Allow looping over 'action' items. Relates #5.

robertdebock · Nov 15, 2020 · 6f20de5 · 6f20de5
1 parent c336f44
commit 6f20de5
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -61,6 +61,14 @@ This example is taken from `molecule/resources/converge.yml` and is tested on ea
           action: always
           filter: exit
           keyname: time_change
+        - action: always
+          filter: exit
+          filters:
+            - path=/bin/ping
+            - perm=x
+            - auid>=500
+            - auid!=4294967295
+          keyname: privileged
 ```
 
 The machine needs to be prepared in CI this is done using `molecule/resources/prepare.yml`:

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -49,3 +49,11 @@
           action: always
           filter: exit
           keyname: time_change
+        - action: always
+          filter: exit
+          filters:
+            - path=/bin/ping
+            - perm=x
+            - auid>=500
+            - auid!=4294967295
+          keyname: privileged
diff --git a/templates/custom.rules.j2 b/templates/custom.rules.j2
@@ -14,10 +14,13 @@
 {% if auditd_rules is defined %}
 {% for rule in auditd_rules %}
 {% if rule.file is defined %}
--w {{ rule.file }}{% if rule.permissions is defined %} -p {% for permission in rule.permissions %}{{ _auditd_permissions[permission] }}{% endfor %}{% endif %} -k {{ rule.keyname }}
+-w {{ rule.file }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %}{% if rule.permissions is defined %} -p {% for permission in rule.permissions %}{{ _auditd_permissions[permission] }}{% endfor %}{% endif %} -k {{ rule.keyname }}
 {% endif %}
 {% if rule.syscall is defined %}
- -a {{ rule.action }},{{ rule.filter }} -F arch={{ rule.arch | default(auditd_default_arch) }} -S {{ rule.syscall }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %} -k {{ rule.keyname }}
+-a {{ rule.action }},{{ rule.filter }} -F arch={{ rule.arch | default(auditd_default_arch) }} -S {{ rule.syscall }}{% if rule.filters is defined %}{% for filter in rule.filters %} -F {{ filter }}{% endfor %}{% endif %} -k {{ rule.keyname }}
+{% endif %}
+{% if rule.action is defined and rule.file is not defined and rule.syscall is not defined %}
+-a {{ rule.action }},{{ rule.filter }}{% for filter in rule.filters %} -F {{ filter }}{% endfor %} -k {{ rule.keyname }}
 {% endif %}
 {% endfor %}
 {% endif %}