Logo Search packages:      
Sourcecode: audit version File versions  Download package

def audit_rules::Rule::validate (   self,
  list,
  rules 
)
Validate the rule, for usage within list in rules.

Raise ParsingError on error.

Definition at line 428 of file audit_rules.py.

                                   :
        '''Validate the rule, for usage within list in rules.

        Raise ParsingError on error.

        '''
        for var in (field.var for field in self.fields):
            if list is rules.exclude_rules and var != audit.AUDIT_MSGTYPE:
                raise ParsingError('Field type "%s" is invalid in "exclude" '
                                   'rules' % audit.audit_field_to_name(var))
            if list is not rules.exclude_rules and var == audit.AUDIT_MSGTYPE:
                raise ParsingError('Field type "%s" is valid only "exclude" '
                                   'rules' % audit.audit_field_to_name(var))
            if (list is not rules.exit_rules and
                var in (audit.AUDIT_DIR, audit.AUDIT_OBJ_USER,
                        audit.AUDIT_OBJ_ROLE, audit.AUDIT_OBJ_TYPE,
                        audit.AUDIT_OBJ_LEV_LOW, audit.AUDIT_OBJ_LEV_HIGH,
                        audit.AUDIT_WATCH)):
                raise ParsingError('Field type "%s" is valid only in system '
                                   'call exit and watch rules' %
                                   audit.audit_field_to_name(var))
            if (list is rules.entry_rules and
                var in (audit.AUDIT_DEVMAJOR, audit.AUDIT_DEVMINOR,
                        audit.AUDIT_INODE, audit.AUDIT_EXIT,
                        audit.AUDIT_SUCCESS)):
                raise ParsingError('Field type "%s" is not valid in system '
                                   'call entry rules' %
                                   audit.audit_field_to_name(var))
        if list is rules.exclude_rules and len(self.fields) > 1:
            # FIXME: this is to avoid -F msgtype=1 -F msgtype=2 not doing the
            # right thing, but it prevents range expressions from working
            raise ParsingError('Only one field is allowed in "exclude" rules')
        keys = (field.value for field in self.fields
                if field.var == audit.AUDIT_FILTERKEY)
        if len('\x01'.join(keys)) > audit.AUDIT_MAX_KEY_LEN:
            raise ParsingError('Total key length is too long')
        # FIXME: more checks?


Generated by  Doxygen 1.6.0   Back to index