66 lines
1.8 KiB
Bash
Executable File
66 lines
1.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
source "$(dirname "$0")/../scripts/lib/common.sh"
|
|
require_cmd jq
|
|
|
|
EVID_DIR="${1:?usage: ledger_hash_chain_intact.sh <evidence_dir>}"
|
|
TS="$(iso_utc_now)"
|
|
|
|
FILE="$EVID_DIR/ledger_verify.json"
|
|
if [[ ! -f "$FILE" ]]; then
|
|
json_emit "$(jq -n --arg ts "$TS" '{
|
|
version:"1.0.0",
|
|
rule_id:"ledger.hash_chain_intact",
|
|
control_ids:["AU-01","AU-02"],
|
|
passed:false,
|
|
severity:"CRITICAL",
|
|
timestamp:$ts,
|
|
evidence:[{path:"ledger_verify.json"}],
|
|
details:{error:"missing evidence file"}
|
|
}')"
|
|
exit 0
|
|
fi
|
|
|
|
COLLECTED="$(jq -r '.collected // true' "$FILE")"
|
|
if [[ "$COLLECTED" != "true" ]]; then
|
|
json_emit "$(jq -n --arg ts "$TS" '{
|
|
version:"1.0.0",
|
|
rule_id:"ledger.hash_chain_intact",
|
|
control_ids:["AU-01","AU-02"],
|
|
passed:false,
|
|
severity:"CRITICAL",
|
|
timestamp:$ts,
|
|
evidence:[{path:"ledger_verify.json"}],
|
|
details:{error:"ledger verify not collected"}
|
|
}')"
|
|
exit 0
|
|
fi
|
|
|
|
OK="$(jq -r '.ok // false' "$FILE")"
|
|
ENTRY_COUNT="$(jq -r '.entry_count // 0' "$FILE")"
|
|
FAILURES_JSON="$(jq -c '.failures // []' "$FILE")"
|
|
|
|
if [[ "$OK" == "true" ]]; then
|
|
json_emit "$(jq -n --arg ts "$TS" --argjson count "$ENTRY_COUNT" '{
|
|
version:"1.0.0",
|
|
rule_id:"ledger.hash_chain_intact",
|
|
control_ids:["AU-01","AU-02"],
|
|
passed:true,
|
|
severity:"CRITICAL",
|
|
timestamp:$ts,
|
|
evidence:[{path:"ledger_verify.json"}],
|
|
details:{entries_checked:$count}
|
|
}')"
|
|
else
|
|
json_emit "$(jq -n --arg ts "$TS" --argjson count "$ENTRY_COUNT" --argjson failures "$FAILURES_JSON" '{
|
|
version:"1.0.0",
|
|
rule_id:"ledger.hash_chain_intact",
|
|
control_ids:["AU-01","AU-02"],
|
|
passed:false,
|
|
severity:"CRITICAL",
|
|
timestamp:$ts,
|
|
evidence:[{path:"ledger_verify.json"}],
|
|
details:{entries_checked:$count, failures:$failures}
|
|
}')"
|
|
fi
|