Source code for insights.parsers.auditd_conf

"""
Audit Conf files parsers
========================

The auditd.conf file is a standard key = value file with hash comments.
Active settings are provided using the `get_active_settings_value` method or
by using the dictionary `contains` functionality.

The audispd.conf file has the same format and usage with auditd.conf.

.. note::
    For Red Hat Enterprise Linux 7 and older, auditd and audispd are separate
    processes.
    Starting with Red Hat Enterprise Linux 8 the functionality of audispd has
    been migrated to auditd.

AuditdConf - file ``/etc/audit/auditd.conf``
--------------------------------------------

AudispdConf - file ``/etc/audisp/audispd.conf``
-----------------------------------------------

Example:

    >>> conf = shared[AuditdConf]
    >>> conf.get_active_setting_value('log_group')
    'root'
    >>> 'log_file' in conf
    True
"""

from .. import Parser, parser, get_active_lines
from ..parsers import split_kv_pairs
from insights.specs import Specs




[docs]
class AuditConfParser(Parser):
    """
    A parser for accessing plain "key=value" configuration files,
    eg: ``/etc/audit/auditd.conf``.
    """

    def __init__(self, *args, **kwargs):
        self.active_lines_unparsed = []
        self.active_settings = {}
        super(AuditConfParser, self).__init__(*args, **kwargs)



[docs]
    def parse_content(self, content):
        """
        Main parsing class method which stores all interesting data from the content.

        Args:
            content (context.content): Parser context content
        """
        self.active_lines_unparsed = get_active_lines(content)
        #  (man page specifies that a line must contain "=")
        self.active_settings = split_kv_pairs(content, use_partition=False)





[docs]
    def get_active_setting_value(self, setting_name):
        """
        Access active setting value by setting name.

        Args:
            setting_name (string): Setting name
        """
        return self.active_settings[setting_name]








[docs]
@parser(Specs.auditd_conf)
class AuditdConf(AuditConfParser):
    pass






[docs]
@parser(Specs.audispd_conf)
class AudispdConf(AuditConfParser):
    pass