feat(aa-log): add --raw option.

This commit is contained in:
Alexandre Pujol 2023-09-24 19:50:15 +01:00
parent 64564095e6
commit 99d1a4e302
Failed to generate hash of commit
3 changed files with 44 additions and 2 deletions

View file

@ -29,6 +29,7 @@ Options:
-f, --file FILE Set a logfile or a suffix to the default log file.
-s, --systemd Parse systemd logs from journalctl.
-r, --rules Convert the log into AppArmor rules.
-R, --raw Print the raw log without any formatting.
`
@ -38,6 +39,7 @@ var (
rules bool
path string
systemd bool
raw bool
)
func aaLog(logger string, path string, profile string) error {
@ -56,6 +58,11 @@ func aaLog(logger string, path string, profile string) error {
return err
}
if raw {
fmt.Print(logs.Raw(file, profile))
return nil
}
aaLogs := logs.NewApparmorLogs(file, profile)
if rules {
profiles := aaLogs.ParseToProfiles()
@ -77,6 +84,8 @@ func init() {
flag.BoolVar(&systemd, "systemd", false, "Parse systemd logs from journalctl.")
flag.BoolVar(&rules, "r", false, "Convert the log into AppArmor rules.")
flag.BoolVar(&rules, "rules", false, "Convert the log into AppArmor rules.")
flag.BoolVar(&raw, "R", false, "Print the raw log without any formatting.")
flag.BoolVar(&raw, "raw", false, "Print the raw log without any formatting.")
}
func main() {

View file

@ -5,13 +5,18 @@
package logs
import (
"bufio"
"bytes"
"encoding/json"
"fmt"
"io"
"os"
"os/exec"
"path/filepath"
"regexp"
"strings"
"github.com/roddhjav/apparmor.d/pkg/util"
)
// LogFiles is the list of default path to query
@ -29,7 +34,7 @@ type systemdLog struct {
func GetAuditLogs(path string) (io.Reader, error) {
file, err := os.Open(filepath.Clean(path))
if err != nil {
return nil, err
return file, err
}
return file, err
}
@ -87,3 +92,31 @@ func SelectLogFile(path string) string {
}
return ""
}
func Raw(file io.Reader, profile string) string {
res := ""
isAppArmorLog := isAppArmorLogTemplate.Copy()
if profile != "" {
exp := `apparmor=("DENIED"|"ALLOWED"|"AUDIT")`
exp = fmt.Sprintf(exp+`.* (profile="%s.*"|label="%s.*")`, profile, profile)
isAppArmorLog = regexp.MustCompile(exp)
}
// Select Apparmor logs
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := scanner.Text()
if isAppArmorLog.MatchString(line) {
res += line + "\n"
}
}
// Clean & remove doublon in logs
for _, aa := range regCleanLogs {
res = aa.Regex.ReplaceAllLiteralString(res, aa.Repl)
}
logs := strings.Split(res, "\n")
logs = util.RemoveDuplicate(logs)
return strings.Join(logs, "\n")
}

View file

@ -78,7 +78,7 @@ func TestSelectLogFile(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := SelectLogFile(tt.path); got != tt.want {
t.Errorf("getLogFile() = %v, want %v", got, tt.want)
t.Errorf("SelectLogFile() = %v, want %v", got, tt.want)
}
})
}