smart_proxy_openscap 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_proxy_openscap/openscap_api.rb +1 -12
- data/lib/smart_proxy_openscap/openscap_lib.rb +2 -56
- data/lib/smart_proxy_openscap/openscap_plugin.rb +1 -2
- data/lib/smart_proxy_openscap/openscap_version.rb +2 -2
- data/settings.d/openscap.yml.example +0 -4
- metadata +2 -3
- data/lib/smart_proxy_openscap/openscap_exception.rb +0 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e2d3e917fd247cee23a8752c368a63c557bf35ed
|
4
|
+
data.tar.gz: 06c6dd924478a4708c0a5f93325e6b0692cae444
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 72f165b675321bea26b01215722d1309269f1038242b7204f09fa3dace8e602cf6b2b961435fa3a546bb0cb312c320025b48b3bc521a6b185248769d9a7f29e7
|
7
|
+
data.tar.gz: 8a9c96d17704f853f34b7c6a9f05a0a900c690ea39558ab4f449dbdb33386ce2a27cc081dc92b2ee07a16cb5ba45f1811349e2a69fea85fb6b1ab1a8adcdad99
|
@@ -14,7 +14,7 @@ module Proxy::OpenSCAP
|
|
14
14
|
class Api < ::Sinatra::Base
|
15
15
|
include ::Proxy::Log
|
16
16
|
helpers ::Proxy::Helpers
|
17
|
-
|
17
|
+
authorize_with_ssl_client
|
18
18
|
|
19
19
|
put "/arf/:policy" do
|
20
20
|
# first let's verify client's certificate
|
@@ -43,16 +43,5 @@ module Proxy::OpenSCAP
|
|
43
43
|
|
44
44
|
{"created" => true}.to_json
|
45
45
|
end
|
46
|
-
|
47
|
-
get "/policies/:policy_id/content" do
|
48
|
-
content_type 'application/xml'
|
49
|
-
begin
|
50
|
-
Proxy::OpenSCAP::get_policy_content(params[:policy_id])
|
51
|
-
rescue OpenSCAPException => e
|
52
|
-
log_halt e.http_code, "Error fetching xml file: #{e.message}"
|
53
|
-
rescue StandardError => e
|
54
|
-
log_halt 500, "Error occurred: #{e.message}"
|
55
|
-
end
|
56
|
-
end
|
57
46
|
end
|
58
47
|
end
|
@@ -13,29 +13,10 @@ require 'fileutils'
|
|
13
13
|
require 'json'
|
14
14
|
require 'proxy/error'
|
15
15
|
require 'proxy/request'
|
16
|
-
require 'smart_proxy_openscap/openscap_exception'
|
17
16
|
|
18
17
|
module Proxy::OpenSCAP
|
19
18
|
extend ::Proxy::Log
|
20
19
|
|
21
|
-
def self.get_policy_content(policy_id)
|
22
|
-
policy_store_dir = File.join(Proxy::OpenSCAP::Plugin.settings.contentdir, policy_id.to_s)
|
23
|
-
policy_scap_file = File.join(policy_store_dir, "#{policy_id}_scap_content.xml")
|
24
|
-
begin
|
25
|
-
FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
|
26
|
-
rescue Errno::EACCES => e
|
27
|
-
logger.error "No permission to create directory #{policy_store_dir}"
|
28
|
-
raise e
|
29
|
-
rescue StandardError => e
|
30
|
-
logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
|
31
|
-
raise e
|
32
|
-
end
|
33
|
-
|
34
|
-
scap_file = policy_content_file(policy_scap_file)
|
35
|
-
scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
|
36
|
-
scap_file
|
37
|
-
end
|
38
|
-
|
39
20
|
def self.common_name(request)
|
40
21
|
client_cert = request.env['SSL_CLIENT_CERT']
|
41
22
|
raise Proxy::Error::Unauthorized, "Client certificate required!" if client_cert.to_s.empty?
|
@@ -84,42 +65,6 @@ module Proxy::OpenSCAP
|
|
84
65
|
end
|
85
66
|
end
|
86
67
|
|
87
|
-
def self.fetch_scap_content_xml(policy_id, policy_scap_file)
|
88
|
-
foreman_request = Proxy::HttpRequest::ForemanRequest.new
|
89
|
-
policy_content_path = "/api/v2/compliance/policies/#{policy_id}/content"
|
90
|
-
req = foreman_request.request_factory.create_get(policy_content_path)
|
91
|
-
response = foreman_request.send_request(req)
|
92
|
-
unless response.is_a? Net::HTTPSuccess
|
93
|
-
raise OpenSCAPException.new(response)
|
94
|
-
end
|
95
|
-
response.body
|
96
|
-
end
|
97
|
-
|
98
|
-
|
99
|
-
def self.policy_content_file(policy_scap_file)
|
100
|
-
return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
|
101
|
-
File.open(policy_scap_file, 'rb').read
|
102
|
-
end
|
103
|
-
|
104
|
-
def self.save_or_serve_scap_file(policy_id, policy_scap_file)
|
105
|
-
lock = Proxy::HttpDownloads.try_locking(policy_scap_file)
|
106
|
-
response = fetch_scap_content_xml(policy_id, policy_scap_file)
|
107
|
-
if lock.nil?
|
108
|
-
return response
|
109
|
-
else
|
110
|
-
begin
|
111
|
-
File.open(policy_scap_file, 'wb') do |file|
|
112
|
-
file << response
|
113
|
-
end
|
114
|
-
ensure
|
115
|
-
Proxy::HttpDownloads.unlock(lock)
|
116
|
-
end
|
117
|
-
scap_file = policy_content_file(policy_scap_file)
|
118
|
-
raise FileNotFound if scap_file.nil?
|
119
|
-
return scap_file
|
120
|
-
end
|
121
|
-
end
|
122
|
-
|
123
68
|
class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
|
124
69
|
def do(arf_dir)
|
125
70
|
Dir.foreach(arf_dir) { |cname|
|
@@ -171,10 +116,11 @@ module Proxy::OpenSCAP
|
|
171
116
|
begin
|
172
117
|
data = File.read(arf_file_path)
|
173
118
|
response = send_request(foreman_api_path, data)
|
174
|
-
# Raise an HTTP error if the response is not 2xx (success).
|
175
119
|
response.value
|
120
|
+
raise StandardError, "Received #{response.code}: #{response.message}" unless response.code.to_i == 200
|
176
121
|
res = JSON.parse(response.body)
|
177
122
|
raise StandardError, "Received result: #{res['result']}" unless res['result'] == 'OK'
|
123
|
+
raise StandardError, "Sent bytes: #{data.length}, but foreman received: #{res['received']}" unless data.length == res['received']
|
178
124
|
File.delete arf_file_path
|
179
125
|
rescue StandardError => e
|
180
126
|
logger.debug response.body if response
|
@@ -18,7 +18,6 @@ module Proxy::OpenSCAP
|
|
18
18
|
https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
|
19
19
|
|
20
20
|
default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
|
21
|
-
:openscap_send_log_file => '
|
22
|
-
:contentdir => 'openscap/content'
|
21
|
+
:openscap_send_log_file => '/var/log/foreman-proxy/openscap-send.log'
|
23
22
|
end
|
24
23
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
#
|
2
|
-
# Copyright (c) 2014
|
2
|
+
# Copyright (c) 2014 Red Hat Inc.
|
3
3
|
#
|
4
4
|
# This software is licensed to you under the GNU General Public License,
|
5
5
|
# version 3 (GPLv3). There is NO WARRANTY for this software, express or
|
@@ -10,6 +10,6 @@
|
|
10
10
|
|
11
11
|
module Proxy
|
12
12
|
module OpenSCAP
|
13
|
-
VERSION = '0.
|
13
|
+
VERSION = '0.4.0'
|
14
14
|
end
|
15
15
|
end
|
@@ -7,7 +7,3 @@
|
|
7
7
|
# Directory where OpenSCAP audits are stored
|
8
8
|
# before they are forwarded to Foreman
|
9
9
|
#:spooldir: /var/spool/foreman-proxy/openscap
|
10
|
-
|
11
|
-
# Directory where OpenSCAP content XML are stored
|
12
|
-
# So we will not request the XML from Foreman each time
|
13
|
-
#:contentdir: /var/lib/openscap/content
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- "Šimon Lukašík"
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-03-25 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: |-
|
14
14
|
A plug-in to the Foreman's smart-proxy which receives
|
@@ -28,7 +28,6 @@ files:
|
|
28
28
|
- lib/smart_proxy_openscap.rb
|
29
29
|
- lib/smart_proxy_openscap/http_config.ru
|
30
30
|
- lib/smart_proxy_openscap/openscap_api.rb
|
31
|
-
- lib/smart_proxy_openscap/openscap_exception.rb
|
32
31
|
- lib/smart_proxy_openscap/openscap_lib.rb
|
33
32
|
- lib/smart_proxy_openscap/openscap_plugin.rb
|
34
33
|
- lib/smart_proxy_openscap/openscap_version.rb
|
@@ -1,20 +0,0 @@
|
|
1
|
-
module Proxy::OpenSCAP
|
2
|
-
class OpenSCAPException < Exception
|
3
|
-
attr_accessor :response
|
4
|
-
attr_accessor :message
|
5
|
-
def initialize(response = nil)
|
6
|
-
@response = response
|
7
|
-
@message = response.message if response
|
8
|
-
end
|
9
|
-
|
10
|
-
def http_code
|
11
|
-
@response.code || 500
|
12
|
-
end
|
13
|
-
|
14
|
-
def http_body
|
15
|
-
@response.body if @response
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
class FileNotFound < StandardError; end
|
20
|
-
end
|