class Pipeline::FIM
Public Class Methods
new(trigger, tracker)
click to toggle source
Calls superclass method
Pipeline::BaseTask::new
# File lib/pipeline/tasks/fim.rb, line 10 def initialize(trigger, tracker) super(trigger,tracker) @name = "FIM" @description = "File integrity monitor" @stage = :file @result = '' @labels << "filesystem" end
Public Instance Methods
analyze()
click to toggle source
# File lib/pipeline/tasks/fim.rb, line 46 def analyze list = @result.split(/\n/) list.each do |v| # v.slice! installdir Pipeline.notify v report "File changed.", v, @name, :low end end
run()
click to toggle source
# File lib/pipeline/tasks/fim.rb, line 19 def run rootpath = @trigger.path if File.exists?("/area81/tmp/#{rootpath}/filehash") Pipeline.notify "File Hashes found, comparing to file system" cmd="hashdeep -j99 -r -a -vv -k /area81/tmp/#{rootpath}/filehash #{rootpath}" # Ugly stdout parsing r=/(.*): No match/ Open3.popen3(cmd) do |stdin, stdout, stderr, wait_thr| while line = stdout.gets if line.match r @result << line end end end else Pipeline.notify "No existing baseline - generating initial hashes" cmd="mkdir -p /area81/tmp/#{rootpath}; hashdeep -j99 -r #{rootpath} > /area81/tmp/#{rootpath}/filehash" Open3.popen3(cmd) do |stdin, stdout, stderr, wait_thr| while line = stdout.gets puts "." end end @result = '' end end
supported?()
click to toggle source
# File lib/pipeline/tasks/fim.rb, line 55 def supported? # In future, verify tool is available. return true end