Documentation
¶
Index ¶
- Variables
- func AccessFileOpt(fs afero.Fs, path string, logger zerolog.Logger) func(*AccessListener)
- func ArrayClean(array []string) []string
- func ArrayDiff(array1, array2 []string) (add, del []string)
- func ArrayEqual(array1, array2 []string) bool
- func Encode(i interface{}) ([]byte, error)
- func GenericDiffFileOpt(fs afero.Fs, path string, logger zerolog.Logger) func(*GenericDiffListener)
- func GenericFileOpt(fs afero.Fs, path string, logger zerolog.Logger) func(*GenericListener)
- func GobMarshal(i interface{}) ([]byte, error)
- func GobUnmarshal(i interface{}, b []byte) error
- func IsNotExist(err error) bool
- func MaskLeft(s string) string
- type Access
- type AccessListener
- type AccessState
- func (as *AccessState) Changed() bool
- func (as *AccessState) Created() bool
- func (as *AccessState) Load(db *AgentDB) (err error)
- func (as *AccessState) Notify(cmd string, user string)
- func (as *AccessState) Parse() (State, error)
- func (as *AccessState) Save(db *AgentDB) error
- func (as *AccessState) Teardown() error
- type AgentDB
- func (a *AgentDB) LoadAccess() (Access, error)
- func (a *AgentDB) LoadGeneric() (Generic, error)
- func (a *AgentDB) LoadGenericDiff() (GenericDiff, error)
- func (a *AgentDB) LoadUsers() (Users, error)
- func (a *AgentDB) SaveAccess(access Access) error
- func (a *AgentDB) SaveGeneric(generic Generic) error
- func (a *AgentDB) SaveGenericDiff(genericDiff GenericDiff) error
- func (a *AgentDB) SaveUsers(users Users) error
- type BaseConsumer
- type BaseConsumers
- type Consumer
- type Consumers
- type Event
- type FIM
- type File
- type FileMissing
- type Generic
- type GenericDiff
- type GenericDiffListener
- type GenericDiffState
- func (gds *GenericDiffState) Changed() bool
- func (gds *GenericDiffState) Created() bool
- func (gds *GenericDiffState) Load(db *AgentDB) (err error)
- func (gds *GenericDiffState) Notify(cmd string, user string)
- func (gds *GenericDiffState) Parse() (State, error)
- func (gds *GenericDiffState) Register() []string
- func (gds *GenericDiffState) Save(db *AgentDB) error
- func (gds *GenericDiffState) Teardown() error
- type GenericListener
- type GenericState
- func (gs *GenericState) Changed() bool
- func (gs *GenericState) Created() bool
- func (gs *GenericState) Load(db *AgentDB) error
- func (gs *GenericState) Notify(cmd string, user string)
- func (gs *GenericState) Parse() (State, error)
- func (gs *GenericState) Register() []string
- func (gs *GenericState) Save(db *AgentDB) error
- func (gs *GenericState) Teardown() error
- type LogAccess
- type LogEvent
- type LogGeneric
- type LogGenericDiff
- type LogUser
- type LogUsers
- type Map
- type Metrics
- type ParserLoader
- type Register
- type Set
- type State
- type User
- type Users
- type UsersListener
- type UsersState
- func (us *UsersState) Changed() bool
- func (us *UsersState) Created() bool
- func (us *UsersState) Load(db *AgentDB) error
- func (us *UsersState) Notify(cmd string, user string)
- func (us *UsersState) Parse() (State, error)
- func (us *UsersState) Register() []string
- func (us *UsersState) Save(db *AgentDB) error
- func (us *UsersState) Teardown() error
- type Watcher
- type ZerologMarshalerArrayFunc
- type ZerologMarshalerObjectFunc
Constants ¶
This section is empty.
Variables ¶
var ( // ErrReload var to define a reload of the consumer ErrReload = fmt.Errorf("reload consumer") )
Functions ¶
func AccessFileOpt ¶
AccessFileOpt function used to return metadata on a file
func ArrayClean ¶
ArrayClean function to clean an array of duplicates?
func ArrayEqual ¶
ArrayEqual checks if one array equals the second array
func GenericDiffFileOpt ¶
GenericDiffFileOpt function used to return metadata on a file
func GenericFileOpt ¶
GenericFileOpt function used to return metadata on a file TODO: unused in current code
func GobMarshal ¶
GobMarshal function to marshal interface to byte slice
func GobUnmarshal ¶
GobUnmarshal function to unmarshal gob
func IsNotExist ¶
IsNotExist Golang has a weird behavior regarding stat function if one entry in the path is a file We need to rewrite the os.IsNotExist function
Types ¶
type Access ¶
type Access struct {
Grant, Deny []string
}
Access struct used to store changes to access.conf
type AccessListener ¶
AccessListener struct used for filestream events.
func NewAccessListener ¶
func NewAccessListener(options ...func(*AccessListener)) *AccessListener
NewAccessListener function to create a new file event listener
func (*AccessListener) Register ¶
func (al *AccessListener) Register() []string
Register method returns list of paths to files to be watched
type AccessState ¶
type AccessState struct {
*AccessListener
// contains filtered or unexported fields
}
AccessState struct keeps track of state changes based on AccessListener struct and methods
func (*AccessState) Changed ¶
func (as *AccessState) Changed() bool
Changed checks if the new AccessState instance is different from old AccessState instance
func (*AccessState) Created ¶
func (as *AccessState) Created() bool
Created checks if the current AccessState has been created
func (*AccessState) Load ¶
func (as *AccessState) Load(db *AgentDB) (err error)
Load reads in current state from local db instance
func (*AccessState) Notify ¶
func (as *AccessState) Notify(cmd string, user string)
Notify is the method to notify of a change in state
func (*AccessState) Parse ¶
func (as *AccessState) Parse() (State, error)
Parse calls parse(), and update new AccessState
func (*AccessState) Save ¶
func (as *AccessState) Save(db *AgentDB) error
Save commits a state to the local DB instance.
func (*AccessState) Teardown ¶
func (as *AccessState) Teardown() error
Teardown is the reset method when a change has been detected. Set new state to old state, and reload.
type AgentDB ¶
AgentDB struct containing db connection
func (*AgentDB) LoadAccess ¶
LoadAccess method to load access
func (*AgentDB) LoadGeneric ¶
LoadGeneric method to load generic files
func (*AgentDB) LoadGenericDiff ¶
func (a *AgentDB) LoadGenericDiff() (GenericDiff, error)
LoadGenericDiff method to load generic files that require a diff
func (*AgentDB) SaveAccess ¶
SaveAccess method to save access config
func (*AgentDB) SaveGeneric ¶
SaveGeneric method to save generic files
func (*AgentDB) SaveGenericDiff ¶
func (a *AgentDB) SaveGenericDiff(genericDiff GenericDiff) error
SaveGenericDiff method to save generic files that require a diff
type BaseConsumer ¶
type BaseConsumer struct {
*AgentDB
ParserLoader
sync.RWMutex
}
BaseConsumer is a struct that contains the base objects needed to make a consumer
func (*BaseConsumer) Consume ¶
func (bc *BaseConsumer) Consume(e Event) error
Consume consumes an event
func (*BaseConsumer) Init ¶
func (bc *BaseConsumer) Init() error
Init function for populating a base consumer
func (*BaseConsumer) Register ¶
func (bc *BaseConsumer) Register() *sync.Map
Register method maps files to consumers.
type BaseConsumers ¶
type BaseConsumers []*BaseConsumer
BaseConsumers is a type to describe multiple BaseConsumers
func (BaseConsumers) Consumers ¶
func (bc BaseConsumers) Consumers() (consumers []Consumer)
Consumers returns a slice of consumers.
type Event ¶
type Event struct {
Mode int32
PID uint32
UID uint32
Size uint32
Inode uint64
Device uint64
NewInode uint64 // target directory when renaming
NewDevice uint64 // target file when renaming, 0 if doesn't exist
Com string
Path string
}
Event struct the represents event that is sent to user space from BPF
type FIM ¶
type FIM struct {
Module *elf.Module
RulesTable *elf.Map
Events chan Event
zerolog.Logger
// contains filtered or unexported fields
}
FIM struct that represents BPF event system
func (*FIM) GetFileFromInode ¶
GetFileFromInode look up filename for given inode
func (*FIM) RemoveFile ¶
RemoveFile method to remove a file from BPF monitor
func (*FIM) RemoveInode ¶
RemoveInode method to remove a file from BPF monitor
type FileMissing ¶
FileMissing struct is used when a watched file cannot be located
func NewFileMissing ¶
func NewFileMissing(events chan Event, options ...func(*FileMissing)) *FileMissing
NewFileMissing function watches for a file to be found, and adds the file to be monitored.
func (*FileMissing) Register ¶
func (fm *FileMissing) Register() *sync.Map
Register method registers the newly found file to the correct consumer
type Generic ¶
type Generic struct {
Contents []byte
}
Generic struct used to store changes to generic files
type GenericDiff ¶
type GenericDiff struct {
Rule []string
}
GenericDiff struct used to store changes to the generic file with diff
func (GenericDiff) IsEmpty ¶
func (gd GenericDiff) IsEmpty() bool
IsEmpty method to check if diff is empty
type GenericDiffListener ¶
type GenericDiffListener struct {
zerolog.Logger
afero.Fs
// contains filtered or unexported fields
}
GenericDiffListener struct used for filestream events.
func NewGenericDiffListener ¶
func NewGenericDiffListener(options ...func(*GenericDiffListener)) *GenericDiffListener
NewGenericDiffListener function to create a new file event listener
func (*GenericDiffListener) Register ¶
func (gdl *GenericDiffListener) Register() []string
Register method returns list of paths to files to be watched
type GenericDiffState ¶
type GenericDiffState struct {
*GenericDiffListener
// contains filtered or unexported fields
}
GenericDiffState struct keeps track of state changes based on GenericDiffListener struct and methods
func (*GenericDiffState) Changed ¶
func (gds *GenericDiffState) Changed() bool
Changed checks if the new GenericDiffState instance is different from old GenericDiffState instance
func (*GenericDiffState) Created ¶
func (gds *GenericDiffState) Created() bool
Created checks if the current GenericDiffState has been created
func (*GenericDiffState) Load ¶
func (gds *GenericDiffState) Load(db *AgentDB) (err error)
Load reads in current state from local db instance
func (*GenericDiffState) Notify ¶
func (gds *GenericDiffState) Notify(cmd string, user string)
Notify is the method to notify of a change in state
func (*GenericDiffState) Parse ¶
func (gds *GenericDiffState) Parse() (State, error)
Parse calls parse(), and update new GenericDiffState
func (*GenericDiffState) Register ¶
func (gds *GenericDiffState) Register() []string
Register returns a list of files to watch for changes
func (*GenericDiffState) Save ¶
func (gds *GenericDiffState) Save(db *AgentDB) error
Save commits a state to the local DB instance.
func (*GenericDiffState) Teardown ¶
func (gds *GenericDiffState) Teardown() error
Teardown is the reset method when a change has been detected. Set new state to old state, and reload.
type GenericListener ¶
GenericListener struct used for filestream events.
func NewGenericListener ¶
func NewGenericListener(options ...func(*GenericListener)) *GenericListener
NewGenericListener function to create a new file event listener
func (*GenericListener) Register ¶
func (gl *GenericListener) Register() []string
Register method returns list of paths to files to be watched
type GenericState ¶
type GenericState struct {
*GenericListener
// contains filtered or unexported fields
}
GenericState struct keeps track of state changes based on GenericListener struct and methods
func (*GenericState) Changed ¶
func (gs *GenericState) Changed() bool
Changed checks if the new UserState instance is different from old UserState instance
func (*GenericState) Created ¶
func (gs *GenericState) Created() bool
Created checks if the current UserState has been created
func (*GenericState) Load ¶
func (gs *GenericState) Load(db *AgentDB) error
Load reads in current state from local db instance
func (*GenericState) Notify ¶
func (gs *GenericState) Notify(cmd string, user string)
Notify is the method to notify of a change in state
func (*GenericState) Parse ¶
func (gs *GenericState) Parse() (State, error)
Parse calls parse(), and update new UserState
func (*GenericState) Register ¶
func (gs *GenericState) Register() []string
Register returns a list of files to watch for changes
func (*GenericState) Save ¶
func (gs *GenericState) Save(db *AgentDB) error
Save commits a state to the local DB instance.
func (*GenericState) Teardown ¶
func (gs *GenericState) Teardown() error
Teardown is the reset method when a change has been detected. Set new state to old state, and reload.
type LogAccess ¶
type LogAccess Access
LogAccess type wrapper
func (LogAccess) MarshalZerologObject ¶
MarshalZerologObject method to marshal access object
type LogEvent ¶
type LogEvent Event
LogEvent type wrapper
func (LogEvent) MarshalZerologObject ¶
MarshalZerologObject method to marshal object
type LogGeneric ¶
type LogGeneric GenericState
LogGeneric type wrapper
func (LogGeneric) MarshalZerologObject ¶
func (lg LogGeneric) MarshalZerologObject(e *zerolog.Event)
MarshalZerologObject method to marshal generic object
type LogGenericDiff ¶
type LogGenericDiff GenericDiff
LogGenericDiff type wrapper
func (LogGenericDiff) MarshalZerologObject ¶
func (lgd LogGenericDiff) MarshalZerologObject(e *zerolog.Event)
MarshalZerologObject method to marshal generic diff object
type LogUser ¶
type LogUser User
LogUser type wrapper
func (LogUser) MarshalZerologObject ¶
MarshalZerologObject method to marshal user event
type LogUsers ¶
type LogUsers Users
LogUsers type wrapper
func (LogUsers) MarshalZerologArray ¶
MarshalZerologArray method to marshal array
type Metrics ¶
type Metrics struct {
GraphiteHost string
Namespace string
GraphiteMode int
MetricsInterval time.Duration
EveryHourRegister goMetrics.Registry
EveryMinuteRegister goMetrics.Registry
Hostname string
RoleName string
Logger zerolog.Logger
// contains filtered or unexported fields
}
Metrics struct defining configs for graphite metrics
func (*Metrics) RecordBPFMetrics ¶
func (m *Metrics) RecordBPFMetrics()
RecordBPFMetrics send metrics for BPF hits and misses per probe
func (*Metrics) RecordByEventsCaught ¶
func (m *Metrics) RecordByEventsCaught()
RecordByEventsCaught sends count of number of events caught by ebpf
func (*Metrics) RecordByInstalledHost ¶
func (m *Metrics) RecordByInstalledHost()
RecordByInstalledHost graphite metric to show how manay host have bpfink installed
func (*Metrics) RecordByLogTypes ¶
RecordByLogTypes sends count of different types of logs
func (*Metrics) RecordVersion ¶
RecordVersion graphite metric to show the version of bpfink running on each host
type ParserLoader ¶
type ParserLoader interface {
Load(db *AgentDB) error
Save(db *AgentDB) error
Parse() (State, error)
Register() []string
}
ParserLoader describes the interface for maintaining the data in a consumer
type Set ¶
type Set map[string]struct{}
Set type to define Set
type UsersListener ¶
UsersListener struct of listener for users
func NewUsersListener ¶
func NewUsersListener(options ...func(*UsersListener)) *UsersListener
NewUsersListener new function to create user listener
func (*UsersListener) Register ¶
func (ul *UsersListener) Register(includes []string) (out []string)
Register method takes in list of files to monitor for writes
type UsersState ¶
type UsersState struct {
*UsersListener
// contains filtered or unexported fields
}
UsersState struct keeps track of state changes based on UserListener struct and methods
func (*UsersState) Changed ¶
func (us *UsersState) Changed() bool
Changed checks if the new UserState instance is different from old UserState instance
func (*UsersState) Created ¶
func (us *UsersState) Created() bool
Created checks if the current UserState has been created
func (*UsersState) Load ¶
func (us *UsersState) Load(db *AgentDB) error
Load reads in current state from local db instance
func (*UsersState) Notify ¶
func (us *UsersState) Notify(cmd string, user string)
Notify is the method to notify of a change in state
func (*UsersState) Parse ¶
func (us *UsersState) Parse() (State, error)
Parse calls parse(), and update new UserState
func (*UsersState) Register ¶
func (us *UsersState) Register() []string
Register returns a list of files to watch for changes
func (*UsersState) Save ¶
func (us *UsersState) Save(db *AgentDB) error
Save commits a state to the local DB instance.
func (*UsersState) Teardown ¶
func (us *UsersState) Teardown() error
Teardown is the reset method when a change has been detected. Set new state to old state, and reload.
type Watcher ¶
type Watcher struct {
zerolog.Logger
*FIM
Key []byte
Database *AgentDB
Consumers []Consumer
CloseChannels chan struct{}
Excludes []*regexp.Regexp
GenericDiff []string
Metrics *Metrics
// contains filtered or unexported fields
}
Watcher struct defines a watcher object
func NewWatcher ¶
NewWatcher function to create new watcher function
type ZerologMarshalerArrayFunc ¶
ZerologMarshalerArrayFunc function signature for marshaling an array
func (ZerologMarshalerArrayFunc) MarshalZerologArray ¶
func (zmaf ZerologMarshalerArrayFunc) MarshalZerologArray(a *zerolog.Array)
MarshalZerologArray method to wrap logger
type ZerologMarshalerObjectFunc ¶
ZerologMarshalerObjectFunc function signature for marshaling an object
func (ZerologMarshalerObjectFunc) MarshalZerologObject ¶
func (zmof ZerologMarshalerObjectFunc) MarshalZerologObject(e *zerolog.Event)
MarshalZerologObject method to wrap a logger
Source Files
Directories