public void OSBaseline()
{
var payload = new BaselinePayload
{
CceId = "1123",
Description = "my description",
Error = "error",
Result = "Err",
Severity = "Informational"
};
var obj = new OSBaseline(EventPriority.High, payload);
obj.ValidateSchema();
payload.Result = "Pass";
obj = new OSBaseline(EventPriority.High, payload);
obj.ValidateSchema();
payload.Result = "Fail";
obj = new OSBaseline(EventPriority.High, payload);
obj.ValidateSchema();
payload.Severity = "Critical";
obj = new OSBaseline(EventPriority.High, payload);
obj.ValidateSchema();
payload.Severity = "Important";
obj = new OSBaseline(EventPriority.High, payload);
obj.ValidateSchema();
payload.Severity = "Warning";
obj = new OSBaseline(EventPriority.High, payload);
obj.ValidateSchema();
}
/// <summary>
/// Run the baseline scan and get the results as a baseline event
/// </summary>
/// <returns>Baseline event</returns>
protected override List <IEvent> GetEventsImpl()
{
string agentDirectory = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
string bitnessSuffix = RuntimeInformation.OSArchitecture == Architecture.Arm64 || RuntimeInformation.OSArchitecture == Architecture.X64 ? "x64" : "x86";
string output = _processUtil.ExecuteBashShellCommand(string.Format(BaselineExecCommandTemplate, agentDirectory, bitnessSuffix));
if (string.IsNullOrWhiteSpace(output))
{
throw new ApplicationException("attempt to run baseline scan failed");
}
BaselineScanOutput deserializedOutput = JsonConvert.DeserializeObject <BaselineScanOutput>(output);
if (!string.IsNullOrWhiteSpace(deserializedOutput.Error))
{
throw new ApplicationException($"baseline scan failed with error: {deserializedOutput.Error}");
}
else if (deserializedOutput.Results == null)
{
throw new ApplicationException($"baseline results are null");
}
deserializedOutput.Results.RemoveAll(result => result.Result == BaselineResult.ResultType.Pass || result.Result == BaselineResult.ResultType.Skip);
var payloads = deserializedOutput.Results.Select(GetPayloadFromResult);
SimpleLogger.Debug($"BaselineEventGenerator returns {payloads.Count()} payloads");
var ev = new OSBaseline(Priority, payloads.ToArray());
return(new List <IEvent> {
ev
});
}
/// <summary>
/// Run the baseline scan and get the results as a baseline event
/// </summary>
/// <returns>Baseline event</returns>
protected override List <IEvent> GetEventsImpl()
{
// resolve agent directory
string agentDirectory = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
// default baseline compliance checks payload
List <BaselinePayload> defaultBaselinePayload = ExecuteBaseline(string.Format(BaselineExecCommandTemplate, agentDirectory)).ToList();
if (BaselineEventGenerator.IsCustomChecksEnabled())
{
try
{
RemoteSecurityModuleConfiguration agentConfiguration = ((RemoteSecurityModuleConfiguration)AgentConfiguration.RemoteConfiguration);
IEnumerable <BaselinePayload> customBaselinePayload = ExecuteBaseline(string.Format(
BaselineCustomCheckExecCommandTemplate,
agentDirectory,
agentConfiguration.BaselineCustomChecksFilePath,
agentConfiguration.BaselineCustomChecksFileHash
)
);
defaultBaselinePayload.AddRange(customBaselinePayload);
}
catch (CommandExecutionFailedException ex)
{
SimpleLogger.Error($"BaselineEventGenerator failed to execute custom checks, {ex.Message}");
}
}
OSBaseline osbaselineEvent = new OSBaseline(
Priority,
defaultBaselinePayload.ToArray()
);
return(new List <IEvent>()
{
osbaselineEvent
});
}
