soar_auditing_format 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5808f4570485d4eb876c38c01ef85919d245ade0
+  data.tar.gz: b5e6d3f4da4a01ce2ccaceedbcd53adb3f24ca6d
+SHA512:
+  metadata.gz: cc049109e2d3c27e12b82d23b1469d26a6d2863e06b9a96fd7c075af0e5dbd02c8ac96677f679bfc08bfcf2afddd580bd965e5df7dc1aff8b50267c92846b1fc
+  data.tar.gz: d06b0caf51d6cca33223456d82c1a522b960bb7b25b877b56f54b5a5478732ff50e202f0e86288fc928cc66a6fe01ebba6e39fd2f39edb6e82545e3ca40a2b3d

data/.gitignore

@@ -0,0 +1,49 @@
+.byebug_history
+*tgz
+left
+test_tfa.sh
+test_production.sh
+iut-list
+juddi-distro-*
+*.swo
+*.zip
+*.tar.gz
+*.swp
+*.gem
+*.rbc
+/Gemfile.lock
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+.DS_Store
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.ruby-gemset

@@ -0,0 +1 @@
+soar_auditing_format

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.2

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.2.2
+before_install: gem install bundler -v 1.11.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in soar_auditing_format.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Barney de Villiers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,152 @@
+# SoarAuditingFormatter
+
+This gem provides the formatting for auditing
+
+#TODO complete file
+
+## State of the API
+
+This API is still a work in progress but should be sufficient for most auditors
+
+Future work:
+* The API should support the reformating of timestamps to a standardized ISO8601 format.
+
+## Installation
+
+Add this line to your auditor Gemfile:
+
+```ruby
+gem 'soar_auditing_format'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install soar_auditing_format
+
+## Testing
+
+Behavioural driven testing can be performed:
+
+    $ bundle exec rspec -cfd spec/*
+
+## Usage
+
+### Auditors that extend from the AuditorAPI
+
+Extend from the AuditorAPI as follow
+
+``` ruby
+class MyAuditor < SoarAuditingFormatter::AuditorAPI
+end
+```
+
+It is required that the auditors that extend from this API implement two methods: "audit" and "configuration_is_valid". The API will call these methods using inversion of control as follow:
+
+The configuration_is_valid method provides the API with a way of ensuring that a configuration is valid for the auditor.
+```ruby
+def configuration_is_valid(configuration)
+  return configuration.include?("something_needed")
+end
+```
+
+The audit method will be called when the base API wants to publish an audit event after it has been formatted and filtered.
+```ruby
+def audit(data)
+  puts data
+end
+```
+
+The configuration is made available to the auditor through the @configuration attribute in the API class.
+```ruby
+def audit(data)
+  puts @configuration["preprefix"] + data
+end
+```
+
+
+### Auditing Providers that utilize the AuditorAPI as clients
+
+Instantiate an auditor that extends the AuditorAPI:
+```ruby
+@iut = SanityAuditor.new
+```
+
+Configure the auditor with required parameters:
+```ruby
+configuration = { "preprefix" => "very important:" }
+@iut.configure(configuration)
+```
+
+Set the desired audit level. Allowed levels (in increasing level of priority) are :debug, :info, :warn, :error and :fatal.  As an example only :warn, :error and :fatal audit events will be logged if you set the level to :warn.
+```ruby
+@iut.set_audit_level(:warn)
+```
+
+Use the auditing interfaces as follow. The API also supports appending as below, enabling support, e.g. for Rack::CommonLogger, etc.:
+```ruby
+@iut.info("This is info")
+@iut.warn("Statistics show that dropped packets have increased to #{dropped}%")
+@iut.error("Could not resend some dropped packets. They have been lost. All is still OK, I could compensate")
+@iut.fatal("Unable to perform action, too many dropped packets. Functional degradation.")
+@iut << 'Rack::CommonLogger requires this'
+```
+
+Note that the APIs (debug/info/warn/error/fatal) accept any object as a parameter. The object will be serialized using the .to_s method and therefore the object must implement the .to_s method (or already be of a basic object type that has the .to_s method).
+```ruby
+some_debug_object = 123
+@iut.debug(some_debug_object)
+```
+
+## Detailed example
+
+```ruby
+require 'soar_auditing_format'
+require 'byebug'
+
+class SanityAuditor < SoarAuditingFormatter::AuditorAPI
+  def configuration_is_valid(configuration)
+    return configuration.include?("preprefix")
+  end
+
+  def audit(data)
+    puts @configuration["preprefix"] + data
+  end
+end
+
+class Main
+  def test_sanity
+    @iut = SanityAuditor.new
+    configuration = { "preprefix" => "very important:" }
+    @iut.configure(configuration)
+    @iut.set_audit_level(:debug)
+
+    some_debug_object = 123
+    @iut.info("This is info")
+    @iut.debug(some_debug_object)
+    dropped = 95
+    @iut.warn("Statistics show that dropped packets have increased to #{dropped}%")
+    @iut.error("Could not resend some dropped packets. They have been lost. All is still OK, I could compensate")
+    @iut.fatal("Unable to perform action, too many dropped packets. Functional degradation.")
+    @iut << 'Rack::CommonLogger requires this'
+  end
+end
+
+main = Main.new
+main.test_sanity
+```
+
+## Contributing
+
+Bug reports and feature requests are welcome by email to barney dot de dot villiers at hetzner dot co dot za. This gem is sponsored by Hetzner (Pty) Ltd (http://hetzner.co.za)
+
+## Notes
+
+Though out of scope for the provider, auditors should take into account encoding, serialization, and other NFRs.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "soar_auditing_format"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/soar_auditing_format/formatter.rb

@@ -0,0 +1,18 @@
+require 'time'
+
+module SoarAuditingFormatter
+  #TODO check if we can do "#{field} here "
+  FORMAT="%s,%s,%s,%s" unless defined? FORMAT; FORMAT.freeze
+  OPTIONAL_FIELD_FORMAT = "[%s:%s]" unless defined? OPTIONAL_FIELD_FORMAT; OPTIONAL_FIELD_FORMAT.freeze
+
+  class Formatter
+    def self.format(level, flow_id, timestamp, message)
+      times = Time.parse(timestamp.to_s).utc.iso8601(3)
+      sprintf(FORMAT, level, flow_id, times, message)
+    end
+
+    def self.optional_field_format(key, value)
+      sprintf(OPTIONAL_FIELD_FORMAT, key, value)
+    end
+  end
+end

data/lib/soar_auditing_format/version.rb

@@ -0,0 +1,3 @@
+module SoarAuditingFormatter
+  VERSION = "0.0.1"
+end

data/lib/soar_auditing_format.rb

@@ -0,0 +1,5 @@
+require 'soar_auditing_format/version'
+require 'soar_auditing_format/formatter'
+
+module SoarAuditingFormatter
+end

data/sanity/.ruby-gemset

@@ -0,0 +1 @@
+sanity

data/sanity/.ruby-version

@@ -0,0 +1 @@
+ruby-2.2

data/sanity/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gem 'byebug'
+gem 'soar_auditing_format', "~> 0.0.1"

data/sanity/sanity.rb

@@ -0,0 +1,11 @@
+require 'soar_auditing_format'
+require 'byebug'
+
+class Main
+  def test_sanity
+    SoarAuditingFormatter::Formatter.format("level",SecureRandom.hex(32),Time.now,"message")
+  end
+end
+
+main = Main.new
+main.test_sanity

data/soar_auditing_format.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'soar_auditing_format/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "soar_auditing_format"
+  spec.version       = SoarAuditingFormatter::VERSION
+  spec.authors       = ["Barney de Villiers"]
+  spec.email         = ["barney.de.villiers@hetzner.co.za"]
+
+  spec.summary       = %q{SOAR auditing format}
+  spec.description   = %q{SOAR auditing format that will define auditing event entries}
+  spec.homepage      = "https://github.hetzner.co.za/hetznerZA/soar_auditing_format"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "byebug", "~> 9"
+
+end

metadata

@@ -0,0 +1,119 @@
+--- !ruby/object:Gem::Specification
+name: soar_auditing_format
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Barney de Villiers
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-05-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '9'
+description: SOAR auditing format that will define auditing event entries
+email:
+- barney.de.villiers@hetzner.co.za
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".ruby-gemset"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/soar_auditing_format.rb
+- lib/soar_auditing_format/formatter.rb
+- lib/soar_auditing_format/version.rb
+- sanity/.ruby-gemset
+- sanity/.ruby-version
+- sanity/Gemfile
+- sanity/sanity.rb
+- soar_auditing_format.gemspec
+homepage: https://github.hetzner.co.za/hetznerZA/soar_auditing_format
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: SOAR auditing format
+test_files: []