Thanks for your help ( in advance ). we are using osquery ... and it supports the augeas table ... select * from augeas where path = '/etc/motd' .. This returns nothing .. since /etc/motd is not in any lens .. including simplelines.aug ... is there a way to give osquery the "hint" to use simplelines.aug as the parser ? I noticed that on the command line of osqueryi one can override the default location of the lenses ... oqueryi --augeas_lenses=/some/path
.. but that opens another can of worms ... is it possible in osquery a syntax like select * from augeas ( using simplelines ) where path = '/etc/motd' ? On Mon, Jun 25, 2018 at 2:23 PM, Michael Boldi <[email protected]> wrote: > Thanks that is helpful ... works like I would hope .. > Next step is to get /etc/motd ( and others) into this lens for the > general public ... yes ? > When we bundle osquery for installation, we simply pull from the augeas > repo .. Then there would be no need to customize anything. > Let me know if this is possible / simple / useful !! Thanks. > > > I am using this to automate the CIS Distribution Independent Linux > requirements ... they want to look into these files for various legal / > illegal strings. > > The full list of files I would like to add for public consumption is > > . incl "/etc/motd" > . incl "/etc/issue" > . incl "/etc/issue.net" > . incl "/etc/audit/audit.rules" > . incl "/etc/dconf/profile/gdm" > . incl "/etc/dconf/db/gdm.d/01-banner-message" > > > > > On Mon, Jun 25, 2018 at 1:29 PM, Raphaël Pinson < > [email protected]> wrote: > >> Hi Michael, >> >> >> You can use Simplelines.lns for that. >> >> >> Regards, >> >> Raphaël >> >> On Mon, Jun 25, 2018 at 7:15 PM, Michael Boldi <[email protected]> wrote: >> >>> Hi, >>> I was hoping to find a lens for a generic file like /etc/motd .. >>> I need to look for certain illegal strings as well as verify some >>> strings exist. >>> >>> I would imagine the key is line# and value would be the entire line .. >>> I guess the lack of keys in the motd may prohibit this ? >>> >>> I wrote a simple ( lens creator newbie ) lens to do this .. >>> Is this 2request worth submitting ? Or can we introduce my simple lens >>> into the library ? >>> >>> Here .. >>> >>> module Motd = >>> autoload xfm >>> >>> let word = /[^# \n\t\/]+/ >>> >>> let sto_line = store /[^# \t\n].*$/ >>> >>> let record = [ key word . (Util.del_ws_tab . sto_line)? . Util.eol ] >>> >>> let lns = ( Util.empty | Util.comment | record ) * >>> let filter = ( >>> incl "/etc/motd" . >>> incl "/etc/issue" . >>> incl "/etc/issue.net" ) >>> let xfm = transform lns filter >>> >>> >>> >>> _______________________________________________ >>> augeas-devel mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/augeas-devel >>> >> >> >> >> -- >> Raphaël Pinson >> Infrastructure Developer & Training Leader >> +33 458 482 013 >> >> Camptocamp France SAS >> Bâtiment le Dauphin - 1er étage >> 18 rue du Lac Saint André >> <https://maps.google.com/?q=18+rue+du+Lac+Saint+Andr%C3%A9+Savoie&entry=gmail&source=g> >> Savoie >> <https://maps.google.com/?q=18+rue+du+Lac+Saint+Andr%C3%A9+Savoie&entry=gmail&source=g> >> Technolac >> F-73370 Le Bourget du Lac >> >> www.camptocamp.com >> > >
_______________________________________________ augeas-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/augeas-devel
