smart_proxy_openscap 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_proxy_openscap/openscap_api.rb +12 -0
- data/lib/smart_proxy_openscap/openscap_exception.rb +20 -0
- data/lib/smart_proxy_openscap/openscap_lib.rb +56 -2
- data/lib/smart_proxy_openscap/openscap_plugin.rb +2 -1
- data/lib/smart_proxy_openscap/openscap_version.rb +2 -2
- data/settings.d/openscap.yml.example +4 -0
- metadata +8 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eba9e5346ce33339c77df129260e227b806cffbf
|
4
|
+
data.tar.gz: 7ee409ced62aca3253f700e10eecac2f69558dde
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ffd1259c6fddf38830fbb757d41b0255bfd3a31dac90eb95da39077754e520df7734da4c4d34d165826cc5f754a4d5895deeaf23af3e01d952a2072b3e9e469b
|
7
|
+
data.tar.gz: d2290459e3c99040ddb098ea0a1a0f714f052914e132020218b6b7a6b84d493dc71bd205bfe1a4508337caa2e35bfce1ae9e991d9c1da9d855c102c26927ca8c
|
@@ -14,6 +14,7 @@ module Proxy::OpenSCAP
|
|
14
14
|
class Api < ::Sinatra::Base
|
15
15
|
include ::Proxy::Log
|
16
16
|
helpers ::Proxy::Helpers
|
17
|
+
authorize_with_trusted_hosts
|
17
18
|
|
18
19
|
put "/arf/:policy" do
|
19
20
|
# first let's verify client's certificate
|
@@ -42,5 +43,16 @@ module Proxy::OpenSCAP
|
|
42
43
|
|
43
44
|
{"created" => true}.to_json
|
44
45
|
end
|
46
|
+
|
47
|
+
get "/policies/:policy_id/content" do
|
48
|
+
content_type 'application/xml'
|
49
|
+
begin
|
50
|
+
Proxy::OpenSCAP::get_policy_content(params[:policy_id])
|
51
|
+
rescue OpenSCAPException => e
|
52
|
+
log_halt e.http_code, "Error fetching xml file: #{e.message}"
|
53
|
+
rescue StandardError => e
|
54
|
+
log_halt 500, "Error occurred: #{e.message}"
|
55
|
+
end
|
56
|
+
end
|
45
57
|
end
|
46
58
|
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Proxy::OpenSCAP
|
2
|
+
class OpenSCAPException < Exception
|
3
|
+
attr_accessor :response
|
4
|
+
attr_accessor :message
|
5
|
+
def initialize(response = nil)
|
6
|
+
@response = response
|
7
|
+
@message = response.message if response
|
8
|
+
end
|
9
|
+
|
10
|
+
def http_code
|
11
|
+
@response.code || 500
|
12
|
+
end
|
13
|
+
|
14
|
+
def http_body
|
15
|
+
@response.body if @response
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
class FileNotFound < StandardError; end
|
20
|
+
end
|
@@ -13,10 +13,29 @@ require 'fileutils'
|
|
13
13
|
require 'json'
|
14
14
|
require 'proxy/error'
|
15
15
|
require 'proxy/request'
|
16
|
+
require 'smart_proxy_openscap/openscap_exception'
|
16
17
|
|
17
18
|
module Proxy::OpenSCAP
|
18
19
|
extend ::Proxy::Log
|
19
20
|
|
21
|
+
def self.get_policy_content(policy_id)
|
22
|
+
policy_store_dir = File.join(Proxy::OpenSCAP::Plugin.settings.contentdir, policy_id.to_s)
|
23
|
+
policy_scap_file = File.join(policy_store_dir, "#{policy_id}_scap_content.xml")
|
24
|
+
begin
|
25
|
+
FileUtils.mkdir_p(policy_store_dir) # will fail silently if exists
|
26
|
+
rescue Errno::EACCES => e
|
27
|
+
logger.error "No permission to create directory #{policy_store_dir}"
|
28
|
+
raise e
|
29
|
+
rescue StandardError => e
|
30
|
+
logger.error "Could not create '#{policy_store_dir}' directory: #{e.message}"
|
31
|
+
raise e
|
32
|
+
end
|
33
|
+
|
34
|
+
scap_file = policy_content_file(policy_scap_file)
|
35
|
+
scap_file ||= save_or_serve_scap_file(policy_id, policy_scap_file)
|
36
|
+
scap_file
|
37
|
+
end
|
38
|
+
|
20
39
|
def self.common_name(request)
|
21
40
|
client_cert = request.env['SSL_CLIENT_CERT']
|
22
41
|
raise Proxy::Error::Unauthorized, "Client certificate required!" if client_cert.to_s.empty?
|
@@ -65,6 +84,42 @@ module Proxy::OpenSCAP
|
|
65
84
|
end
|
66
85
|
end
|
67
86
|
|
87
|
+
def self.fetch_scap_content_xml(policy_id, policy_scap_file)
|
88
|
+
foreman_request = Proxy::HttpRequest::ForemanRequest.new
|
89
|
+
policy_content_path = "/api/v2/compliance/policies/#{policy_id}/content"
|
90
|
+
req = foreman_request.request_factory.create_get(policy_content_path)
|
91
|
+
response = foreman_request.send_request(req)
|
92
|
+
unless response.is_a? Net::HTTPSuccess
|
93
|
+
raise OpenSCAPException.new(response)
|
94
|
+
end
|
95
|
+
response.body
|
96
|
+
end
|
97
|
+
|
98
|
+
|
99
|
+
def self.policy_content_file(policy_scap_file)
|
100
|
+
return nil if !File.file?(policy_scap_file) || File.zero?(policy_scap_file)
|
101
|
+
File.open(policy_scap_file, 'rb').read
|
102
|
+
end
|
103
|
+
|
104
|
+
def self.save_or_serve_scap_file(policy_id, policy_scap_file)
|
105
|
+
lock = Proxy::HttpDownloads.try_locking(policy_scap_file)
|
106
|
+
response = fetch_scap_content_xml(policy_id, policy_scap_file)
|
107
|
+
if lock.nil?
|
108
|
+
return response
|
109
|
+
else
|
110
|
+
begin
|
111
|
+
File.open(policy_scap_file, 'wb') do |file|
|
112
|
+
file << response
|
113
|
+
end
|
114
|
+
ensure
|
115
|
+
Proxy::HttpDownloads.unlock(lock)
|
116
|
+
end
|
117
|
+
scap_file = policy_content_file(policy_scap_file)
|
118
|
+
raise FileNotFound if scap_file.nil?
|
119
|
+
return scap_file
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
68
123
|
class ForemanForwarder < Proxy::HttpRequest::ForemanRequest
|
69
124
|
def do(arf_dir)
|
70
125
|
Dir.foreach(arf_dir) { |cname|
|
@@ -116,11 +171,10 @@ module Proxy::OpenSCAP
|
|
116
171
|
begin
|
117
172
|
data = File.read(arf_file_path)
|
118
173
|
response = send_request(foreman_api_path, data)
|
174
|
+
# Raise an HTTP error if the response is not 2xx (success).
|
119
175
|
response.value
|
120
|
-
raise StandardError, "Received #{response.code}: #{response.message}" unless response.code.to_i == 200
|
121
176
|
res = JSON.parse(response.body)
|
122
177
|
raise StandardError, "Received result: #{res['result']}" unless res['result'] == 'OK'
|
123
|
-
raise StandardError, "Sent bytes: #{data.length}, but foreman received: #{res['received']}" unless data.length == res['received']
|
124
178
|
File.delete arf_file_path
|
125
179
|
rescue StandardError => e
|
126
180
|
logger.debug response.body if response
|
@@ -18,6 +18,7 @@ module Proxy::OpenSCAP
|
|
18
18
|
https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
|
19
19
|
|
20
20
|
default_settings :spooldir => '/var/spool/foreman-proxy/openscap',
|
21
|
-
:openscap_send_log_file => '/
|
21
|
+
:openscap_send_log_file => 'logs/openscap-send.log',
|
22
|
+
:contentdir => 'openscap/content'
|
22
23
|
end
|
23
24
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
#
|
2
|
-
# Copyright (c) 2014 Red Hat Inc.
|
2
|
+
# Copyright (c) 2014--2015 Red Hat Inc.
|
3
3
|
#
|
4
4
|
# This software is licensed to you under the GNU General Public License,
|
5
5
|
# version 3 (GPLv3). There is NO WARRANTY for this software, express or
|
@@ -10,6 +10,6 @@
|
|
10
10
|
|
11
11
|
module Proxy
|
12
12
|
module OpenSCAP
|
13
|
-
VERSION = '0.3.
|
13
|
+
VERSION = '0.3.1'
|
14
14
|
end
|
15
15
|
end
|
@@ -7,3 +7,7 @@
|
|
7
7
|
# Directory where OpenSCAP audits are stored
|
8
8
|
# before they are forwarded to Foreman
|
9
9
|
#:spooldir: /var/spool/foreman-proxy/openscap
|
10
|
+
|
11
|
+
# Directory where OpenSCAP content XML are stored
|
12
|
+
# So we will not request the XML from Foreman each time
|
13
|
+
#:contentdir: /var/lib/openscap/content
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_openscap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
- Šimon Lukašík
|
7
|
+
- "Šimon Lukašík"
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-05-07 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: |-
|
14
14
|
A plug-in to the Foreman's smart-proxy which receives
|
@@ -28,6 +28,7 @@ files:
|
|
28
28
|
- lib/smart_proxy_openscap.rb
|
29
29
|
- lib/smart_proxy_openscap/http_config.ru
|
30
30
|
- lib/smart_proxy_openscap/openscap_api.rb
|
31
|
+
- lib/smart_proxy_openscap/openscap_exception.rb
|
31
32
|
- lib/smart_proxy_openscap/openscap_lib.rb
|
32
33
|
- lib/smart_proxy_openscap/openscap_plugin.rb
|
33
34
|
- lib/smart_proxy_openscap/openscap_version.rb
|
@@ -43,18 +44,19 @@ require_paths:
|
|
43
44
|
- lib
|
44
45
|
required_ruby_version: !ruby/object:Gem::Requirement
|
45
46
|
requirements:
|
46
|
-
- -
|
47
|
+
- - ">="
|
47
48
|
- !ruby/object:Gem::Version
|
48
49
|
version: '0'
|
49
50
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
50
51
|
requirements:
|
51
|
-
- -
|
52
|
+
- - ">="
|
52
53
|
- !ruby/object:Gem::Version
|
53
54
|
version: '0'
|
54
55
|
requirements: []
|
55
56
|
rubyforge_project:
|
56
|
-
rubygems_version: 2.
|
57
|
+
rubygems_version: 2.2.2
|
57
58
|
signing_key:
|
58
59
|
specification_version: 4
|
59
60
|
summary: OpenSCAP plug-in for Foreman's smart-proxy.
|
60
61
|
test_files: []
|
62
|
+
has_rdoc:
|