mirror of
https://github.com/empayre/fleet.git
synced 2024-11-07 01:15:22 +00:00
d5f9fcaeb2
This PR adds support for file integrity monitoring. This is done by providing a simplified API that can be used to PATCH/GET FIM configurations. There is also code to build the FIM configuration to send back to osquery. Each PATCH request, if successful, replaces Fleet's existing FIM configuration. For example: curl -X "PATCH" "https://localhost:8080/api/v1/kolide/fim" \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IkVhaFhvZWswMGtWSEdaTTNCWndIMnhpYWxkNWZpcVFDR2hEcW1HK2UySmRNOGVFVE1DeTNTaUlFWmhZNUxhdW1ueFZDV2JiR1Bwdm5TKzdyK3NJUzNnPT0ifQ.SDCHAUA1vTuWGjXtcQds2GZLM27HAAiOUhR4WvgvTNY" \ -H "Content-Type: application/json; charset=utf-8" \ -d $'{ "interval": 500, "file_paths": { "etc": [ "/etc/%%" ], "users": [ "/Users/%/Library/%%", "/Users/%/Documents/%%" ], "usr": [ "/usr/bin/%%" ] } }'
46 lines
847 B
Go
46 lines
847 B
Go
package datastore
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/kolide/fleet/server/kolide"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func testFileIntegrityMonitoring(t *testing.T, ds kolide.Datastore) {
|
|
fp := &kolide.FIMSection{
|
|
SectionName: "fp1",
|
|
Paths: []string{
|
|
"path1",
|
|
"path2",
|
|
"path3",
|
|
},
|
|
}
|
|
fp, err := ds.NewFIMSection(fp)
|
|
require.Nil(t, err)
|
|
assert.True(t, fp.ID > 0)
|
|
fp = &kolide.FIMSection{
|
|
SectionName: "fp2",
|
|
Paths: []string{
|
|
"path4",
|
|
"path5",
|
|
},
|
|
}
|
|
_, err = ds.NewFIMSection(fp)
|
|
require.Nil(t, err)
|
|
|
|
actual, err := ds.FIMSections()
|
|
require.Nil(t, err)
|
|
assert.Len(t, actual, 2)
|
|
assert.Len(t, actual["fp1"], 3)
|
|
assert.Len(t, actual["fp2"], 2)
|
|
|
|
err = ds.ClearFIMSections()
|
|
require.Nil(t, err)
|
|
fs, err := ds.FIMSections()
|
|
assert.Nil(t, err)
|
|
assert.Len(t, fs, 0)
|
|
|
|
}
|