Logo Search packages:      
Sourcecode: audit version File versions  Download package

def audit_rules::Rule::validate (   self,
  list,
  rules 
)

Validate the rule, for usage within list in rules.

Raise ParsingError on error.

Definition at line 404 of file audit_rules.py.

00404                                    :
        '''Validate the rule, for usage within list in rules.

        Raise ParsingError on error.

        '''
        for var in (field.var for field in self.fields):
            if list is rules.exclude_rules and var != audit.AUDIT_MSGTYPE:
                raise ParsingError('Field type "%s" is invalid in "exclude" '
                                   'rules' % audit.audit_field_to_name(var))
            if list is not rules.exclude_rules and var == audit.AUDIT_MSGTYPE:
                raise ParsingError('Field type "%s" is valid only "exclude" '
                                   'rules' % audit.audit_field_to_name(var))
            if (list is not rules.exit_rules and
                var in (audit.AUDIT_OBJ_USER, audit.AUDIT_OBJ_ROLE,
                        audit.AUDIT_OBJ_TYPE, audit.AUDIT_OBJ_LEV_LOW,
                        audit.AUDIT_OBJ_LEV_HIGH, audit.AUDIT_WATCH)):
                raise ParsingError('Field type "%s" is valid only in system '
                                   'call exit and watch rules' %
                                   audit.audit_field_to_name(var))
            if (list is rules.entry_rules and
                var in (audit.AUDIT_DEVMAJOR, audit.AUDIT_DEVMINOR,
                        audit.AUDIT_INODE, audit.AUDIT_EXIT,
                        audit.AUDIT_SUCCESS)):
                raise ParsingError('Field type "%s" is not valid in system '
                                   'call entry rules' %
                                   audit.audit_field_to_name(var))
        if list is rules.exclude_rules and len(self.fields) > 1:
            # FIXME: this is to avoid -F msgtype=1 -F msgtype=2 not doing the
            # right thing, but it prevents range expressions from working
            raise ParsingError('Only one field is allowed in "exclude" rules')
        # FIXME: more checks?

    def command_text(self, rules, list, list_name):


Generated by  Doxygen 1.6.0   Back to index