[Apparmor-dev] Non-Yast AppArmor GUI
Matt Barringer
mbarringer at suse.de
Wed May 30 17:50:35 MDT 2007
On Wed, 30 May 2007, Mathias Gug wrote:
> On Tue, May 29, 2007 at 02:50:21PM -0700, Matt Barringer wrote:
> > Additionally, I've been working on a few related projects, but nothing as
> > comprehensive as a replacement for the YAST tools:2
> >
> > * I'm also working on a library to parse the log messages
> > * There are two libraries that could be easily ported to other
> > distributions that work with the notification & security report
> > configurations, but those aren't in Forge and while they're in SuSE
> > build service (and part of SLES), I'm not sure there's a public SVN
> > repository for them. I can send you the source if you'd like.
> >
>
> I'm interested in these two projects. Do you have some links where I
> could have a look at it ?
The log parsing library is in the beginning stages, and hasn't progressed
much further than a design document, but I'm hoping to have a good portion
of the library written next week.
The notification & reporting config libraries are either locked away
behind a firewall or in a source RPM (and forge doesn't seem to be working
at the moment), so I've just attached the source files. They both use
blocxx (http://forge.novell.com/modules/xfmod/project/?blocxx) and limal
(http://forge.novell.com/modules/xfmod/project/?limal), but the libraries
are very simple and could easily be rewritten to not use them.
Matt
-------------- next part --------------
/*---------------------------------------------------------------------\
| |
| _ _ _ _ __ _ |
| | | | | | \_/ | / \ | | |
| | | | | | |_| | / /\ \ | | |
| | |__ | | | | | | / ____ \ | |__ |
| |____||_| |_| |_|/ / \ \|____| |
| |
| apparmor-reporting library |
| |
| (C) SUSE Linux Products GmbH |
\----------------------------------------------------------------------/
File: ApparmorReporting.hpp
Author: Matt Barringer <mbarringer at suse.de>
Maintainer: Matt Barringer <mbarringer at suse.de>
Purpose: To provide an API to work with AppArmor's reporting configuration files,
which consists of an XML file, /etc/apparmor/reports.conf and a crontab,
/etc/apparmor/reports.crontab
/-*/
/**
* @file ApparmorReporting.hpp
* @brief A limal library to control AppArmor's reporting configuration files.
*/
#ifndef LIMAL_APPARMOR_REPORTING_HPP
#define LIMAL_APPARMOR_REPORTING_HPP
#include <limal/apparmor-reporting/config.h>
#include <blocxx/String.hpp>
#include <blocxx/COWIntrusiveReference.hpp>
#include <blocxx/Map.hpp>
#include <libxml/tree.h>
namespace LIMAL_NAMESPACE
{
namespace APPARMOR_REPORTING_NAMESPACE
{
class ReportData
{
public:
ReportData()
{
mExportCSV = false;
mExportHTML = false;
mRunDay = -1;
mRunHour = 0;
mRunMinute = 59;
}
ReportData(const ReportData& data)
: mReportName(data.mReportName),
mReportProgram(data.mReportProgram),
mProfileName(data.mProfileName),
mResource(data.mResource),
mAccessMode(data.mAccessMode),
mApparmorEvent(data.mApparmorEvent),
mExportPath(data.mExportPath),
mEmailOne(data.mEmailOne),
mEmailTwo(data.mEmailTwo),
mEmailThree(data.mEmailThree),
mPid(data.mPid),
mSeverity(data.mSeverity),
mExportCSV(data.mExportCSV),
mExportHTML(data.mExportHTML),
mTimestamp(data.mTimestamp),
mRunDay(data.mRunDay),
mRunDayOfWeek(data.mRunDayOfWeek),
mRunHour(data.mRunHour),
mRunMinute(data.mRunMinute)
{}
ReportData* clone() const
{
return new ReportData(*this);
}
ReportData& operator=(const ReportData &data)
{
if (this != &data)
{
mReportName = data.mReportName;
mReportProgram = data.mReportProgram;
mProfileName = data.mProfileName;
mResource = data.mResource;
mAccessMode = data.mAccessMode;
mApparmorEvent = data.mApparmorEvent;
mExportPath = data.mExportPath;
mEmailOne = data.mEmailOne;
mEmailTwo = data.mEmailTwo;
mEmailThree = data.mEmailThree;
mPid = data.mPid;
mSeverity = data.mSeverity;
mExportCSV = data.mExportCSV;
mExportHTML = data.mExportHTML;
mTimestamp = data.mTimestamp;
mRunDay = data.mRunDay;
mRunDayOfWeek = data.mRunDayOfWeek;
mRunHour = data.mRunHour;
mRunMinute = data.mRunMinute;
}
return *this;
}
blocxx::String getReportName() { return mReportName; }
void setReportName(const blocxx::String& reportName) { mReportName = reportName; }
blocxx::String getReportProgram() { return mReportProgram; }
void setReportProgram(const blocxx::String& reportProgram) { mReportProgram = reportProgram; }
blocxx::String getProfileName() { return mProfileName; }
void setProfileName(const blocxx::String& profileName) { mProfileName = profileName; }
blocxx::String getResource() { return mResource; }
void setResource(const blocxx::String& resource) { mResource = resource; }
blocxx::String getAccessMode() { return mAccessMode; }
void setAccessMode(const blocxx::String& accessMode) { mAccessMode = accessMode; }
blocxx::String getApparmorEvent() { return mApparmorEvent; }
void setApparmorEvent(const blocxx::String& apparmorEvent) { mApparmorEvent = apparmorEvent; }
blocxx::String getExportPath() { return mExportPath; }
void setExportPath(const blocxx::String& exportPath) { mExportPath = exportPath; }
blocxx::String getEmailOne() { return mEmailOne; }
void setEmailOne(const blocxx::String& emailOne) { mEmailOne = emailOne; }
blocxx::String getEmailTwo() { return mEmailTwo; }
void setEmailTwo(const blocxx::String& emailTwo) { mEmailTwo = emailTwo; }
blocxx::String getEmailThree() { return mEmailThree; }
void setEmailThree(const blocxx::String& emailThree) { mEmailThree = emailThree; }
blocxx::String getPid() { return mPid; }
void setPid(const blocxx::String& pid) { mPid = pid; }
blocxx::String getSeverity() { return mSeverity; }
void setSeverity(const blocxx::String& severity) { mSeverity = severity; }
blocxx::String getTimestamp() { return mTimestamp; }
void setTimestamp(const blocxx::String& timestamp) { mTimestamp = timestamp; }
bool getExportCSV() { return mExportCSV; }
void setExportCSV(bool exportCSV) { mExportCSV = exportCSV; }
bool getExportHTML() { return mExportHTML; }
void setExportHTML(bool exportHTML) { mExportHTML = exportHTML; }
int getRunDay() { return mRunDay; }
void setRunDay(int runDay) { mRunDay = runDay; }
blocxx::String getRunDayOfWeek() { return mRunDayOfWeek; }
void setRunDayOfWeek(const blocxx::String& runDayOfWeek) { mRunDayOfWeek = runDayOfWeek; }
int getRunHour() { return mRunHour; }
void setRunHour(int runHour) { mRunHour = runHour; }
int getRunMinute() { return mRunMinute; }
void setRunMinute(int runMinute) { mRunMinute = runMinute; }
private:
blocxx::String mReportName;
blocxx::String mReportProgram;
blocxx::String mProfileName;
blocxx::String mResource;
blocxx::String mAccessMode; // The access mode that caused the event (r/w/l/m/x)
blocxx::String mApparmorEvent; // ([P]ermit/[R]eject/[A]udit
blocxx::String mExportPath;
blocxx::String mEmailOne;
blocxx::String mEmailTwo;
blocxx::String mEmailThree;
blocxx::String mPid;
blocxx::String mSeverity;
bool mExportCSV;
bool mExportHTML;
blocxx::String mTimestamp;
// Then, the data contained in the crontab
int mRunDay;
blocxx::String mRunDayOfWeek;
int mRunHour;
int mRunMinute;
};
typedef blocxx::Map<blocxx::String, ReportData> ReportConfig;
class ApparmorReportingConfig
{
public:
/**
* Construct a ApparmorReporting object.
*/
ApparmorReportingConfig(const blocxx::String& xmlPath = "/etc/apparmor/reports.conf",
const blocxx::String& crontabPath = "/etc/apparmor/reports.crontab");
/**
* Destructor of ApparmorReporting.
*/
~ApparmorReportingConfig();
/**
* Parses the XML and returns a map of structs containing
* the data.
* @return The map
*/
ReportConfig
readConfig();
/**
* Writes the config map to reports.conf and
* reports.crontab.
*
* @return True on success, false on failure.
*/
bool
writeConfig(ReportConfig& config);
/**
* Removes an entry from disk. Note that none of the three "special" reports
* are allowed to be removed from the configuration file.
* @param[in] The name of the report to remove.
*/
void
removeReport(const blocxx::String& name);
/**
* Modifies an existing report or inserts a new one.
* @param[in] The current name of the report.
* @param[in] The new name of the report.
* @param[in] The ReportData to write.
*/
void
writeReport(const blocxx::String& currentName,
const blocxx::String& newName,
const ReportData& reportData);
/**
* Returns true if there is a report by that name.
* @param[in] The name of the report.
* @return True/false.
*/
bool
reportExists(const blocxx::String& name);
/**
* Returns the data from an individual report.
* @param[in] The name of the report to look up.
* @return The report data.
*/
ReportData
findReport(const blocxx::String& name);
/**
* Returns the path to reports.conf.
*
* @return The path to reports.conf.
*/
blocxx::String
getXMLPath();
/**
* Sets the path to reports.conf.
*
* @param[in] The path to reports.conf.
*/
void
setXMLPath(const blocxx::String& xmlPath);
/**
* Returns the path to reports.crontab.
*
* @return The path to reports.crontab.
*/
blocxx::String
getCrontabPath();
/**
* Sets the path to reports.crontab.
*
* @param[in] The path to reports.crontab.
*/
void
setCrontabPath(const blocxx::String& crontabPath);
private:
class Data;
blocxx::COWIntrusiveReference<Data> m_data;
void loadXML();
blocxx::String find_text(xmlNodePtr currentElement, const char *tag);
blocxx::String find_attribute(xmlNodePtr currentElement, const char *tag, const char *attribute);
bool find_crontab_data(ReportData& data);
};
} // End of APPARMOR_REPORTING_NAMESPACE
namespace Apparmor
{
using limal::apparmor_reporting::ApparmorReportingConfig;
}
} // End of LIMAL_NAMESPACE
#endif // LIMAL_APPARMOR_REPORTING_HPP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ApparmorReporting.cpp
Type: text/x-c++src
Size: 13549 bytes
Desc:
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070530/8d066f27/ApparmorReporting.bin
-------------- next part --------------
/*---------------------------------------------------------------------\
| |
| _ _ _ _ __ _ |
| | | | | | \_/ | / \ | | |
| | | | | | |_| | / /\ \ | | |
| | |__ | | | | | | / ____ \ | |__ |
| |____||_| |_| |_|/ / \ \|____| |
| |
| apparmor-notifications library |
| |
| (C) SUSE Linux Products GmbH |
\----------------------------------------------------------------------/
File: ApparmorNotifications.hpp
Author: Matt Barringer <mbarringer at suse.de>
Maintainer: Matt Barringer <mbarringer at suse.de>
Purpose: Provides functions to work with AppArmor's internal notification
configuration system.
/-*/
/**
* @file ApparmorNotifications.hpp
* @brief Provides functions to work with AppArmor's notification configuration file.
*/
#ifndef LIMAL_APPARMOR_NOTIFICATIONS_HPP
#define LIMAL_APPARMOR_NOTIFICATIONS_HPP
#include <limal/apparmor-notifications/config.h>
#include <blocxx/Map.hpp>
#include <blocxx/String.hpp>
#include <blocxx/COWIntrusiveReference.hpp>
namespace LIMAL_NAMESPACE
{
namespace APPARMOR_NOTIFICATIONS_NAMESPACE
{
typedef blocxx::Map<blocxx::String, blocxx::String> NotificationsMap;
typedef NotificationsMap::value_type notification_value;
class ApparmorNotifications
{
public:
// I couldn't think of a classier way to put this
enum EConfigType
{
E_ENABLED,
E_DISABLED
};
/**
* Construct an ApparmorNotifications object
*/
ApparmorNotifications();
/**
* ApparmorNotifications destructor
*/
~ApparmorNotifications();
/**
* Gets the path to the config file
*
* @return The notify.cfg file path.
*/
blocxx::String
getNotificationsConfigFile();
/**
* Sets the path to the config file
*
* @param[in] value The path to notify.cfg.
*/
void
setNotificationsConfigFile(const blocxx::String & value);
/**
* Gets the path to the disabled notify.cfg file.
*
* @return The path to the disabled notify.cfg
*/
blocxx::String
getNotificationsDisabledConfigFile();
/**
* Sets the path to the disabled notify.cfg file.
*
* @param[in] value The path to the disabled notify.cfg file.
*/
void
setNotificationsDisabledConfigFile(const blocxx::String& value);
/**
* Checks whether it is possible to read notify.cfg
*
* @return True on success, false on failure.
**/
bool
canReadConfig();
/**
* Checks whether it is possible to write to notify.cfg
*
* @return True on success, false on failure.
*/
bool
canWriteConfig();
/**
* Checks whether it is possible to read notify.cfg.disabled
*
* @return True on success, false on failure.
**/
bool
canReadDisabledConfig();
/**
* Deletes notify.cfg
*
* @return 0 on success, 1 on failure.
**/
blocxx::Int32
deleteConfig();
/**
* Disables notifications by moving notify.cfg to notify.cfg.disabled
*
* @return 0 on success, 1 on failure.
**/
blocxx::Int32
disableConfig();
/**
* Places values from notify.cfg into retMap.
* If readConfigType is E_DISABLED, it reads from
* notify.cfg.disabled, instead.
*
* @param[out] The notificationValues map
* @param EConfigType
* @return 0 on success, 1 on failure.
**/
blocxx::Int32
readConfig(NotificationsMap &retMap,
EConfigType readConfigType);
/**
* Writes the values from notificationValues
* to notify.cfg.
*
* @param[in] The notificationValues map
* @return 0 on success, 1 on failure
**/
blocxx::Int32
writeConfig(NotificationsMap ¬ificationValues);
private:
class Data;
blocxx::COWIntrusiveReference<Data> m_data;
};
}
namespace Apparmor
{
using limal::apparmor_notifications::ApparmorNotifications;
}
}
#endif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ApparmorNotifications.cpp
Type: text/x-c++src
Size: 5823 bytes
Desc:
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070530/8d066f27/ApparmorNotifications.bin
More information about the Apparmor-dev
mailing list