Logo Search packages:      
Sourcecode: audit version File versions  Download package

def audit_rules::AuditRules::__interpret_line (   self,
  args 
) [private]

Handle a single configuration file command.

Raise ParsingError on error.

Definition at line 524 of file audit_rules.py.

00524                                     :
        '''Handle a single configuration file command.

        Raise ParsingError on error.

        '''
        try:
            (opts, arguments) = \
                   getopt.getopt(args, 'A:DF:S:W:a:b:d:e:f:ihlk:m:p:r:sw:')
        except getopt.error, e:
            raise ParsingError(e.msg)
        if arguments:
            raise ParsingError('Unexpected non-option arguments "%s"' %
                               ' '.join(arguments))
        rule = Rule()
        rule_operation = None
        rule_list = None
        for (opt, arg) in opts:
            if opt in ('-A', '-a', '-d'):
                if rule.action is not None:
                    raise ParsingError('Action already specified for a rule')
                i = arg.find(',')
                if i == -1:
                    raise ParsingError('Missing comma in "%s"' % arg)
                (dest, action) = (arg[:i], arg[i + 1:])
                if dest == 'task':
                    rule_list = self.task_rules
                elif dest == 'entry':
                    rule_list = self.entry_rules
                elif dest == 'exit':
                    rule_list = self.exit_rules
                elif dest == 'exclude':
                    rule_list = self.exclude_rules
                else:
                    raise ParsingError('Unknown rule list "%s"' % dest)
                if action == 'never':
                    rule.action = Rule.ACTION_NEVER
                elif action == 'always':
                    rule.action = Rule.ACTION_ALWAYS
                elif action == 'possible':
                    raise ParsingError('Rule action "possible" is deprecated')
                else:
                    raise ParsingError('Unknown rule action "%s"' % action)
                rule_operation = opt
            elif opt == '-D':
                self.__empty_rule_lists()
            elif opt == '-F':
                field = Field()
                # This may have the nasty side effect of changing rule.machine
                field.parse(arg, rule)
                rule.fields.append(field)
            elif opt == '-S':
                if arg == 'all':
                    sc = Rule.SYSCALLS_ALL
                else:
                    sc = util.parse_syscall(arg, rule.machine)
                if sc not in rule.syscalls:
                    rule.syscalls.append(sc)
            elif opt == '-W' or opt == '-w':
                if rule.action is not None:
                    raise ParsingError('Action already specified for a rule')
                if audit.AUDIT_WATCH in (field.var for field in rule.fields):
                    raise ParsingError('Two paths specified for a rule')
                rule.action = Rule.ACTION_ALWAYS
                field = Field()
                field.parse_special(audit.AUDIT_WATCH, arg)
                rule.fields.append(field)
                if opt == '-W':
                    rule_operation = '-d'
                else:
                    rule_operation = '-a'
                rule_list = self.exit_rules
            elif opt == '-b':
                self.backlog_limit = util.parse_unsigned(arg)
            elif opt == '-e':
                if arg == '0':
                    self.audit_enabled = self.AUDIT_DISABLED
                elif arg == '1':
                    self.audit_enabled = self.AUDIT_ENABLED
                elif arg == '2':
                    self.audit_enabled = self.AUDIT_LOCKED
                else:
                    raise ParsingError('Invalid value "%s" of option -e' % arg)
            elif opt == '-f':
                if arg == '0':
                    self.failure_handling = self.FAILURE_SILENT
                elif arg == '1':
                    self.failure_handling = self.FAILURE_PRINTK
                elif arg == '2':
                    self.failure_handling = self.FAILURE_PANIC
                else:
                    raise ParsingError('Invalid value "%s" of option -f' % arg)
            elif opt == '-h' or opt == '-i' or opt == '-l':
                pass # Ignore
            elif opt == '-k':
                # FIXME: warn about more than one key?
                field = Field()
                field.parse_special(audit.AUDIT_FILTERKEY, arg)
                rule.fields.append(field)
            elif opt == '-m':
                pass # Ignore
            elif opt == '-p':
                field = Field()
                field.parse_special(audit.AUDIT_PERM, arg)
                for i in xrange(len(rule.fields)):
                    if rule.fields[i].var == audit.AUDIT_PERM:
                        rule.fields[i] = field
                        break
                else:
                    rule.fields.append(field)
            elif opt == '-r':
                self.rate_limit = util.parse_unsigned(arg)
            elif opt == '-s':
                pass # Ignore
      if rule_list is not None:
            if rule.syscalls:
                if rule_list is self.task_rules:
                    raise ParsingError('System calls cannot be used in task '
                                        'rules')
                if rule_list is self.user_rules:
                    raise ParsingError('System calls cannot be used in user '
                                       'rules')
                if rule_list is self.exclude_rules:
                    raise ParsingError('System calls cannot be used in '
                                        'exclude rules')
            if rule_list is not self.task_rules and not rule.syscalls:
                rule.syscalls.append(Rule.SYSCALLS_ALL)
            rule.validate(rule_list, self)
            for i in xrange(len(rule_list)):
                if rule_list[i] == rule: # See Rule.__eq__
                    same = i
                    break
            else:
                same = None
            if rule_operation in ('-a', '-A'):
                if same is not None:
                    raise ParsingError('The same rule already exists in this '
                                       'list')
                if rule_operation == '-a':
                    rule_list.append(rule)
                else:
                    rule_list.insert(0, rule)
            elif rule_operation == '-d':
                if same is None:
                    raise ParsingError('The rule does not exist in the list')
                del rule_list[same]

    __whitespace_re = re.compile(' +')


Generated by  Doxygen 1.6.0   Back to index