Merge pull request #139 from Achiefs/134-read-audit-option

Add rule parameter to control Audit rule
Achiefs · Jan 25, 2024 · 92b90cd · 92b90cd
2 parents cf47e4d + 6a14f18
commit 92b90cd
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/src/monitor.rs b/src/monitor.rs
@@ -115,9 +115,25 @@ pub async fn monitor(tx: mpsc::Sender<Result<notify::Event, notify::Error>>,
     let mut last_position = 0;
     if ! config.audit.is_empty() && utils::get_os() == "linux" && utils::check_auditd() {
         for element in config.audit.clone() {
+            let mut rule: String = String::new();
             let path = element["path"].as_str().unwrap();
+            match element["rule"].as_str(){
+                Some(value) => {
+                    for c in value.chars(){
+                        match c {
+                            'r'|'R' => rule.push('r'),
+                            'w'|'W' => rule.push('w'),
+                            'a'|'A' => rule.push('a'),
+                            'x'|'X' => rule.push('x'),
+                            _ => rule = String::from("wax")
+                        }
+                    }
+                    rule.clone()
+                },
+                None => String::from("wax")
+            };
             match Command::new("/usr/sbin/auditctl")
-                .args(["-w", path, "-k", "fim", "-p", "wax"])
+                .args(["-w", path, "-k", "fim", "-p", &rule])
                 .output() {
                 Ok(d) => debug!("Auditctl command info: {:?}", d),
                 Err(e) => error!("Auditctl command error: {}", e)