felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(aa-log): add -a option to anonymize the logs.

Browse source
This commit is contained in:
Alexandre Pujol 2023-05-06 12:18:20 +01:00
parent 26bd9350f2
commit 538da05696
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
4 changed files with 117 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

27
pkg/logs/logs.go
View file

@ -8,6 +8,7 @@ import (
"bufio"
"fmt"
"io"
"os/user"
"regexp"
"strings"
@ -28,6 +29,9 @@ const (
boldYellow = "\033[1;33m"
)
// Anonymized username
const Username = "AAD"
var (
quoted bool
isAppArmorLogTemplate = regexp.MustCompile(`apparmor=("DENIED"|"ALLOWED"|"AUDIT")`)
@ -116,6 +120,29 @@ func NewApparmorLogs(file io.Reader, profile string) AppArmorLogs {
return aaLogs
}
// Anonymize the logs before reporting
func (aaLogs AppArmorLogs) Anonymize() {
user, _ := user.Current()
keys := []string{"name", "comm"}
regAnonymizeLogs := []struct {
regex *regexp.Regexp
repl string
}{
{regexp.MustCompile(user.Username), Username},
{regexp.MustCompile(`/home/[^/]+`), `/home/` + Username},
{regexp.MustCompile(`[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*`), `b08dfa60-83e7-567a-1921-a715000001fb`},
}
for _, log := range aaLogs {
for _, key := range keys {
if _, ok := log[key]; ok {
for _, aa := range regAnonymizeLogs {
log[key] = aa.regex.ReplaceAllLiteralString(log[key], aa.repl)
}
}
}
}
}
// String returns a formatted AppArmor logs string
func (aaLogs AppArmorLogs) String() string {
// Apparmor log states