SysmonForLinux icon indicating copy to clipboard operation
SysmonForLinux copied to clipboard

Published 20 hours ago verified publisher icon Sysinternals

Add config validation option

Open juju4 opened this issue 4 years ago • 2 comments

as best practice, executable should have a test/dry-run option to test configuration (syntax and working execution)

Something that can be used for example in ansible template deployment to ensure not deploying broken config https://docs.ansible.com/ansible/latest/collections/ansible/builtin/template_module.html#parameter-validate

juju4 avatar Oct 17 '21 18:10 juju4

Okay, if you give us a concrete example of how that could work then I can add that to the list.

kesheldr avatar Nov 03 '21 17:11 kesheldr

My main usage is ansible (or any provisioners/CI/CD) but valid for manual admin work too unless blindly deploying.

- name: Copy a new sudoers file into place, after passing validation with visudo
  ansible.builtin.template:
    src: /mine/sudoers
    dest: /etc/sudoers
    validate: /usr/sbin/visudo -cf %s

In my current ansible role, I have

- name: Configure sysmon
  template:
    src: "{{ sysmon_template }}"
    dest: /opt/sysmon/config.xml
    mode: '600'
    backup: "{{ sysmon_backup | default('yes') }}"
  notify:
    - restart sysmon

no validate option native to sysmon. I could put a xmllint check to validate file is valid xml, eventually test against sysmon dtd (but not available in current package) this could include also self-check like permissions issue (ssh keys or log target not writable but here more read config, write log file, can load ebpf rules...), dry-run few seconds in foreground to validate can collect few events...

Another example for the systemd hardening, for most tools, I need to run over time to validate work without impact (and supposing relevant activities happen during this...). The more complete the validate/dry-run/self-test is, the easier it can be done.

juju4 avatar Nov 06 '21 13:11 juju4