Skip to main content

7. Exercise - Develop Your Own Resources

Aaron LippoldJune 28, 2022About 2 min

In this exercise, you will practice writing your own resources and consider how you could implement them in a profile.

Suggested Simple Resources to Start With:

  • Docker

    • id: Retrieves the container ID.
    • image: Retrieves the image name.
    • repo: Retrieves the repository name.
    • tag: Retrieves the tag.
    • ports: Retrieves the ports.
    • command: Retrieves the command.

  • Git

    • branches: Checks if a branch exists.
    • current_branch: Retrieves the current branch.
    • last_commit: Retrieves the last commit from the log.
    • git_log: Retrieves the log of all commits.
    • tag: Retrieves the tag for the repository.

Suggested Medium Complexity Resources to Start With:

  • File Resource

    • owner: Tests if the owner of the file matches the specified value.
    • group: Tests if the group to which a file belongs matches the specified value.
    • size: Tests if a file’s size matches, is greater than, or is less than the specified value.
    • contents: Tests if contents in the file match the value specified in a regular expression.
    • path: Retrieves the path to the file.

  • Directory Resource

    • owner: Tests if the owner of the directory matches the specified value.
    • group: Tests if the group to which a directory belongs matches the specified value.
    • size: Tests if a directory’s size matches, is greater than, or is less than the specified value.
    • contents: Tests if contents in the directory match the value specified in a regular expression.
    • path: Retrieves the path to the directory.

  • Users

    • exist: Tests if the named user exists.
    • gid: Tests the group identifier.
    • group: Tests the group to which the user belongs.
    • groups: Tests if the user belongs to two (or more) groups.
    • home: Tests the home directory path for the user.
    • maxdays: Tests the maximum number of days between password changes.
    • mindays: Tests the minimum number of days between password changes.
    • shell: Tests the path to the default shell for the user.
    • uid: Tests the user identifier.
    • warndays: Tests the number of days a user is warned before a password must be changed.

  • etc/hosts.allow and etc/hosts.deny

    • daemon: Returns a string containing the daemon that is allowed in the rule.
    • client_list: Returns a 2D string array where each entry contains the clients specified for the rule.
    • options: Returns a 2D string array where each entry contains any options specified for the rule.

Suggested Hard Resources to Start With:

  • etc/shadow

    • users: A list of strings representing the usernames matched by the filter.
    • passwords: A list of strings representing the encrypted password strings for entries matched by the filter. Each string may not be an encrypted password but rather a * or similar, indicating that direct logins are not allowed.
    • last_changes: A list of integers indicating the number of days since Jan 1, 1970, since the password for each matching entry was changed.
    • min_days: A list of integers reflecting the minimum number of days a password must exist before it may be changed for the users that matched the filter.
    • max_days: A list of integers reflecting the maximum number of days after which the password must be changed for each user matching the filter.
    • warn_days: A list of integers reflecting the number of days a user is warned about an expiring password for each user matching the filter.
    • inactive_days: A list of integers reflecting the number of days a user must be inactive before the user account is disabled for each user matching the filter.
    • expiry_dates: A list of integers reflecting the number of days since Jan 1, 1970, that a user account has been disabled for each user matching the filter. The value is nil if the account has not expired.
    • count: Tests the number of records that the filter matched.

  • etc/fstab

    • device_name: The name associated with the device.
    • mount_point: The directory at which the file system is configured to be mounted.
    • file_system_type: The type of file system of the device or partition.
    • mount_options: The options for the device or partition.
    • dump_options: A number used by dump to decide if a file system should be backed up.
    • file_system_options: A number that specifies the order the file system should be checked.

  • Tomcat Server Configuration Reader

    • parse_conf: Parses the configuration file.
    • fetch_connectors: Retrieves keys such as port, protocol, timeout, redirect, sslprotocol, scheme, sslenable, clientauth, and secure.
Edit this page on GitHub
Last update: 12/4/2024, 4:54:00 PM
Contributors: Aaron Lippold,wdower,Will Dower,Emily Rodriguez,Emily Rodriguez
Apache-2.0 | Copyright © 2022 - The MITRE Corporation
Copyright © 2024 Aaron Lippold