public void OSBaseline() { var payload = new BaselinePayload { CceId = "1123", Description = "my description", Error = "error", Result = "Err", Severity = "Informational" }; var obj = new OSBaseline(EventPriority.High, payload); obj.ValidateSchema(); payload.Result = "Pass"; obj = new OSBaseline(EventPriority.High, payload); obj.ValidateSchema(); payload.Result = "Fail"; obj = new OSBaseline(EventPriority.High, payload); obj.ValidateSchema(); payload.Severity = "Critical"; obj = new OSBaseline(EventPriority.High, payload); obj.ValidateSchema(); payload.Severity = "Important"; obj = new OSBaseline(EventPriority.High, payload); obj.ValidateSchema(); payload.Severity = "Warning"; obj = new OSBaseline(EventPriority.High, payload); obj.ValidateSchema(); }
/// <summary> /// Run the baseline scan and get the results as a baseline event /// </summary> /// <returns>Baseline event</returns> protected override List <IEvent> GetEventsImpl() { string agentDirectory = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location); string bitnessSuffix = RuntimeInformation.OSArchitecture == Architecture.Arm64 || RuntimeInformation.OSArchitecture == Architecture.X64 ? "x64" : "x86"; string output = _processUtil.ExecuteBashShellCommand(string.Format(BaselineExecCommandTemplate, agentDirectory, bitnessSuffix)); if (string.IsNullOrWhiteSpace(output)) { throw new ApplicationException("attempt to run baseline scan failed"); } BaselineScanOutput deserializedOutput = JsonConvert.DeserializeObject <BaselineScanOutput>(output); if (!string.IsNullOrWhiteSpace(deserializedOutput.Error)) { throw new ApplicationException($"baseline scan failed with error: {deserializedOutput.Error}"); } else if (deserializedOutput.Results == null) { throw new ApplicationException($"baseline results are null"); } deserializedOutput.Results.RemoveAll(result => result.Result == BaselineResult.ResultType.Pass || result.Result == BaselineResult.ResultType.Skip); var payloads = deserializedOutput.Results.Select(GetPayloadFromResult); SimpleLogger.Debug($"BaselineEventGenerator returns {payloads.Count()} payloads"); var ev = new OSBaseline(Priority, payloads.ToArray()); return(new List <IEvent> { ev }); }
/// <summary> /// Run the baseline scan and get the results as a baseline event /// </summary> /// <returns>Baseline event</returns> protected override List <IEvent> GetEventsImpl() { // resolve agent directory string agentDirectory = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location); // default baseline compliance checks payload List <BaselinePayload> defaultBaselinePayload = ExecuteBaseline(string.Format(BaselineExecCommandTemplate, agentDirectory)).ToList(); if (BaselineEventGenerator.IsCustomChecksEnabled()) { try { RemoteSecurityModuleConfiguration agentConfiguration = ((RemoteSecurityModuleConfiguration)AgentConfiguration.RemoteConfiguration); IEnumerable <BaselinePayload> customBaselinePayload = ExecuteBaseline(string.Format( BaselineCustomCheckExecCommandTemplate, agentDirectory, agentConfiguration.BaselineCustomChecksFilePath, agentConfiguration.BaselineCustomChecksFileHash ) ); defaultBaselinePayload.AddRange(customBaselinePayload); } catch (CommandExecutionFailedException ex) { SimpleLogger.Error($"BaselineEventGenerator failed to execute custom checks, {ex.Message}"); } } OSBaseline osbaselineEvent = new OSBaseline( Priority, defaultBaselinePayload.ToArray() ); return(new List <IEvent>() { osbaselineEvent }); }