config

package
v0.0.0-...-24e3e83 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Copyright © 2020 GUILLAUME FOURNIER

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ReadConfigFile 

func ReadConfigFile(path string, cfg *NSPConfig) error

ReadConfigFile - Read the provided config file and populates the provided config file

Types

type NSPConfig 

type NSPConfig struct {
	// CLI - CLI parameters
	CLI struct {
		Verbose           logrus.Level
		ConfigPath        string
		KubeConfigPath    string
		ProfileOutputPath string
		Pid               uint32
		Netns             uint64
		DDLogURL          string
		ProcessCacheSize  uint32
	}

	// eBPF - eBPF tunning options
	EBPF struct {
		PerfMapPageCount  int `yaml:"perf_map_page_count" default:"64"`
		KprobeMaxActive   int `yaml:"kprobe_max_active" default:"-1"`
		MapsChannelLength int `yaml:"maps_chanel_length" default:"1000"`
	} `yaml:"ebpf"`

	// MonitoringOptions - Process level network monitoring options
	MonitoringOptions struct {
		// NetworkMonitorTick - This parameter defines how often the eBPF maps containing networking data should be dumped
		NetworkMonitorTick int `yaml:"network_monitor_tick" default:"0"`
		// DNSMonitoring - When activated, the probe will log DNS activity
		DNSMonitoring bool `yaml:"dns_monitoring"`
		// NetworkInterfacesMonitoring - When activated, the probe will log interface activity (registration etc ...)
		NetworkInterfacesMonitoring bool `yaml:"network_interfaces_monitoring"`
		// ConnectionMonitoring - When activated, the probe will log network connections (egress & ingress)
		ConnectionMonitoring bool `yaml:"connection_monitoring"`
	} `yaml:"monitoring_options"`

	// SecurityOptions - Attacks detection options
	SecurityOptions struct {
		// FloodAttacks - When activated, the probe will trigger an alert when a flood attack is detected (SYN flood)
		FloodAttacks SecurityAction `yaml:"flood_attacks"`
		// ARPSpoofing - When activated, the probe will look for ARP spoofing attacks
		ARPSpoofing SecurityAction `yaml:"arp_spoofing"`
		// DNSSpoofing - When activated, the probe will look for DNS spoofing attacks
		DNSSpoofing SecurityAction `yaml:"dns_spoofing"`

		// EgressDomains - List of egress domains with corresponding security action
		EgressDomains map[string]SecurityAction `yaml:"egress_domains"`
		// EgressDefault - Security action taken for unexpected egress domains
		EgressDefault SecurityAction `yaml:"egress_default"`
		// IngressDomains - List of ingress domains with corresponding security action
		IngressDomains map[string]SecurityAction `yamls:"ingress_domains"`
		// IngressDefault - Security action taken for unexpected ingress domains
		IngressDefault SecurityAction `yaml:"ingress_default"`

		// NetworkProtocols - List of expected network protocols (L3) and their security action
		NetworkProtocols map[string]SecurityAction `yaml:"network_protocols"`
		// NetworkProtocolDefault - Security action taken for unexpected network protocols
		NetworkProtocolDefault SecurityAction `yaml:"network_protocol_default"`
		// TransportProtocol - List of expected transport protocols (L4) and their security action
		TransportProtocols map[string]SecurityAction `yaml:"transport_protocols"`
		// TransportProtocolDefault - Security action taken for unexpected transport protocols
		TransportProtocolDefault SecurityAction `yaml:"transport_protocol_default"`
		// ApplicationProtocols - List of expected application protocols (L7) and their security action
		ApplicationProtocols map[string]SecurityAction `yaml:"application_protocols"`
		// ApplicationProtocolDefault - Security action taken for unexpected application protocols
		ApplicationProtocolDefault SecurityAction `yaml:"application_protocol_default"`
	} `yaml:"security_options"`
}

NSPConfig - Network security probe option

func NewConfigFromCLI 

func NewConfigFromCLI() (*NSPConfig, error)

NewConfigFromCLI - Parses command line arguments

func NewConfigFromPath 

func NewConfigFromPath(path string) (*NSPConfig, error)

NewConfigFromPath - Returns a configuration parsed from the provided file

type SecurityAction 

type SecurityAction struct {
	Alert bool `yaml:"alert" default:"true"`
	Block bool `yaml:"block" default:"false"`
	Kill  bool `yaml:"kill" default:"false"`
}

SecurityAction - A security action defines what the probe should do.

  • Alert means that an alert will be reported by the probe
  • Block means that the probe will block the offending connection
  • Kill means that the offending process will be killed

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.