in Providers/Scripts/3.x/Scripts/nxOMSAuditdPlugin.py [0:0]
def Test(WorkspaceId, DesiredEnsure):
LogStatus("Test_Start", "Start", False)
if not IsValidWorkspaceId(WorkspaceId):
LogStatus("Test_End", "Invalid workspace id", True)
# Failed to determine state, return fake success
return [0]
if not os.path.isfile(AUOMS_BIN):
if DesiredEnsure == "Present":
LogStatus("Test_End", "OMS Auditd Plugin needs to be installed", True)
return [0]
# Only auoms 2.0 has auomsctl. Only check for auditd if auoms version < 2.0.
if not os.path.isfile(AUOMSCTL_BIN):
if not os.path.isfile(AUDITD_BIN):
if DesiredEnsure == "Present":
LogStatus("Test_End", "Auditd needs to be installed", True)
return [0]
if IsSudoScriptOutOfDate():
LogStatus("Test_End", "sudo script needs to be updated", False)
return [-1]
if OmsAgentNeedsRestart(WorkspaceId):
LogStatus("Test_End", "omsagent needs restart", False)
return [-1]
auoms_version = GetPackageVersion("auoms")
if auoms_version is None:
LogStatus("Test_End", "Failed to determine auoms version", True)
# Failed to get auoms version, return fake success
return [0]
(error_msg, audit_version, auoms_state, actual_audit_rules, actual_conf, actual_collect_conf,
actual_outconf, actual_plugin_conf, loaded_audit_rules, audit_state) = GetState(WorkspaceId)
if error_msg is not None:
LogStatus("Set_End", error_msg, True)
return [0]
(error_msg, desired_auoms_state, desired_rules, desired_conf, desired_collect_conf, desired_outconf,
desired_plugin_conf) = GetDesiredState(WorkspaceId, DesiredEnsure, audit_version, auoms_state, auoms_version)
if error_msg is not None:
LogStatus("Set_End", error_msg, True)
return [0]
if desired_auoms_state != auoms_state:
LogStatus("Test_End", "Auoms State does not match desired state", False)
LG().Log(LOG_INFO, "Auoms State does not match desired state")
return [-1]
if IsTextDifferent(desired_rules, actual_audit_rules):
LogStatus("Test_End", "Audit Rules do not match desired rules", False)
return [-1]
if desired_conf is not None and IsTextDifferent(desired_conf, actual_conf):
LogStatus("Test_End", "auoms conf does not match desired conf", False)
return [-1]
if desired_collect_conf is not None and IsTextDifferent(desired_collect_conf, actual_collect_conf):
LogStatus("Test_End", "auomscollect conf does not match desired conf", False)
return [-1]
if desired_outconf is not None and IsTextDifferent(desired_outconf, actual_outconf):
LogStatus("Test_End", "auoms outconf does not match desired conf", False)
return [-1]
if IsTextDifferent(desired_plugin_conf, actual_plugin_conf):
LogStatus("Test_End", "Plugin Conf does not match desired conf", False)
return [-1]
if AreFilesDifferent(PLUGIN_LIB_RB, RESOURCE_PLUGIN_LIB_RB) or AreFilesDifferent(PLUGIN_FILTER_RB, RESOURCE_PLUGIN_FILTER_RB):
LogStatus("Test_End", "Plugin RB files do not match desired RB files", False)
return [-1]
rules_diff = DiffAuditRules(desired_rules, loaded_audit_rules)
if rules_diff is not None:
LogStatus("Test_End", "One or more desired audit rules are not loaded", False)
return [-1]
# If something isn't running that should be running, trigger a set so that it can report the actual issue
if DesiredEnsure == "Present":
if os.path.isfile(AUOMSCTL_BIN):
if os.path.isfile(AUDITD_BIN):
if GetAuditdPid() <= 0:
LogStatus("Test_End", "Auditd not running", False)
return [-1]
if GetAuomsPid() <= 0 or GetAuomsCollectPid() <= 0:
LogStatus("Test_End", "Auoms (or auomscollect) not running", False)
return [-1]
else:
if GetAuditdPid() <= 0 or GetAuomsPid() <= 0:
LogStatus("Test_End", "Auditd or auoms not running", False)
return [-1]
if GetEnabledFromAuditState(audit_state) == "2":
LogStatus("Test_End", "Audit rules immutable (-e 2): reboot required so that desired rules can be loaded", True)
return [0]
LogStatus("Test_End", "Set Operation Not Needed", False)
return [0]