-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaudit_example.yml
50 lines (43 loc) · 1.32 KB
/
audit_example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# Copyright © 2020, CERN
# This software is distributed under the terms of the MIT Licence,
# copied verbatim in the file 'LICENSE'. In applying this licence,
# CERN does not waive the privileges and immunities
# granted to it by virtue of its status as an Intergovernmental Organization
# or submit itself to any jurisdiction.
---
# For audit report generation, the following have to be defined in this file,
# * sections
# * queries
# * checks
# More information for the aforementioned terms can be found at the
# "Main concepts" section of the zkPolicy README.md
# Define which sections to be included in the final audit report
sections:
generalInformation: true
fourLetterWordCommands: true
queryResults: true
checkResults: true
aclOverview: true
queries:
- name: "globMatchACL"
rootPath: "/"
args:
- "digest:*:*"
- name: "exactACL"
rootPath: "/zookeeper"
args:
- "world:anyone:r"
- name: "noACL"
rootPath: "/"
checks:
- title: "Example check 1"
rootPath: "/znode_path1" # Check recursively starting from this path
pathPattern: "/znode_path1.*" # Only check znodes matching this pattern
acls:
- "world:anyone:cdrwa"
- title: "Example check 2"
rootPath: "/znode_path2"
pathPattern: "/znode_path2/.*"
acls:
- "sasl:user2:cdwra"
- "world:anyone:r"