[augeas-devel] General Lens

Michael Boldi mboldi at uptycs.com
Wed Jun 27 03:08:51 UTC 2018


Thanks for your help ( in advance ).
we are using osquery ... and it supports the augeas table ...  select *
from augeas where path = '/etc/motd' ..
This returns nothing .. since /etc/motd is not in any lens .. including
simplelines.aug ...  is there a way to give osquery the "hint" to use
simplelines.aug as the parser ?
I noticed that on the command line of osqueryi  one can override the
default location of the lenses ...
oqueryi --augeas_lenses=/some/path

..  but that opens another can of worms ...

is it possible in osquery a syntax like

select * from augeas ( using simplelines ) where path = '/etc/motd' ?


On Mon, Jun 25, 2018 at 2:23 PM, Michael Boldi <mboldi at uptycs.com> wrote:

> Thanks that is helpful ... works like I would hope ..
> Next step is to get   /etc/motd  ( and others) into this lens for the
> general public ...  yes ?
> When we bundle osquery for installation, we simply pull from the augeas
> repo ..  Then there would be no need to customize anything.
> Let me know if this is possible / simple / useful !!   Thanks.
>
>
> I am using this to automate the CIS Distribution Independent Linux
> requirements ...  they want to look into these files for various legal /
> illegal strings.
>
> The full list of files I would like to add for public consumption is
>
>            . incl "/etc/motd"
>            . incl "/etc/issue"
>            . incl "/etc/issue.net"
>            . incl "/etc/audit/audit.rules"
>            . incl "/etc/dconf/profile/gdm"
>            . incl "/etc/dconf/db/gdm.d/01-banner-message"
>
>
>
>
> On Mon, Jun 25, 2018 at 1:29 PM, Raphaël Pinson <
> raphael.pinson at camptocamp.com> wrote:
>
>> Hi Michael,
>>
>>
>> You can use Simplelines.lns for that.
>>
>>
>> Regards,
>>
>> Raphaël
>>
>> On Mon, Jun 25, 2018 at 7:15 PM, Michael Boldi <mboldi at uptycs.com> wrote:
>>
>>> Hi,
>>> I was hoping to find a lens for a generic file like   /etc/motd  ..
>>> I need to look for certain illegal strings as well as verify some
>>> strings exist.
>>>
>>> I would imagine the key is line# and value would be the entire line ..
>>> I guess the lack of keys in the motd may prohibit this ?
>>>
>>> I wrote a simple ( lens creator newbie )   lens to do this ..
>>> Is this 2request worth submitting ?  Or can we introduce my simple lens
>>> into the library ?
>>>
>>> Here ..
>>>
>>> module Motd =
>>>   autoload xfm
>>>
>>> let word = /[^# \n\t\/]+/
>>>
>>> let sto_line = store /[^# \t\n].*$/
>>>
>>> let record = [ key word . (Util.del_ws_tab . sto_line)? . Util.eol ]
>>>
>>> let lns = ( Util.empty | Util.comment | record ) *
>>> let filter = (
>>>    incl "/etc/motd" .
>>>    incl "/etc/issue" .
>>>    incl "/etc/issue.net" )
>>> let xfm = transform lns filter
>>>
>>>
>>>
>>> _______________________________________________
>>> augeas-devel mailing list
>>> augeas-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/augeas-devel
>>>
>>
>>
>>
>> --
>> Raphaël Pinson
>> Infrastructure Developer & Training Leader
>> +33 458 482 013
>>
>> Camptocamp France SAS
>> Bâtiment le Dauphin - 1er étage
>> 18 rue du Lac Saint André
>> <https://maps.google.com/?q=18+rue+du+Lac+Saint+Andr%C3%A9+Savoie&entry=gmail&source=g>
>> Savoie
>> <https://maps.google.com/?q=18+rue+du+Lac+Saint+Andr%C3%A9+Savoie&entry=gmail&source=g>
>> Technolac
>> F-73370 Le Bourget du Lac
>>
>> www.camptocamp.com
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20180626/2d107ada/attachment.htm>


More information about the augeas-devel mailing list