[augeas-devel] General Lens
Michael Boldi
mboldi at uptycs.com
Wed Jun 27 03:08:51 UTC 2018
Thanks for your help ( in advance ).
we are using osquery ... and it supports the augeas table ... select *
from augeas where path = '/etc/motd' ..
This returns nothing .. since /etc/motd is not in any lens .. including
simplelines.aug ... is there a way to give osquery the "hint" to use
simplelines.aug as the parser ?
I noticed that on the command line of osqueryi one can override the
default location of the lenses ...
oqueryi --augeas_lenses=/some/path
.. but that opens another can of worms ...
is it possible in osquery a syntax like
select * from augeas ( using simplelines ) where path = '/etc/motd' ?
On Mon, Jun 25, 2018 at 2:23 PM, Michael Boldi <mboldi at uptycs.com> wrote:
> Thanks that is helpful ... works like I would hope ..
> Next step is to get /etc/motd ( and others) into this lens for the
> general public ... yes ?
> When we bundle osquery for installation, we simply pull from the augeas
> repo .. Then there would be no need to customize anything.
> Let me know if this is possible / simple / useful !! Thanks.
>
>
> I am using this to automate the CIS Distribution Independent Linux
> requirements ... they want to look into these files for various legal /
> illegal strings.
>
> The full list of files I would like to add for public consumption is
>
> . incl "/etc/motd"
> . incl "/etc/issue"
> . incl "/etc/issue.net"
> . incl "/etc/audit/audit.rules"
> . incl "/etc/dconf/profile/gdm"
> . incl "/etc/dconf/db/gdm.d/01-banner-message"
>
>
>
>
> On Mon, Jun 25, 2018 at 1:29 PM, Raphaël Pinson <
> raphael.pinson at camptocamp.com> wrote:
>
>> Hi Michael,
>>
>>
>> You can use Simplelines.lns for that.
>>
>>
>> Regards,
>>
>> Raphaël
>>
>> On Mon, Jun 25, 2018 at 7:15 PM, Michael Boldi <mboldi at uptycs.com> wrote:
>>
>>> Hi,
>>> I was hoping to find a lens for a generic file like /etc/motd ..
>>> I need to look for certain illegal strings as well as verify some
>>> strings exist.
>>>
>>> I would imagine the key is line# and value would be the entire line ..
>>> I guess the lack of keys in the motd may prohibit this ?
>>>
>>> I wrote a simple ( lens creator newbie ) lens to do this ..
>>> Is this 2request worth submitting ? Or can we introduce my simple lens
>>> into the library ?
>>>
>>> Here ..
>>>
>>> module Motd =
>>> autoload xfm
>>>
>>> let word = /[^# \n\t\/]+/
>>>
>>> let sto_line = store /[^# \t\n].*$/
>>>
>>> let record = [ key word . (Util.del_ws_tab . sto_line)? . Util.eol ]
>>>
>>> let lns = ( Util.empty | Util.comment | record ) *
>>> let filter = (
>>> incl "/etc/motd" .
>>> incl "/etc/issue" .
>>> incl "/etc/issue.net" )
>>> let xfm = transform lns filter
>>>
>>>
>>>
>>> _______________________________________________
>>> augeas-devel mailing list
>>> augeas-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/augeas-devel
>>>
>>
>>
>>
>> --
>> Raphaël Pinson
>> Infrastructure Developer & Training Leader
>> +33 458 482 013
>>
>> Camptocamp France SAS
>> Bâtiment le Dauphin - 1er étage
>> 18 rue du Lac Saint André
>> <https://maps.google.com/?q=18+rue+du+Lac+Saint+Andr%C3%A9+Savoie&entry=gmail&source=g>
>> Savoie
>> <https://maps.google.com/?q=18+rue+du+Lac+Saint+Andr%C3%A9+Savoie&entry=gmail&source=g>
>> Technolac
>> F-73370 Le Bourget du Lac
>>
>> www.camptocamp.com
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20180626/2d107ada/attachment.htm>
More information about the augeas-devel
mailing list