feat(aa-log): add -r option to convert the log into rules.

This commit is contained in:
Alexandre Pujol 2023-08-17 23:14:11 +01:00
parent d06a474b0c
commit 9650df00e3
Failed to generate hash of commit
2 changed files with 25 additions and 5 deletions

View file

@ -14,7 +14,7 @@ import (
"golang.org/x/exp/slices" "golang.org/x/exp/slices"
) )
const usage = `aa-log [-h] [--systemd] [--file file] [profile] const usage = `aa-log [-h] [--systemd] [--file file] [--rules] [profile]
Review AppArmor generated messages in a colorful way. Supports logs from Review AppArmor generated messages in a colorful way. Supports logs from
auditd, systemd, syslog as well as dbus session events. auditd, systemd, syslog as well as dbus session events.
@ -28,17 +28,19 @@ Options:
-h, --help Show this help message and exit. -h, --help Show this help message and exit.
-f, --file FILE Set a logfile or a suffix to the default log file. -f, --file FILE Set a logfile or a suffix to the default log file.
-s, --systemd Parse systemd logs from journalctl. -s, --systemd Parse systemd logs from journalctl.
-r, --rules Convert the log into AppArmor rules.
` `
// Command line options // Command line options
var ( var (
help bool help bool
rules bool
path string path string
systemd bool systemd bool
) )
func aaLog(logger string, path string, profile string) error { func aaLog(logger string, path string, profile string, rules bool) error {
var err error var err error
var file io.Reader var file io.Reader
@ -53,8 +55,16 @@ func aaLog(logger string, path string, profile string) error {
if err != nil { if err != nil {
return err return err
} }
aaLogs := logs.NewApparmorLogs(file, profile) aaLogs := logs.NewApparmorLogs(file, profile)
fmt.Print(aaLogs.String()) if rules {
profiles := aaLogs.ParseToProfiles()
for _, profile := range profiles {
fmt.Print(profile.String() + "\n")
}
} else {
fmt.Print(aaLogs.String())
}
return nil return nil
} }
@ -65,6 +75,8 @@ func init() {
flag.StringVar(&path, "file", "", "Set a logfile or a suffix to the default log file.") flag.StringVar(&path, "file", "", "Set a logfile or a suffix to the default log file.")
flag.BoolVar(&systemd, "s", false, "Parse systemd logs from journalctl.") flag.BoolVar(&systemd, "s", false, "Parse systemd logs from journalctl.")
flag.BoolVar(&systemd, "systemd", false, "Parse systemd logs from journalctl.") flag.BoolVar(&systemd, "systemd", false, "Parse systemd logs from journalctl.")
flag.BoolVar(&rules, "r", false, "Convert the log into AppArmor rules.")
flag.BoolVar(&rules, "rules", false, "Convert the log into AppArmor rules.")
} }
func main() { func main() {
@ -86,7 +98,7 @@ func main() {
} }
logfile := logs.GetLogFile(path) logfile := logs.GetLogFile(path)
err := aaLog(logger, logfile, profile) err := aaLog(logger, logfile, profile, rules)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
os.Exit(1) os.Exit(1)

View file

@ -25,6 +25,14 @@ func Test_app(t *testing.T) {
rules: false, rules: false,
wantErr: false, wantErr: false,
}, },
{
name: "Test audit.log to rules",
logger: "auditd",
path: "../../tests/audit.log",
profile: "",
rules: rules,
wantErr: false,
},
{ {
name: "Test Dbus Session", name: "Test Dbus Session",
logger: "systemd", logger: "systemd",
@ -52,7 +60,7 @@ func Test_app(t *testing.T) {
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
if err := aaLog(tt.logger, tt.path, tt.profile); (err != nil) != tt.wantErr { if err := aaLog(tt.logger, tt.path, tt.profile, tt.rules); (err != nil) != tt.wantErr {
t.Errorf("aaLog() error = %v, wantErr %v", err, tt.wantErr) t.Errorf("aaLog() error = %v, wantErr %v", err, tt.wantErr)
} }
}) })