class LinuxAdmin::Scap

Constants

PROFILE_ID
SSG_XML_PATH

Attributes

platform[R]

Public Class Methods

ds_file(platform) click to toggle source
# File lib/linux_admin/scap.rb, line 21
def self.ds_file(platform)
  SSG_XML_PATH.join("ssg-#{platform}-ds.xml")
end
new(platform) click to toggle source
# File lib/linux_admin/scap.rb, line 25
def initialize(platform)
  @platform = platform
end
openscap_available?() click to toggle source
# File lib/linux_admin/scap.rb, line 10
def self.openscap_available?
  require 'openscap'
  true
rescue LoadError
  false
end
ssg_available?(platform) click to toggle source
# File lib/linux_admin/scap.rb, line 17
def self.ssg_available?(platform)
  ds_file(platform).exist?
end

Public Instance Methods

lockdown(*args) click to toggle source
# File lib/linux_admin/scap.rb, line 29
def lockdown(*args)
  raise "OpenSCAP not available" unless self.class.openscap_available?
  raise "SCAP Security Guide not available" unless self.class.ssg_available?(platform)

  values = args.last.kind_of?(Hash) ? args.pop : {}
  rules = args

  raise "No SCAP rules provided" if rules.empty?

  with_ds_file(rules, values) do |path|
    lockdown_profile(path, PROFILE_ID)
  end
end
lockdown_profile(ds_path, profile_id) click to toggle source
# File lib/linux_admin/scap.rb, line 43
def lockdown_profile(ds_path, profile_id)
  raise "OpenSCAP not available" unless self.class.openscap_available?

  session = OpenSCAP::Xccdf::Session.new(ds_path)
  session.load
  session.profile = profile_id
  session.evaluate
  session.remediate
ensure
  session.destroy if session
end

Private Instance Methods

model_xml_element(doc) click to toggle source
# File lib/linux_admin/scap.rb, line 85
def model_xml_element(doc)
  doc.xpath("//ns10:model").first
end
profile_xml(profile_id, rules, values) click to toggle source
# File lib/linux_admin/scap.rb, line 65
def profile_xml(profile_id, rules, values)
  builder = Nokogiri::XML::Builder.new do |xml|
    xml.Profile(:id => profile_id) do
      xml.title(profile_id)
      xml.description(profile_id)
      rules.each { |r| xml.select(:idref => r, :selected => "true") }
      values.each { |k, v| xml.send("refine-value", :idref => k, :selector => v) }
    end
  end
  builder.doc.root.to_xml
end
with_ds_file(rules, values) { |path| ... } click to toggle source
# File lib/linux_admin/scap.rb, line 57
def with_ds_file(rules, values)
  Tempfile.create("scap_ds") do |f|
    write_ds_xml(f, profile_xml(PROFILE_ID, rules, values))
    f.close
    yield f.path
  end
end
write_ds_xml(io, profile_xml) click to toggle source
# File lib/linux_admin/scap.rb, line 77
def write_ds_xml(io, profile_xml)
  File.open(self.class.ds_file(platform)) do |f|
    doc = Nokogiri::XML(f)
    model_xml_element(doc).add_next_sibling("\n#{profile_xml}")
    io.write(doc.root.to_xml)
  end
end