OpenStack Syntax

The syntax for this plugin and an audit are as follows:

<custom_item>

description: "Arbitrary text"

info: "Arbitrary text"

solution: "Arbitrary text"

reference: "REF|ID1,REF|ID2"

service: 'service to audit' # compute,network or identity

request: 'rest query'

json_transform: '' (optional) # json transform to perform on the query output

expect: "" # expected value

severity: LOW MEDIUM OR HIGH

</custom_item>

Example Queries

<custom_item>

description: "OpenStack Servers and their details"

info: "The Servers and their current state will determine what services are available."

solution: "Review the list of Servers. If any are unknown or not in the expected state they should be investigated."

reference: "CCM-3|IVS-07,HIPAA|164.308(a)(2)(D),800-53|CM-2,800-53|CM-6,800-53|CM-8,800-53|PM-7,PCI-DSS|2.2"

service: 'compute'

request: 'servers/detail'

json_transform: '.servers[]|

"\n\nName: " + .name

+ "\nID: " + .id

+ "\nStatus: " + .status

+ "\nUser_ID: " + .user_id

+ "\nCreated: " + .created

+ "\nUpdated: " + .updated

+ "\nHost_ID: " + .hostId

+ "\nTenant_ID: " + .tenant_id

+ "\n- addresses: - " + ([.addresses.[].[].addr] | join("\n - "))

'

expect: ""

severity: LOW

</custom_item>

<custom_item>

description: "OpenStack Deployment Snapshot"

info: "The OpenStack resources and their current state will determine what services are available."

solution: "Review the list of OpenStack resources. If any are unknown they should be investigated."

reference: "CCM-3|IVS-07,HIPAA|164.308(a)(2)(D),800-53|CM-2,800-53|CM-6,800-53|CM-8,800-53|PM-7,PCI-DSS|2.2"

see_also: "http://docs.openstack.org//"

service: 'compute'

request: 'limits'

json_transform: 'openstack_data|

" Users: \(.users | length)\n"

+ ([.users[] | " \(.id) - \(.username)\n"] | sort | join(""))

+ " Servers: \(.servers | length)\n"

+ ([.servers[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Networks: \(.networks | length)\n"

+ ([.networks|.networks[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Ports: \(.networks |.ports | length)\n"

+ ([.networks |.ports[] | " \(.id)\n"] | sort | join(""))

+ " Subnets: \(.networks |.subnets | length)\n"

+ ([.networks |.subnets[] | " \(.id) - \(.name)\n"] | sort | join(""))

+ " Images: \(.images | length)\n"

+ ([.images[] | " \(.id) - \(.name)\n"] | sort | join(""))

'

expect: ""

severity: LOW

</custom_item>