mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(aa-log): minor structure improvments.
This commit is contained in:
parent
85e7832f0b
commit
6325314825
2 changed files with 34 additions and 20 deletions
|
@ -36,14 +36,11 @@ const Username = "AAD"
|
||||||
var (
|
var (
|
||||||
quoted bool
|
quoted bool
|
||||||
isAppArmorLogTemplate = regexp.MustCompile(`apparmor=("DENIED"|"ALLOWED"|"AUDIT")`)
|
isAppArmorLogTemplate = regexp.MustCompile(`apparmor=("DENIED"|"ALLOWED"|"AUDIT")`)
|
||||||
regAALogs = []struct {
|
regAALogs = util.ToRegexRepl([]string{
|
||||||
regex *regexp.Regexp
|
`.*apparmor="`, `apparmor="`,
|
||||||
repl string
|
`(peer_|)pid=[0-9]*\s`, " ",
|
||||||
}{
|
`\x1d`, " ",
|
||||||
{regexp.MustCompile(`.*apparmor="`), `apparmor="`},
|
})
|
||||||
{regexp.MustCompile(`(peer_|)pid=[0-9]*\s`), " "},
|
|
||||||
{regexp.MustCompile(`\x1d`), " "},
|
|
||||||
}
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type AppArmorLog map[string]string
|
type AppArmorLog map[string]string
|
||||||
|
@ -86,7 +83,7 @@ func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
|
||||||
|
|
||||||
// Clean logs
|
// Clean logs
|
||||||
for _, aa := range regAALogs {
|
for _, aa := range regAALogs {
|
||||||
log = aa.regex.ReplaceAllLiteralString(log, aa.repl)
|
log = aa.Regex.ReplaceAllLiteralString(log, aa.Repl)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove doublon in logs
|
// Remove doublon in logs
|
||||||
|
@ -124,19 +121,16 @@ func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
|
||||||
func (aaLogs AppArmorLogs) Anonymize() {
|
func (aaLogs AppArmorLogs) Anonymize() {
|
||||||
user, _ := user.Current()
|
user, _ := user.Current()
|
||||||
keys := []string{"name", "comm"}
|
keys := []string{"name", "comm"}
|
||||||
regAnonymizeLogs := []struct {
|
regAnonymizeLogs := util.ToRegexRepl([]string{
|
||||||
regex *regexp.Regexp
|
user.Username, Username,
|
||||||
repl string
|
`/home/[^/]+`, `/home/` + Username,
|
||||||
}{
|
`[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*`, `b08dfa60-83e7-567a-1921-a715000001fb`,
|
||||||
{regexp.MustCompile(user.Username), Username},
|
})
|
||||||
{regexp.MustCompile(`/home/[^/]+`), `/home/` + Username},
|
|
||||||
{regexp.MustCompile(`[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*`), `b08dfa60-83e7-567a-1921-a715000001fb`},
|
|
||||||
}
|
|
||||||
for _, log := range aaLogs {
|
for _, log := range aaLogs {
|
||||||
for _, key := range keys {
|
for _, key := range keys {
|
||||||
if _, ok := log[key]; ok {
|
if _, ok := log[key]; ok {
|
||||||
for _, aa := range regAnonymizeLogs {
|
for _, aa := range regAnonymizeLogs {
|
||||||
log[key] = aa.regex.ReplaceAllLiteralString(log[key], aa.repl)
|
log[key] = aa.Regex.ReplaceAllLiteralString(log[key], aa.Repl)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -158,12 +152,12 @@ func (aaLogs AppArmorLogs) String() string {
|
||||||
"mask", "bus", "path", "interface", "member", // dbus
|
"mask", "bus", "path", "interface", "member", // dbus
|
||||||
"info", "comm",
|
"info", "comm",
|
||||||
"laddr", "lport", "faddr", "fport", "family", "sock_type", "protocol",
|
"laddr", "lport", "faddr", "fport", "family", "sock_type", "protocol",
|
||||||
"requested_mask", "denied_mask", "signal", "peer", // "fsuid", "ouid", "FSUID", "OUID",
|
"requested_mask", "denied_mask", "signal", "peer",
|
||||||
}
|
}
|
||||||
// Key to not print
|
// Key to not print
|
||||||
ignore := []string{
|
ignore := []string{
|
||||||
"fsuid", "ouid", "FSUID", "OUID", "exe", "SAUID", "sauid", "terminal",
|
"fsuid", "ouid", "FSUID", "OUID", "exe", "SAUID", "sauid", "terminal",
|
||||||
"UID", "AUID", "hostname", "addr",
|
"UID", "AUID", "hostname", "addr", "class",
|
||||||
}
|
}
|
||||||
// Color template to use
|
// Color template to use
|
||||||
colors := map[string]string{
|
colors := map[string]string{
|
||||||
|
|
|
@ -11,6 +11,11 @@ import (
|
||||||
|
|
||||||
var isHexa = regexp.MustCompile("^[0-9A-Fa-f]+$")
|
var isHexa = regexp.MustCompile("^[0-9A-Fa-f]+$")
|
||||||
|
|
||||||
|
type RegexRepl struct {
|
||||||
|
Regex *regexp.Regexp
|
||||||
|
Repl string
|
||||||
|
}
|
||||||
|
|
||||||
// DecodeHex decode a string if it is hexa.
|
// DecodeHex decode a string if it is hexa.
|
||||||
func DecodeHex(str string) string {
|
func DecodeHex(str string) string {
|
||||||
if isHexa.MatchString(str) {
|
if isHexa.MatchString(str) {
|
||||||
|
@ -34,3 +39,18 @@ func RemoveDuplicate[T comparable](inlist []T) []T {
|
||||||
}
|
}
|
||||||
return list
|
return list
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ToRegexRepl convert slice of regex into a slice of RegexRepl
|
||||||
|
func ToRegexRepl(in []string) []RegexRepl {
|
||||||
|
out := make([]RegexRepl, 0)
|
||||||
|
idx := 0
|
||||||
|
for idx < len(in)-1 {
|
||||||
|
regex, repl := in[idx], in[idx+1]
|
||||||
|
out = append(out, RegexRepl{
|
||||||
|
Regex: regexp.MustCompile(regex),
|
||||||
|
Repl: repl,
|
||||||
|
})
|
||||||
|
idx = idx + 2
|
||||||
|
}
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue