Class: TrainPlugins::TrainKubernetes::File::LinuxImmutableFileCheck

Inherits:

Inspec::Resources::LinuxImmutableFlagCheck

Object
Inspec::Resources::LinuxImmutableFlagCheck
TrainPlugins::TrainKubernetes::File::LinuxImmutableFileCheck

show all

Defined in:: lib/train-kubernetes/file/linux_immutable_file_check.rb

Instance Method Summary collapse

#find_utility_or_error(utility_name) ⇒ Object
#initialize(inspec, file, pod:, container: nil, namespace: nil) ⇒ LinuxImmutableFileCheck constructor

A new instance of LinuxImmutableFileCheck.
#is_immutable? ⇒ Boolean

Constructor Details

#initialize(inspec, file, pod:, container: nil, namespace: nil) ⇒ `LinuxImmutableFileCheck`

Returns a new instance of LinuxImmutableFileCheck.

# File 'lib/train-kubernetes/file/linux_immutable_file_check.rb', line 8

def initialize(inspec, file, pod:, container: nil, namespace: nil)
  @pod = pod
  @container = container
  @namespace = namespace
  super(inspec, file)
end

Instance Method Details

#find_utility_or_error(utility_name) ⇒ `Object`

Raises:

(Inspec::Exceptions::ResourceFailed)

# File 'lib/train-kubernetes/file/linux_immutable_file_check.rb', line 15

def find_utility_or_error(utility_name)
  %W(/usr/sbin/#{utility_name} /sbin/#{utility_name} /usr/bin/#{utility_name} /bin/#{utility_name} #{utility_name}).each do |cmd|
    if inspec.backend
        .run_command("sh -c 'type \"#{cmd}\"'", { pod: pod, container: container, namespace: namespace })
        .exit_status.to_i == 0
      return cmd
    end
  end

  raise Inspec::Exceptions::ResourceFailed, "Could not find `#{utility_name}`"
end

#is_immutable? ⇒ `Boolean`

Returns:

(Boolean)

Raises:

(Inspec::Exceptions::ResourceFailed)

# File 'lib/train-kubernetes/file/linux_immutable_file_check.rb', line 27

def is_immutable?
  # Check if lsattr is available. In general, all linux system has lsattr & chattr
  # This logic check is valid for immutable flag set with chattr
  utility = find_utility_or_error("lsattr")

  utility_cmd = inspec.backend.run_command("#{utility} #{file_path}",
                                           { pod: pod, container: container, namespace: namespace })

  raise Inspec::Exceptions::ResourceFailed, "Executing #{utility} #{file_path} failed: #{utility_cmd.stderr}" if utility_cmd.exit_status.to_i != 0

  # General output for lsattr file_name is:
  # ----i---------e----- file_name
  # The fifth char resembles the immutable flag. Total 20 flags are allowed.
  lsattr_info = utility_cmd.stdout.strip.squeeze(" ")
  lsattr_info =~ /^.{4}i.{15} .*/
end

Class: TrainPlugins::TrainKubernetes::File::LinuxImmutableFileCheck

Instance Method Summary collapse

Constructor Details

#initialize(inspec, file, pod:, container: nil, namespace: nil) ⇒ LinuxImmutableFileCheck

Instance Method Details

#find_utility_or_error(utility_name) ⇒ Object

#is_immutable? ⇒ Boolean

#initialize(inspec, file, pod:, container: nil, namespace: nil) ⇒ `LinuxImmutableFileCheck`

#find_utility_or_error(utility_name) ⇒ `Object`

#is_immutable? ⇒ `Boolean`