class LinuxAdmin::Scap
Constants
- PROFILE_ID
- SSG_XML_PATH
Attributes
platform[R]
Public Class Methods
ds_file(platform)
click to toggle source
# File lib/linux_admin/scap.rb, line 21 def self.ds_file(platform) SSG_XML_PATH.join("ssg-#{platform}-ds.xml") end
new(platform)
click to toggle source
# File lib/linux_admin/scap.rb, line 25 def initialize(platform) @platform = platform end
openscap_available?()
click to toggle source
# File lib/linux_admin/scap.rb, line 10 def self.openscap_available? require 'openscap' true rescue LoadError false end
ssg_available?(platform)
click to toggle source
# File lib/linux_admin/scap.rb, line 17 def self.ssg_available?(platform) ds_file(platform).exist? end
Public Instance Methods
lockdown(*args)
click to toggle source
# File lib/linux_admin/scap.rb, line 29 def lockdown(*args) raise "OpenSCAP not available" unless self.class.openscap_available? raise "SCAP Security Guide not available" unless self.class.ssg_available?(platform) values = args.last.kind_of?(Hash) ? args.pop : {} rules = args raise "No SCAP rules provided" if rules.empty? with_ds_file(rules, values) do |path| lockdown_profile(path, PROFILE_ID) end end
lockdown_profile(ds_path, profile_id)
click to toggle source
# File lib/linux_admin/scap.rb, line 43 def lockdown_profile(ds_path, profile_id) raise "OpenSCAP not available" unless self.class.openscap_available? session = OpenSCAP::Xccdf::Session.new(ds_path) session.load session.profile = profile_id session.evaluate session.remediate ensure session.destroy if session end
Private Instance Methods
model_xml_element(doc)
click to toggle source
# File lib/linux_admin/scap.rb, line 85 def model_xml_element(doc) doc.xpath("//ns10:model").first end
profile_xml(profile_id, rules, values)
click to toggle source
# File lib/linux_admin/scap.rb, line 65 def profile_xml(profile_id, rules, values) builder = Nokogiri::XML::Builder.new do |xml| xml.Profile(:id => profile_id) do xml.title(profile_id) xml.description(profile_id) rules.each { |r| xml.select(:idref => r, :selected => "true") } values.each { |k, v| xml.send("refine-value", :idref => k, :selector => v) } end end builder.doc.root.to_xml end
with_ds_file(rules, values) { |path| ... }
click to toggle source
# File lib/linux_admin/scap.rb, line 57 def with_ds_file(rules, values) Tempfile.create("scap_ds") do |f| write_ds_xml(f, profile_xml(PROFILE_ID, rules, values)) f.close yield f.path end end
write_ds_xml(io, profile_xml)
click to toggle source
# File lib/linux_admin/scap.rb, line 77 def write_ds_xml(io, profile_xml) File.open(self.class.ds_file(platform)) do |f| doc = Nokogiri::XML(f) model_xml_element(doc).add_next_sibling("\n#{profile_xml}") io.write(doc.root.to_xml) end end