Project

General

Profile

Actions

Bug #11265

closed

Should foreman_hooks be able to deal with Audits?

Added by Martin Jackson over 8 years ago. Updated over 8 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

We have a use case (for compliance, with PCI specifically) where we want to forward Audits from our foreman hosts to an external syslog receiver.

It occurred to us to use foreman_hooks for this, but it appears that foreman_hooks do not get executed on the Audit model (either for before_create or after_create Rails events).

To reproduce:
1) Install foreman and the foreman_hooks plugin (v0.3.7); we use RHEL 6 on our foreman hosts
2) Create /usr/local/bin/log.sh as a straightforward shell script (e.g. logger -t HOOK "$0 $@")
3) Create ~foreman/config/hooks/audit/before_create/01_log.sh -> /usr/local/bin/log.sh

Observe that hooks are registered but that the hooks never fire:
2015-07-30 20:15:40 [D] Found hook to Audit#before_create, filename 01_log.sh
2015-07-30 20:15:40 [I] Finished registering 1 hooks for Audit#before_create
..

There might be a more straightforward way to do this; I'm not sure what would be involved in allowing this in the plugin.

Actions #1

Updated by Dominic Cleal over 8 years ago

  • Status changed from New to Feedback

This path should work:

~foreman/config/hooks/audited/adapters/active_record/audit/after_create/01_syslog.sh

As the internal full name of the model is Audited::Adapters::ActiveRecord::Audit.

I needed to fix one thing to make it work, else I got an error due to some int/string conversion. That's done in https://github.com/theforeman/foreman_hooks/commit/4029787e727d37c7e873e0133dab3690364aeb52, will release it soon.

Actions #2

Updated by Martin Jackson over 8 years ago

It is finding the hook now, and running it. I see this in the logfile, however:

2015-08-03 15:14:27 [W] Unable to render #<Audited::Adapters::ActiveRecord::Audit:0x0000000b1d4308> (Audited::Adapters::ActiveRecord::Audit) using RABL: Cannot find rabl template 'api/v2/audited/adapters/activerecord/audits/show' within registered (["app/views", "/usr/share/foreman/app/views"]) view paths!
2015-08-03 15:14:27 [D] /opt/rh/ruby193/root/usr/share/gems/gems/rabl-0.11.4/lib/rabl/sources.rb:24:in `block in fetch_source'
/opt/rh/ruby193/root/usr/share/gems/gems/rabl-0.11.4/lib/rabl.rb:60:in `source_cache'

Actions #3

Updated by Dominic Cleal over 8 years ago

Yeah, it'd need some workaround to use the API RABL view to render the hook JSON, it's just using a sane fallback right now.

Actions

Also available in: Atom PDF