timb-machine/unix-audit DSL prototype

## unix-audit DSL prototype
platformtags:
  - "linux"
checks:
  - type: "Informational"
    checks:
      - name: "Platform"
        exec:
          - command: "uname"
            stderr: true
            encode: ""
  - type: "File System"
    checks:
      - name: "Partitions"
        exec:
          - command: "mount"
      - name: "Important files"
        file:
          - name: "/etc/shadow"
            glob: false
            permission: true
            hash: false
            contents: true
            stderr: true
            encode: ""
          - name: "/Users/*/.ssh/id_*sa"
            glob: true
            permission: true
            hash: true
            contents: false
            stderr: false
            encode: ""
        directory:
          - path: "/etc/init.d"
            glob: false
            permission: true
            hash: false
            contents: true
            stderr: true
            encode: ""
          - path: "/Users/*/.ssh"
            glob: true
            permission: true
            hash: true
            contents: true
            stderr: true
            encode: "base64"
        search:
          - path: "/Users/*/.ssh/"
            glob: true
            hash: false
            contents: true
            stderr: false
            encode: ""
          - path: "/opt"
            glob: false
            permissions: "-o+w"
            permission: true
            hash: false
            contents: false
            stderr: false
            encode: ""
          - path: "/var/www"
            glob: false
            mask: ".htpasswd*"
            hash: true
            permission: true
            contents: true
            stderr: false
            encode: ""
          - path: "/"
            glob: false
            permissions: "-u+s"
            permission: true
            hash: false
            contents: true
            stderr: true
            encode: "base64"
          - path: "/"
            glob: false
            user: ""
            permission: true
            hash: false
            contents: false
            stderr: false
            encode: ""
          - path: "/"
            glob: false
            group: ""
            permission: true
            hash: false
            contents: false
            stderr: false
            encode: ""
	platformtags:
	- "linux"
	checks:
	- type: "Informational"
	checks:
	- name: "Platform"
	exec:
	- command: "uname"
	stderr: true
	encode: ""
	- type: "File System"
	checks:
	- name: "Partitions"
	exec:
	- command: "mount"
	- name: "Important files"
	file:
	- name: "/etc/shadow"
	glob: false
	permission: true
	hash: false
	contents: true
	stderr: true
	encode: ""
	- name: "/Users//.ssh/id_sa"
	glob: true
	permission: true
	hash: true
	contents: false
	stderr: false
	encode: ""
	directory:
	- path: "/etc/init.d"
	glob: false
	permission: true
	hash: false
	contents: true
	stderr: true
	encode: ""
	- path: "/Users/*/.ssh"
	glob: true
	permission: true
	hash: true
	contents: true
	stderr: true
	encode: "base64"
	search:
	- path: "/Users/*/.ssh/"
	glob: true
	hash: false
	contents: true
	stderr: false
	encode: ""
	- path: "/opt"
	glob: false
	permissions: "-o+w"
	permission: true
	hash: false
	contents: false
	stderr: false
	encode: ""
	- path: "/var/www"
	glob: false
	mask: ".htpasswd*"
	hash: true
	permission: true
	contents: true
	stderr: false
	encode: ""
	- path: "/"
	glob: false
	permissions: "-u+s"
	permission: true
	hash: false
	contents: true
	stderr: true
	encode: "base64"
	- path: "/"
	glob: false
	user: ""
	permission: true
	hash: false
	contents: false
	stderr: false
	encode: ""
	- path: "/"
	glob: false
	group: ""
	permission: true
	hash: false
	contents: false
	stderr: false
	encode: ""