apparmor.d/cmd/aa-log/main.go

// aa-log - Review AppArmor generated messages
// Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package main

import (
	"flag"
	"fmt"
	"io"
	"os"

	"github.com/roddhjav/apparmor.d/pkg/logs"
	"golang.org/x/exp/slices"
)

const usage = `aa-log [-h] [--systemd] [--file file] [--rules] [profile]

    Review AppArmor generated messages in a colorful way. Supports logs from
    auditd, systemd, syslog as well as dbus session events.

    It can be given an optional profile name to filter the output with.

    Default logs are read from '/var/log/audit/audit.log'. Other files in 
    '/var/log/audit/' can easily be checked: 'aa-log -f 1' parses 'audit.log.1' 

Options:
    -h, --help         Show this help message and exit.
    -f, --file FILE    Set a logfile or a suffix to the default log file.
    -s, --systemd      Parse systemd logs from journalctl.
    -r, --rules        Convert the log into AppArmor rules.

`

// Command line options
var (
	help    bool
	rules   bool
	path    string
	systemd bool
)

func aaLog(logger string, path string, profile string, rules bool) error {
	var err error
	var file io.Reader

	switch logger {
	case "auditd":
		file, err = logs.GetAuditLogs(path)
	case "systemd":
		file, err = logs.GetJournalctlLogs(path, !slices.Contains(logs.LogFiles, path))
	default:
		err = fmt.Errorf("Logger %s not supported.", logger)
	}
	if err != nil {
		return err
	}

	aaLogs := logs.NewApparmorLogs(file, profile)
	if rules {
		profiles := aaLogs.ParseToProfiles()
		for _, profile := range profiles {
			fmt.Print(profile.String() + "\n")
		}
	} else {
		fmt.Print(aaLogs.String())
	}
	return nil
}

func init() {
	flag.BoolVar(&help, "h", false, "Show this help message and exit.")
	flag.BoolVar(&help, "help", false, "Show this help message and exit.")
	flag.StringVar(&path, "f", "", "Set a logfile or a suffix to the default log file.")
	flag.StringVar(&path, "file", "", "Set a logfile or a suffix to the default log file.")
	flag.BoolVar(&systemd, "s", false, "Parse systemd logs from journalctl.")
	flag.BoolVar(&systemd, "systemd", false, "Parse systemd logs from journalctl.")
	flag.BoolVar(&rules, "r", false, "Convert the log into AppArmor rules.")
	flag.BoolVar(&rules, "rules", false, "Convert the log into AppArmor rules.")
}

func main() {
	flag.Usage = func() { fmt.Print(usage) }
	flag.Parse()
	if help {
		flag.Usage()
		os.Exit(0)
	}

	profile := ""
	if len(flag.Args()) >= 1 {
		profile = flag.Args()[0]
	}

	logger := "auditd"
	if systemd {
		logger = "systemd"
	}

	logfile := logs.GetLogFile(path)
	err := aaLog(logger, logfile, profile, rules)
	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}
}
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`// aa-log - Review AppArmor generated messages`
feat(aa-log): better integration with journalctl & new usage page. 2023-02-19 18:53:49 +01:00			`// Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`// SPDX-License-Identifier: GPL-2.0-only`

			`package main`

			`import (`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`"flag"`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`"fmt"`
test(aa-log): Add AppArmor event test from the Apparmor lib upstream repo. 2022-05-02 18:14:42 +02:00			`"io"`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`"os"`
refractor: update aa-log to the new structure. 2023-04-17 00:33:07 +02:00
			`"github.com/roddhjav/apparmor.d/pkg/logs"`
feat(aa-log): add -a option to anonymize the logs. 2023-05-06 13:18:20 +02:00			`"golang.org/x/exp/slices"`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`)`

feat(aa-log): add -r option to convert the log into rules. 2023-08-18 00:14:11 +02:00			const usage = `aa-log [-h] [--systemd] [--file file] [--rules] [profile]
feat(aa-log): better integration with journalctl & new usage page. 2023-02-19 18:53:49 +01:00
			`Review AppArmor generated messages in a colorful way. Supports logs from`
			`auditd, systemd, syslog as well as dbus session events.`

			`It can be given an optional profile name to filter the output with.`

			`Default logs are read from '/var/log/audit/audit.log'. Other files in`
			`'/var/log/audit/' can easily be checked: 'aa-log -f 1' parses 'audit.log.1'`

			`Options:`
			`-h, --help Show this help message and exit.`
			`-f, --file FILE Set a logfile or a suffix to the default log file.`
			`-s, --systemd Parse systemd logs from journalctl.`
feat(aa-log): add -r option to convert the log into rules. 2023-08-18 00:14:11 +02:00			`-r, --rules Convert the log into AppArmor rules.`
feat(aa-log): better integration with journalctl & new usage page. 2023-02-19 18:53:49 +01:00
			`

aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`// Command line options`
			`var (`
feat(aa-log): resolve all main apparmor vars in log. This also deprecate the anonymize option 2023-08-17 20:12:02 +02:00			`help bool`
feat(aa-log): add -r option to convert the log into rules. 2023-08-18 00:14:11 +02:00			`rules bool`
feat(aa-log): resolve all main apparmor vars in log. This also deprecate the anonymize option 2023-08-17 20:12:02 +02:00			`path string`
			`systemd bool`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`)`

feat(aa-log): add -r option to convert the log into rules. 2023-08-18 00:14:11 +02:00			`func aaLog(logger string, path string, profile string, rules bool) error {`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`var err error`
			`var file io.Reader`

			`switch logger {`
			`case "auditd":`
refractor: update aa-log to the new structure. 2023-04-17 00:33:07 +02:00			`file, err = logs.GetAuditLogs(path)`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`case "systemd":`
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`file, err = logs.GetJournalctlLogs(path, !slices.Contains(logs.LogFiles, path))`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`default:`
feat(aa-log): better error formating. 2022-10-16 13:11:07 +02:00			`err = fmt.Errorf("Logger %s not supported.", logger)`
feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`}`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`if err != nil {`
aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`return err`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`
feat(aa-log): add -r option to convert the log into rules. 2023-08-18 00:14:11 +02:00
refractor: update aa-log to the new structure. 2023-04-17 00:33:07 +02:00			`aaLogs := logs.NewApparmorLogs(file, profile)`
feat(aa-log): add -r option to convert the log into rules. 2023-08-18 00:14:11 +02:00			`if rules {`
			`profiles := aaLogs.ParseToProfiles()`
			`for _, profile := range profiles {`
			`fmt.Print(profile.String() + "\n")`
			`}`
			`} else {`
			`fmt.Print(aaLogs.String())`
			`}`
feat(aa-log): add support dbus session log using journactl. 2022-08-19 20:05:46 +02:00			`return nil`
aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`}`

aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`func init() {`
			`flag.BoolVar(&help, "h", false, "Show this help message and exit.")`
feat(aa-log): better integration with journalctl & new usage page. 2023-02-19 18:53:49 +01:00			`flag.BoolVar(&help, "help", false, "Show this help message and exit.")`
feat(aa-log): fallback to syslog if audit.log is not present. 2023-03-12 17:54:54 +01:00			`flag.StringVar(&path, "f", "", "Set a logfile or a suffix to the default log file.")`
			`flag.StringVar(&path, "file", "", "Set a logfile or a suffix to the default log file.")`
feat(aa-log): better integration with journalctl & new usage page. 2023-02-19 18:53:49 +01:00			`flag.BoolVar(&systemd, "s", false, "Parse systemd logs from journalctl.")`
			`flag.BoolVar(&systemd, "systemd", false, "Parse systemd logs from journalctl.")`
feat(aa-log): add -r option to convert the log into rules. 2023-08-18 00:14:11 +02:00			`flag.BoolVar(&rules, "r", false, "Convert the log into AppArmor rules.")`
			`flag.BoolVar(&rules, "rules", false, "Convert the log into AppArmor rules.")`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`}`

aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`func main() {`
feat(aa-log): better integration with journalctl & new usage page. 2023-02-19 18:53:49 +01:00			`flag.Usage = func() { fmt.Print(usage) }`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`flag.Parse()`
			`if help {`
feat(aa-log): better integration with journalctl & new usage page. 2023-02-19 18:53:49 +01:00			`flag.Usage()`
aa-log: add -f option to set a log file. 2022-02-10 22:30:51 +01:00			`os.Exit(0)`
			`}`

			`profile := ""`
			`if len(flag.Args()) >= 1 {`
			`profile = flag.Args()[0]`
			`}`

feat(aa-log): add support for multiple logger. 2022-10-06 22:11:35 +02:00			`logger := "auditd"`
			`if systemd {`
			`logger = "systemd"`
			`}`

refractor: update aa-log to the new structure. 2023-04-17 00:33:07 +02:00			`logfile := logs.GetLogFile(path)`
feat(aa-log): add -r option to convert the log into rules. 2023-08-18 00:14:11 +02:00			`err := aaLog(logger, logfile, profile, rules)`
aa-log: add missing unit test. 2021-12-12 13:35:08 +01:00			`if err != nil {`
			`fmt.Println(err)`
			`os.Exit(1)`
			`}`
Rewrite aa-log. 2021-11-09 23:41:12 +01:00			`}`