7a404f5b9709294d074380247e703652e5f0d52789667630e7e461714ca5015e11a9ed62cbbcef
6
+ metadata.gz: 303aedb8e9b885c357a381628b76b575ed10742973437de563cbb2a3078eddc46de7e52daa04a7c788a41bcae477f32823921bb27014b702cba200e2ec56b179
7
+ data.tar.gz: cc271f17337a7a4e48d31c4fdfc3cdec7a4b8963771d1c1615eadfa0f75ca2927e51f4da372369c4b94b9df7550552852a03cc279938c8e64850dcd49ed551b1
@@ -0,0 +1,10 @@
1
+ FROM ruby:2.3.0
2
+
3
+ WORKDIR /usr/local/src/
4
+
5
+ ADD . /usr/local/src/
6
+ RUN cd /usr/local/src/
7
+ RUN gem install bundler
8
+ RUN bundle install
9
+
10
+ CMD bundle exec rspec -cfd spec/*
data/README.md CHANGED
@@ -32,6 +32,25 @@ Or install it yourself as:
32
32
  The logstash server must be configured using the configuration in the folder spec/support/logstash_conf.d and spec/support/certificates.
33
33
  This configuration is used by the docker image during the TDD tests which ensures that this gem and the server configuration is compatible.
34
34
 
35
+ ## Testing for CI purposes
36
+
37
+ ```bash
38
+ #!/bin/bash
39
+ ./spec/support/certificates/setup_certificates_for_logstash_testing.sh
40
+ source retry.sh
41
+ export UID
42
+ retry 3 docker-compose down
43
+ retry 3 docker-compose build --force-rm --no-cache
44
+
45
+ set -e
46
+ retry 3 docker-compose -f docker-compose-isolated.yml run --rm test
47
+ EXIT_CODE=$?
48
+ set +e
49
+
50
+ docker-compose down
51
+ exit $EXIT_CODE
52
+ ```
53
+
35
54
  ## Testing
36
55
 
37
56
  Behavioural driven testing can be performed by testing against a local ELK docker image.
@@ -42,31 +61,23 @@ First you need to generate the certificates needed for authenticating the client
42
61
  ./spec/support/certificates/setup_certificates_for_logstash_testing.sh
43
62
  ```
44
63
 
45
- Start a docker container with the ELK stack:
64
+ Then perform the tests:
46
65
 
47
66
  ```bash
48
- docker run -d --name elk_test_service -v $(pwd)/spec/support/logstash_conf.d:/etc/logstash/conf.d -v $(pwd)/spec/support/certificates:/etc/logstash/certs -p 9300:9300 -p 9200:9200 -p 5000:5000 -p 5044:5044 -p 5601:5601 -p 8081:8080 sebp/elk:es234_l234_k453
49
- ```
50
-
51
- Wait about 30 seconds for image to fire up. Then perform the tests:
52
-
53
- ```bash
54
- bundle exec rspec -cfd spec/*
67
+ ./spec/support/certificates/setup_certificates_for_logstash_testing.sh
68
+ export UID
69
+ docker-compose down
70
+ docker-compose build --force-rm --no-cache
71
+ docker-compose -f docker-compose-isolated.yml run --rm test
72
+ docker-compose down
55
73
  ```
56
74
 
57
75
  Note that in order to ensure that the processing has occurred on Elastic Search
58
76
  there is a 2 second delay between each event submission request and the search request
59
77
 
60
- Debugging the docker image:
61
- ```bash
62
- docker exec -it elk_test_service bash
63
- docker stop elk_test_service
64
- docker rm -f elk_test_service
65
- ```
66
-
67
78
  Manual sending of an audit event to docker ELK stack:
68
79
  ```bash
69
- curl -iv -E ./spec/support/certificates/selfsigned/selfsigned_registered.cert.pem --key ./spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem https://localhost:8081 -d "message=soar_logstash_test" --insecure
80
+ curl -iv -E ./spec/support/certificates/selfsigned/selfsigned_registered.cert.pem --key ./spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem https://localhost:8080 -d "{\"audit_message\":\"bla\",\"audit_something_else\":\"foo\"}" --insecure
70
81
  ```
71
82
 
72
83
  View the audit events created on the Kibana interface:
@@ -82,7 +93,7 @@ Initialize and configure the auditor so:
82
93
  ```ruby
83
94
  @iut = LogstashAuditor::LogstashAuditor.new
84
95
  @logstash_configuration =
85
- { "host_url" => "http://localhost:8081",
96
+ { "host_url" => "http://localhost:8080",
86
97
  "username" => "auditorusername",
87
98
  "password" => "auditorpassword",
88
99
  "timeout" => 3}
@@ -0,0 +1,21 @@
1
+ version: '2.0'
2
+ services:
3
+ elk_test_service:
4
+ image: sebp/elk:es234_l234_k453
5
+ expose:
6
+ - "9300"
7
+ - "9200"
8
+ - "5000"
9
+ - "5044"
10
+ - "5601"
11
+ - "8080"
12
+ volumes:
13
+ - ./spec/support/logstash_conf.d:/etc/logstash/conf.d
14
+ - ./spec/support/certificates:/etc/logstash/certs
15
+ test:
16
+ build: .
17
+ command: /bin/bash -c 'sleep 30; bundle exec rspec -cfd spec/*'
18
+ volumes:
19
+ - .:/usr/local/src/
20
+ links:
21
+ - elk_test_service
@@ -0,0 +1,28 @@
1
+ version: '2.0'
2
+ services:
3
+ elk_test_service:
4
+ image: sebp/elk:es234_l234_k453
5
+ expose:
6
+ - "9300"
7
+ - "9200"
8
+ - "5000"
9
+ - "5044"
10
+ - "5601"
11
+ - "8080"
12
+ ports:
13
+ - "9300:9300"
14
+ - "9200:9200"
15
+ - "5000:5000"
16
+ - "5044:5044"
17
+ - "5601:5601"
18
+ - "8080:8080"
19
+ volumes:
20
+ - ./spec/support/logstash_conf.d:/etc/logstash/conf.d
21
+ - ./spec/support/certificates:/etc/logstash/certs
22
+ test:
23
+ build: .
24
+ command: /bin/bash -c 'sleep 30; bundle exec rspec -cfd spec/*'
25
+ volumes:
26
+ - .:/usr/local/src/
27
+ links:
28
+ - elk_test_service
@@ -1,3 +1,3 @@
1
1
  module LogstashAuditor
2
- VERSION = "1.1.0"
2
+ VERSION = "1.1.1"
3
3
  end
@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
25
25
  spec.add_development_dependency "byebug", "~> 9"
26
26
  spec.add_development_dependency "elasticsearch", "~> 1"
27
27
  spec.add_development_dependency "soar_auditing_format", "~> 0.0.5"
28
+ spec.add_development_dependency "soar_json_auditing_format", "~> 0.0.2"
28
29
 
29
30
  spec.add_dependency "http", "~> 2"
30
31
  spec.add_dependency "soar_auditor_api", "~> 1.0"
@@ -0,0 +1,23 @@
1
+ #!/bin/bash
2
+
3
+ # Retries a command on failure.
4
+ # $1 - the max number of attempts
5
+ # $2... - the command to run
6
+ retry() {
7
+ local -r -i max_attempts="$1"; shift
8
+ local -r cmd="$@"
9
+ local -i attempt_num=1
10
+ local -i cmd_exit_code=0
11
+ until eval $cmd
12
+ do
13
+ cmd_exit_code=$?
14
+ if (( attempt_num == max_attempts ))
15
+ then
16
+ echo "Attempt $attempt_num failed with code $cmd_exit_code and there are no more attempts left!"
17
+ exit $cmd_exit_code
18
+ else
19
+ echo "Attempt $attempt_num failed with code $cmd_exit_code! Trying again in $attempt_num seconds..."
20
+ sleep $(( attempt_num++ ))
21
+ fi
22
+ done
23
+ }
@@ -6,7 +6,7 @@ require 'securerandom'
6
6
  class Main
7
7
  def test_sanity
8
8
  @iut = LogstashAuditor::LogstashAuditor.new
9
- @logstash_configuration = { "host_url" => "https://localhost:8081",
9
+ @logstash_configuration = { "host_url" => "https://localhost:8080",
10
10
  "certificate" => File.read("../spec/support/certificates/selfsigned/selfsigned_registered.cert.pem"),
11
11
  "private_key" => File.read("../spec/support/certificates/selfsigned/selfsigned_registered.private.nopass.pem"),
12
12
  "timeout" => 3}
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash_auditor
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Barney de Villiers
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-02-07 00:00:00.000000000 Z
11
+ date: 2017-05-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -94,6 +94,20 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: 0.0.5
97
+ - !ruby/object:Gem::Dependency
98
+ name: soar_json_auditing_format
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: 0.0.2
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: 0.0.2
97
111
  - !ruby/object:Gem::Dependency
98
112
  name: http
99
113
  requirement: !ruby/object:Gem::Requirement
@@ -134,16 +148,20 @@ files:
134
148
  - ".rspec"
135
149
  - ".ruby-gemset"
136
150
  - ".ruby-version"
151
+ - Dockerfile
137
152
  - Gemfile
138
153
  - LICENSE.txt
139
154
  - README.md
140
155
  - Rakefile
141
156
  - bin/console
142
157
  - bin/setup
158
+ - docker-compose-isolated.yml
159
+ - docker-compose.yml
143
160
  - lib/logstash_auditor.rb
144
161
  - lib/logstash_auditor/auditor.rb
145
162
  - lib/logstash_auditor/version.rb
146
163
  - logstash_auditor.gemspec
164
+ - retry.sh
147
165
  - sanity/.ruby-gemset
148
166
  - sanity/.ruby-version
149
167
  - sanity/Gemfile
@@ -168,7 +186,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
168
186
  version: '0'
169
187
  requirements: []
170
188
  rubyforge_project:
171
- rubygems_version: 2.5.1
189
+ rubygems_version: 2.4.8
172
190
  signing_key:
173
191
  specification_version: 4
174
192
  summary: Logstash implementation of SOAR architecture auditing