Skip to content

Add support for secure commands audit #80

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Merged
merged 1 commit into from
Feb 21, 2019
Merged

Add support for secure commands audit #80

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions sdcclient/_secure.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -895,3 +895,42 @@ def get_compliance_results_csv(self, id):
return False, self.lasterr

return True, res.text

def list_commands_audit(self, from_sec=None, to_sec=None, scope_filter=None, command_filter=None, limit=100, offset=0):
'''**Description**
List the commands audit.

**Arguments**
- from_sec: the start of the timerange for which to get commands audit.
- end_sec: the end of the timerange for which to get commands audit.
- scope_filter: this is a SysdigMonitor-like filter (e.g 'container.image=ubuntu'). When provided, commands are filtered by their scope, so only a subset will be returned (e.g. 'container.image=ubuntu' will provide only commands that have happened on an ubuntu container).
- command_filter: this is a SysdigMonitor-like filter (e.g. command.comm="touch"). When provided, commands are filtered by some of their properties. Currently the supported set of filters is command.comm, command.cwd, command.pid, command.ppid, command.uid, command.loginshell.id, command.loginshell.distance
- limit: Maximum number of commands in the response.

**Success Return Value**
A JSON representation of the commands audit.
'''
url = "{url}/api/commands?offset={offset}&limit={limit}{from_ts}{to_ts}{scope}{commandFilter}".format(
url=self.url,
offset=offset,
limit=limit,
from_ts="&from_ts=%d" % (from_sec * 10**6) if from_sec else "",
to_ts="&to_ts=%d" % (to_sec * 10**6) if to_sec else "",
scope="&scopeFilter=" + scope_filter if scope_filter else "",
commandFilter="&commandFilter=" + command_filter if command_filter else "")
res = requests.get(url, headers=self.hdrs, verify=self.ssl_verify)
return self._request_result(res)

def get_command_audit(self, id):
'''**Description**
Get a command audit.

**Arguments**
- id: the id of the command audit to get.

**Success Return Value**
A JSON representation of the command audit.
'''
url = "{url}/api/commands/{id}".format(url=self.url, id=id)
res = requests.get(url, headers=self.hdrs, verify=self.ssl_verify)
return self._request_result(res)