auditd

package
v1.2.3-fred.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 18, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const UnknownValue = "?"

UnknownValue is used by auditd when a value is not provided.

Variables

View Source
var ErrAuditdDisabled = trace.Errorf("auditd is disabled")

Functions

func IsLoginUIDSet

func IsLoginUIDSet() bool

IsLoginUIDSet returns true if login UID is set, false otherwise.

func SendEvent

func SendEvent(event EventType, result ResultType, msg Message) error

SendEvent sends a single auditd event. Each request create a new netlink connection. This function does not send the event and returns no error if it runs with no root permissions.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is auditd client.

func NewClient

func NewClient(msg Message) *Client

NewClient creates a new auditd client. Client is not connected when it is returned.

func (*Client) Close

func (c *Client) Close() error

Close closes the underlying netlink connection and resets the struct state.

func (*Client) SendMsg

func (c *Client) SendMsg(event EventType, result ResultType) error

SendMsg sends a message. Client will create a new connection if not connected already.

type EventType

type EventType int

EventType represent auditd message type. Values comes from https://github.com/torvalds/linux/blob/08145b087e4481458f6075f3af58021a3cf8a940/include/uapi/linux/audit.h#L54

const (
	AuditGet       EventType = 1000
	AuditUserEnd   EventType = 1106
	AuditUserLogin EventType = 1112
	AuditUserErr   EventType = 1109
)

type Message

type Message struct {
	// SystemUser is a name of Linux user.
	SystemUser string
	// TeleportUser is a name of Teleport user.
	TeleportUser string
	// ConnAddress is an address of incoming connection.
	ConnAddress string
	// TTYName is a name of TTY used by SSH session is allocated, ex: /dev/tty1
	// or 'teleport' if empty.
	TTYName string
}

Message is an audit message. It contains TTY name, users and connection information.

func (*Message) SetDefaults

func (m *Message) SetDefaults()

SetDefaults set default values to match what OpenSSH does.

type NetlinkConnector

type NetlinkConnector interface {
	Execute(m netlink.Message) ([]netlink.Message, error)
	Receive() ([]netlink.Message, error)

	Close() error
}

NetlinkConnector implements netlink related functionality.

type ResultType

type ResultType string
const (
	Success ResultType = "success"
	Failed  ResultType = "failed"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL