Removed unrequired write and fixed auditctl rule removal

Achiefs · Feb 16, 2024 · 94b8d03 · 94b8d03
1 parent 92b90cd
commit 94b8d03
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 36 deletions.
diff --git a/src/auditevent.rs b/src/auditevent.rs
@@ -333,7 +333,6 @@ impl Event {
     pub fn log(&self, file: &str){
         let mut events_file = OpenOptions::new()
             .create(true)
-            .write(true)
             .append(true)
             .open(file)
             .expect("(auditevent::log) Unable to open events log file.");

diff --git a/src/config.rs b/src/config.rs
@@ -300,7 +300,6 @@ impl Config {
     pub fn get_level_filter(&self) -> LevelFilter {
         let mut log = OpenOptions::new()
             .create(true)
-            .write(true)
             .append(true)
             .open(self.log_file.clone())
             .expect("(get_level_filter) Unable to open events log file.");

diff --git a/src/event.rs b/src/event.rs
@@ -77,7 +77,6 @@ impl Event {
     pub fn log(&self, file: String){
         let mut events_file = OpenOptions::new()
             .create(true)
-            .write(true)
             .append(true)
             .open(file)
             .expect("(log) Unable to open events log file.");

diff --git a/src/main.rs b/src/main.rs
@@ -58,7 +58,6 @@ fn init(){
             GCONFIG.clone().unwrap().get_level_filter(),
             Config::default(),
             fs::OpenOptions::new()
-                .write(true)
                 .create(true)
                 .append(true)
                 .open(GCONFIG.clone().unwrap().log_file)

diff --git a/src/monitor.rs b/src/monitor.rs
@@ -14,8 +14,6 @@ use std::time::{SystemTime, UNIX_EPOCH};
 use time::OffsetDateTime;
 // To use intersperse()
 use itertools::Itertools;
-// To run commands
-use std::process::Command;
 // Event handling
 use notify::event::{EventKind, AccessKind};
 
@@ -115,29 +113,10 @@ pub async fn monitor(tx: mpsc::Sender<Result<notify::Event, notify::Error>>,
     let mut last_position = 0;
     if ! config.audit.is_empty() && utils::get_os() == "linux" && utils::check_auditd() {
         for element in config.audit.clone() {
-            let mut rule: String = String::new();
+            //let mut rule: String = String::new();
             let path = element["path"].as_str().unwrap();
-            match element["rule"].as_str(){
-                Some(value) => {
-                    for c in value.chars(){
-                        match c {
-                            'r'|'R' => rule.push('r'),
-                            'w'|'W' => rule.push('w'),
-                            'a'|'A' => rule.push('a'),
-                            'x'|'X' => rule.push('x'),
-                            _ => rule = String::from("wax")
-                        }
-                    }
-                    rule.clone()
-                },
-                None => String::from("wax")
-            };
-            match Command::new("/usr/sbin/auditctl")
-                .args(["-w", path, "-k", "fim", "-p", &rule])
-                .output() {
-                Ok(d) => debug!("Auditctl command info: {:?}", d),
-                Err(e) => error!("Auditctl command error: {}", e)
-            };
+            let rule = utils::get_audit_rule_permissions(element["rule"].as_str());
+            utils::run_auditctl(&["-w", path, "-k", "fim", "-p", &rule]);
             info!("Checking audit path: {}", path);
 
             match element["allowed"].as_vec() {
@@ -168,13 +147,8 @@ pub async fn monitor(tx: mpsc::Sender<Result<notify::Event, notify::Error>>,
         match ctrlc::set_handler(move || {
             for element in &copied_config.audit {
                 let path = element["path"].as_str().unwrap();
-                match Command::new("/usr/sbin/auditctl")
-                    .args(["-W", path, "-k", "fim", "-p", "wax"])
-                    .output()
-                    {
-                        Ok(d) => debug!("Auditctl command info: {:?}", d),
-                        Err(e) => error!("Auditctl command error: {}", e)
-                    };
+                let rule = utils::get_audit_rule_permissions(element["rule"].as_str());
+                utils::run_auditctl(&["-W", path, "-k", "fim", "-p", &rule]);
             }
             std::process::exit(0);
         }) {

diff --git a/src/utils.rs b/src/utils.rs
@@ -17,7 +17,7 @@ use std::path::{Path, PathBuf};
 // To run commands
 use std::process::Command;
 // To log the program process
-use log::{warn, debug};
+use log::{warn, debug, error};
 // To manage maps
 use std::collections::HashMap;
 
@@ -238,6 +238,39 @@ pub fn get_file_size(filename: &str) -> u64 {
 
 // ----------------------------------------------------------------------------
 
+pub fn get_audit_rule_permissions(value: Option<&str>) -> String {
+    let mut rule: String = String::new();
+    match value {
+        Some(value) => {
+            for c in value.chars(){
+                match c {
+                    'r'|'R' => rule.push('r'),
+                    'w'|'W' => rule.push('w'),
+                    'a'|'A' => rule.push('a'),
+                    'x'|'X' => rule.push('x'),
+                    _ => rule = String::from("wax")
+                }
+            }
+            rule.clone()
+        },
+        None => String::from("wax")
+    }
+}
+
+// ----------------------------------------------------------------------------
+
+pub fn run_auditctl(args: &[&str]) {
+    match Command::new("/usr/sbin/auditctl")
+    .args(args)
+    .output()
+    {
+        Ok(d) => debug!("Auditctl command info: {:?}", d),
+        Err(e) => error!("Auditctl command error: {}", e)
+    };
+}
+
+// ----------------------------------------------------------------------------
+
 #[cfg(test)]
 mod tests {
     use super::*;