common

package
v0.0.0-test Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 23 Imported by: 27

Documentation

Index

Constants

View Source 
const DLPRuleTag string = "_nvCtR."
View Source 
const DefIdleTimeoutInternal uint32 = 300
View Source 
const DefaultAdminPass string = "admin"
View Source 
const DefaultAdminUser string = "admin"
View Source 
const DefaultCtrlLogLevel string = "info"
View Source 
const DlpPrefix string = "DLP."
View Source 
const NetworkViolation string = "Network.Violation"

For name match in response rule

View Source 
const OEMDefaultUserLocale string = "en"
View Source 
const RegistryAllName string = "_all_registry"
View Source 
const RegistryFedRepoScanName string = "fed._repo_scan"
View Source 
const RegistryRepoScanName string = "_repo_scan"
View Source 
const ReservedFedUser string = "~fedOperator" // user name with prefix "~" cannot be created thru configmap/rest api
View Source 
const ReservedNvSystemUser string = "~nvSystem" // user name with prefix "~" cannot be created thru configmap/rest api
View Source 
const ReservedUserNameIBMSA string = "~nv.reserved.ibmsa"
View Source 
const ScanPlatformID = "platform"
View Source 
const WAFRuleTag string = "_nVwAfCtR."
View Source 
const WafPrefix string = "WAF."

Variables

View Source 
var AppNameMap map[uint32]string = map[uint32]string{
	C.DPI_APP_HTTP:          "HTTP",
	C.DPI_APP_SSL:           "SSL",
	C.DPI_APP_SSH:           "SSH",
	C.DPI_APP_DNS:           "DNS",
	C.DPI_APP_DHCP:          "DHCP",
	C.DPI_APP_NTP:           "NTP",
	C.DPI_APP_TFTP:          "TFTP",
	C.DPI_APP_ECHO:          "Echo",
	C.DPI_APP_RTSP:          "RTSP",
	C.DPI_APP_SIP:           "SIP",
	C.DPI_APP_MYSQL:         "MySQL",
	C.DPI_APP_REDIS:         "Redis",
	C.DPI_APP_ZOOKEEPER:     "ZooKeeper",
	C.DPI_APP_CASSANDRA:     "Cassandra",
	C.DPI_APP_MONGODB:       "MongoDB",
	C.DPI_APP_POSTGRESQL:    "PostgreSQL",
	C.DPI_APP_KAFKA:         "Kafka",
	C.DPI_APP_COUCHBASE:     "Couchbase",
	C.DPI_APP_WORDPRESS:     "Wordpress",
	C.DPI_APP_ACTIVEMQ:      "ActiveMQ",
	C.DPI_APP_COUCHDB:       "CouchDB",
	C.DPI_APP_ELASTICSEARCH: "ElasticSearch",
	C.DPI_APP_MEMCACHED:     "Memcached",
	C.DPI_APP_RABBITMQ:      "RabbitMQ",
	C.DPI_APP_RADIUS:        "Radius",
	C.DPI_APP_VOLTDB:        "VoltDB",
	C.DPI_APP_CONSUL:        "Consul",
	C.DPI_APP_SYSLOG:        "Syslog",
	C.DPI_APP_ETCD:          "etcd",
	C.DPI_APP_SPARK:         "Spark",
	C.DPI_APP_APACHE:        "Apache",
	C.DPI_APP_NGINX:         "nginx",
	C.DPI_APP_JETTY:         "Jetty",
	C.DPI_APP_TNS:           "Oracle",
	C.DPI_APP_TDS:           "MSSQL",
	C.DPI_APP_GRPC:          "GRPC",
}
View Source 
var CtrlLogLevel string = DefaultCtrlLogLevel
View Source 
var DefaultFileMonitorConfig share.CLUSFileMonitorProfile = share.CLUSFileMonitorProfile{
	Filters:    fsmon.ImportantFiles,
	FiltersCRD: make([]share.CLUSFileMonitorFilter, 0),
}
View Source 
var DefaultIdleTimeout uint32 = DefIdleTimeoutInternal
View Source 
var DefaultSystemConfig = share.CLUSSystemConfig{
	NewServicePolicyMode:      share.PolicyModeLearn,
	NewServiceProfileMode:     share.PolicyModeLearn,
	NewServiceProfileBaseline: share.ProfileZeroDrift,
	UnusedGroupAging:          share.UnusedGroupAgingDefault,
	CLUSSyslogConfig: share.CLUSSyslogConfig{
		SyslogIP:         nil,
		SyslogServer:     "",
		SyslogIPProto:    syscall.IPPROTO_UDP,
		SyslogPort:       api.SyslogDefaultUDPPort,
		SyslogLevel:      api.LogLevelINFO,
		SyslogEnable:     false,
		SyslogCategories: defaultSyslogCategory,
		SyslogInJSON:     false,
		SyslogServerCert: "",
	},
	AuthOrder:            []string{},
	ClusterName:          defaultClusterName,
	Webhooks:             []share.CLUSWebhook{},
	ControllerDebug:      []string{},
	TapProxymesh:         true,
	XffEnabled:           true,
	NetServiceStatus:     false,
	NetServicePolicyMode: share.PolicyModeLearn,
	DisableNetPolicy:     false,
	EnableIcmpPolicy:     false,
}
View Source 
var ErrAtomicWriteFail error = errors.New("Atomic write failed")
View Source 
var ErrClusterWriteFail error = errors.New("Failed to write cluster")
View Source 
var ErrObjectAccessDenied error = errors.New("Access denied")
View Source 
var ErrObjectExists error = errors.New("Object exists")
View Source 
var ErrObjectNotFound error = errors.New("Object not found")
View Source 
var ErrUnsupported error = errors.New("Unsupported action")
View Source 
var LogAuditMap = map[share.TLogAudit]LogAuditInfo{
	share.CLUSAuditComplianceContainerBenchViolation:       {api.EventNameComplianceContainerBenchViolation, api.LogLevelWARNING},
	share.CLUSAuditComplianceContainerFileBenchViolation:   {api.EventNameComplianceContainerFileBenchViolation, api.LogLevelWARNING},
	share.CLUSAuditComplianceHostBenchViolation:            {api.EventNameComplianceHostBenchViolation, api.LogLevelWARNING},
	share.CLUSAuditAdmCtrlK8sReqAllowed:                    {api.EventNameAdmCtrlK8sReqAllowed, api.LogLevelINFO},
	share.CLUSAuditAdmCtrlK8sReqViolation:                  {api.EventNameAdmCtrlK8sReqViolation, api.LogLevelWARNING},
	share.CLUSAuditAdmCtrlK8sReqDenied:                     {api.EventNameAdmCtrlK8sReqDenied, api.LogLevelCRIT},
	share.CLUSAuditComplianceContainerCustomCheckViolation: {api.EventNameComplianceContainerCustomCheckViolation, api.LogLevelWARNING},
	share.CLUSAuditComplianceHostCustomCheckViolation:      {api.EventNameComplianceHostCustomCheckViolation, api.LogLevelWARNING},
	share.CLUSAuditAwsLambdaScanWarning:                    {api.EventNameAwsLambdaScan, api.LogLevelWARNING},
	share.CLUSAuditAwsLambdaScanNormal:                     {api.EventNameAwsLambdaScan, api.LogLevelINFO},
	share.CLUSAuditComplianceImageBenchViolation:           {api.EventNameComplianceImageBenchViolation, api.LogLevelWARNING},
}
View Source 
var LogEventMap = map[share.TLogEvent]LogEventInfo{
	share.CLUSEvWorkloadStart:               {api.EventNameContainerStart, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvWorkloadStop:                {api.EventNameContainerStop, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvWorkloadSecured:             {api.EventNameContainerSecured, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvWorkloadRemove:              {api.EventNameContainerRemove, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvAgentStart:                  {api.EventNameAgentStart, api.EventCatAgent, api.LogLevelINFO},
	share.CLUSEvAgentStop:                   {api.EventNameAgentStop, api.EventCatAgent, api.LogLevelINFO},
	share.CLUSEvAgentJoin:                   {api.EventNameAgentJoin, api.EventCatAgent, api.LogLevelINFO},
	share.CLUSEvAgentDisconnect:             {api.EventNameAgentDisconnect, api.EventCatAgent, api.LogLevelNOTICE},
	share.CLUSEvAgentConnect:                {api.EventNameAgentConnect, api.EventCatAgent, api.LogLevelNOTICE},
	share.CLUSEvAgentKicked:                 {api.EventNameAgentKicked, api.EventCatAgent, api.LogLevelWARNING},
	share.CLUSEvControllerStart:             {api.EventNameControllerStart, api.EventCatController, api.LogLevelINFO},
	share.CLUSEvControllerStop:              {api.EventNameControllerStop, api.EventCatController, api.LogLevelINFO},
	share.CLUSEvControllerJoin:              {api.EventNameControllerJoin, api.EventCatController, api.LogLevelINFO},
	share.CLUSEvControllerDisconnect:        {api.EventNameControllerDisconnect, api.EventCatController, api.LogLevelNOTICE},
	share.CLUSEvControllerConnect:           {api.EventNameControllerConnect, api.EventCatController, api.LogLevelNOTICE},
	share.CLUSEvControllerLeadLost:          {api.EventNameControllerLeadLost, api.EventCatController, api.LogLevelWARNING},
	share.CLUSEvControllerLeadElect:         {api.EventNameControllerLeadElect, api.EventCatController, api.LogLevelNOTICE},
	share.CLUSEvAuthLogin:                   {api.EventNameAuthLogin, api.EventCatAuth, api.LogLevelINFO},
	share.CLUSEvAuthLogout:                  {api.EventNameAuthLogout, api.EventCatAuth, api.LogLevelINFO},
	share.CLUSEvAuthTimeout:                 {api.EventNameAuthTimeout, api.EventCatAuth, api.LogLevelNOTICE},
	share.CLUSEvAuthLoginFailed:             {api.EventNameAuthLoginFailed, api.EventCatAuth, api.LogLevelWARNING},
	share.CLUSEvAuthLoginBlocked:            {api.EventNameAuthLoginBlocked, api.EventCatAuth, api.LogLevelNOTICE},
	share.CLUSEvAuthLoginUnblocked:          {api.EventNameAuthLoginUnblocked, api.EventCatAuth, api.LogLevelINFO},
	share.CLUSEvAuthUserPwdResetByAdmin:     {api.EventNameAuthUserPwdRestByAdmin, api.EventCatAuth, api.LogLevelINFO},
	share.CLUSEvAuthAccessDenied:            {api.EventNameAuthAccessDenied, api.EventCatAuth, api.LogLevelWARNING},
	share.CLUSEvRESTWrite:                   {api.EventNameRESTWrite, api.EventCatREST, api.LogLevelINFO},
	share.CLUSEvRESTRead:                    {api.EventNameRESTRead, api.EventCatREST, api.LogLevelINFO},
	share.CLUSEvScannerJoin:                 {api.EventNameScannerJoin, api.EventCatScan, api.LogLevelINFO},
	share.CLUSEvScannerUpdate:               {api.EventNameScannerUpdate, api.EventCatScan, api.LogLevelINFO},
	share.CLUSEvScannerLeave:                {api.EventNameScannerLeave, api.EventCatScan, api.LogLevelINFO},
	share.CLUSEvScanFail:                    {api.EventNameScanFail, api.EventCatScan, api.LogLevelNOTICE},
	share.CLUSEvScanSucceed:                 {api.EventNameScanSucceed, api.EventCatScan, api.LogLevelINFO},
	share.CLUSEvBenchDockerFail:             {api.EventNameBenchDockerFail, api.EventCatBench, api.LogLevelNOTICE},
	share.CLUSEvBenchKubeFail:               {api.EventNameBenchKubeFail, api.EventCatBench, api.LogLevelNOTICE},
	share.CLUSEvLicenseUpdate:               {api.EventNameLicenseUpdate, api.EventCatLicense, api.LogLevelINFO},
	share.CLUSEvLicenseExpire:               {api.EventNameLicenseExpire, api.EventCatLicense, api.LogLevelWARNING},
	share.CLUSEvLicenseRemove:               {api.EventNameLicenseRemove, api.EventCatLicense, api.LogLevelWARNING},
	share.CLUSEvLicenseEnforcerLimitReached: {api.EventNameLicenseEnforcerLimitReached, api.EventCatLicense, api.LogLevelWARNING},
	share.CLUSEvWorkloadQuarantined:         {api.EventNameContainerQuarantined, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvWorkloadUnquarantined:       {api.EventNameContainerUnquarantined, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvAdmCtrlK8sConfigured:        {api.EventNameAdmCtrlK8sConfigured, api.EventCatAdmCtrl, api.LogLevelNOTICE},
	share.CLUSEvAdmCtrlK8sConfigFailed:      {api.EventNameAdmCtrlK8sConfigFailed, api.EventCatAdmCtrl, api.LogLevelCRIT},
	share.CLUSEvInitCfgMapDone:              {api.EventNameInitCfgMapDone, api.EventCatConfigMap, api.LogLevelINFO},
	share.CLUSEvInitCfgMapError:             {api.EventNameInitCfgMapError, api.EventCatConfigMap, api.LogLevelERR},
	share.CLUSEvCrdImported:                 {api.EventNameCrdImported, api.EventCatCrd, api.LogLevelINFO},
	share.CLUSEvCrdRemoved:                  {api.EventNameCrdRemoved, api.EventCatCrd, api.LogLevelINFO},
	share.CLUSEvCrdErrDetected:              {api.EventNameCrdErrDetected, api.EventCatCrd, api.LogLevelERR},
	share.CLUSEvCrdSkipped:                  {api.EventNameCrdSkipped, api.EventCatConfig, api.LogLevelNOTICE},
	share.CLUSEvFedPromote:                  {api.EventNameFedPromote, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvFedDemote:                   {api.EventNameFedDemote, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvFedJoin:                     {api.EventNameFedJoin, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvFedLeave:                    {api.EventNameFedLeave, api.EventCatFed, api.LogLevelNOTICE},
	share.CLUSEvFedKick:                     {api.EventNameFedKick, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvFedPolicySync:               {api.EventNameFedPolicySync, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvImport:                      {api.EventNameImport, api.EventCatConfig, api.LogLevelNOTICE},
	share.CLUSEvExport:                      {api.EventNameExport, api.EventCatConfig, api.LogLevelNOTICE},
	share.CLUSEvImportFail:                  {api.EventNameImportFail, api.EventCatConfig, api.LogLevelERR},
	share.CLUSEvExportFail:                  {api.EventNameExportFail, api.EventCatConfig, api.LogLevelERR},
	share.CLUSEvCloudScanRet:                {api.EventNameCloudScanNormal, api.EventCatCloud, api.LogLevelINFO},
	share.CLUSEvCloudScanAlert:              {api.EventNameCloudScanAlert, api.EventCatCloud, api.LogLevelWARNING},
	share.CLUSEvCloudScanFail:               {api.EventNameCloudScanFail, api.EventCatCloud, api.LogLevelERR},
	share.CLUSEvGroupAutoRemove:             {api.EventNameGroupAutoRemove, api.EventCatGroup, api.LogLevelINFO},
	share.CLUSEvMemoryPressureAgent:         {api.EventNameMemoryPressureAgent, api.EventCatAgent, api.LogLevelWARNING},
	share.CLUSEvMemoryPressureController:    {api.EventNameMemoryPressureController, api.EventCatController, api.LogLevelWARNING},
	share.CLUSEvK8sNvRBAC:                   {api.EventNameK8sNvRBAC, api.EventCatConfig, api.LogLevelWARNING},
	share.CLUSEvGroupAutoPromote:            {api.EventNameGroupAutoPromote, api.EventCatGroup, api.LogLevelINFO},
	share.CLUSEvAuthDefAdminPwdUnchanged:    {api.EventNameAuthDefAdminPwdUnchanged, api.EventCatAuth, api.LogLevelWARNING},
	share.CLUSEvScannerAutoScaleDisabled:    {api.EventNameScannerAutoScaleDisabled, api.EventCatConfig, api.LogLevelNOTICE},
	share.CLUSEvK8sAdmissionWebhookCChange:  {api.EventNameK8sAdmissionWebhookChange, api.EventCatAdmCtrl, api.LogLevelNOTICE},
	share.CLUSEvGroupMetricViolation:        {api.EventNameGroupMetricViolation, api.EventCatGroup, api.LogLevelWARNING},
	share.CLUSEvKvRestored:                  {api.EventNameKvRestored, api.EventCatConfig, api.LogLevelINFO},
	share.CLUSEvScanDataRestored:            {api.EventNameScanDataRestored, api.EventCatScan, api.LogLevelINFO},
}
View Source 
var LogIncidentMap = map[share.TLogIncident]LogIncidentInfo{
	share.CLUSIncidHostPrivilEscalate:           {api.EventNameHostPrivilEscalate, api.LogLevelCRIT},
	share.CLUSIncidContainerPrivilEscalate:      {api.EventNameContainerPrivilEscalate, api.LogLevelCRIT},
	share.CLUSIncidHostSuspiciousProcess:        {api.EventNameHostSuspiciousProcess, api.LogLevelWARNING},
	share.CLUSIncidContainerSuspiciousProcess:   {api.EventNameContainerSuspiciousProcess, api.LogLevelWARNING},
	share.CLUSIncidHostFileAccessViolation:      {api.EventNameHostFileAccessViolation, api.LogLevelWARNING},
	share.CLUSIncidContainerFileAccessViolation: {api.EventNameContainerFileAccessViolation, api.LogLevelWARNING},
	share.CLUSIncidHostPackageUpdated:           {api.EventNameHostPackageUpdated, api.LogLevelWARNING},
	share.CLUSIncidContainerPackageUpdated:      {api.EventNameContainerPackageUpdated, api.LogLevelWARNING},
	share.CLUSIncidHostTunnel:                   {api.EventNameHostTunnelDetected, api.LogLevelWARNING},
	share.CLUSIncidContainerTunnel:              {api.EventNameContainerTunnelDetected, api.LogLevelWARNING},
	share.CLUSIncidContainerProcessViolation:    {api.EventNameProcessProfileViolation, api.LogLevelWARNING},
	share.CLUSIncidHostProcessViolation:         {api.EventNameHostProcessProfileViolation, api.LogLevelWARNING},
}
View Source 
var LogThreatMap = map[uint32]LogThreatInfo{
	C.THRT_ID_SYN_FLOOD:         {"TCP.SYN.Flood"},
	C.THRT_ID_ICMP_FLOOD:        {"ICMP.Flood"},
	C.THRT_ID_IP_SRC_SESSION:    {"Source.IP.Session.Limit"},
	C.THRT_ID_BAD_PACKET:        {"Invalid.Packet.Format"},
	C.THRT_ID_IP_TEARDROP:       {"IP.Fragment.Teardrop"},
	C.THRT_ID_TCP_SYN_DATA:      {"TCP.SYN.With.Data"},
	C.THRT_ID_TCP_SPLIT_HDSHK:   {"TCP.Split.Handshake"},
	C.THRT_ID_TCP_NODATA:        {"TCP.No.Client.Data"},
	C.THRT_ID_TCP_SMALL_WINDOW:  {"TCP.Small.Window"},
	C.THRT_ID_TCP_SMALL_MSS:     {"TCP.SACK.DDoS.With.Small.MSS"},
	C.THRT_ID_PING_DEATH:        {"Ping.Death"},
	C.THRT_ID_DNS_LOOP_PTR:      {"DNS.Loop.Pointer"},
	C.THRT_ID_SSH_VER_1:         {"SSH.Version.1"},
	C.THRT_ID_SSL_HEARTBLEED:    {"SSL.Heartbleed"},
	C.THRT_ID_SSL_CIPHER_OVF:    {"SSL.Cipher.Overflow"},
	C.THRT_ID_SSL_VER_2OR3:      {"SSL.Version.2or3"},
	C.THRT_ID_SSL_TLS_1DOT0:     {"SSL.TLS1.0"},
	C.THRT_ID_SSL_TLS_1DOT1:     {"SSL.TLS1.1"},
	C.THRT_ID_HTTP_NEG_LEN:      {"HTTP.Negative.Body.Length"},
	C.THRT_ID_HTTP_SMUGGLING:    {"HTTP.Request.Smuggling"},
	C.THRT_ID_HTTP_SLOWLORIS:    {"HTTP.Request.Slowloris"},
	C.THRT_ID_DNS_OVERFLOW:      {"DNS.Stack.Overflow"},
	C.THRT_ID_MYSQL_ACCESS_DENY: {"MySQL.Access.Deny"},
	C.THRT_ID_DNS_ZONE_TRANSFER: {"DNS.Zone.Transfer"},
	C.THRT_ID_ICMP_TUNNELING:    {"ICMP.Tunneling"},
	C.THRT_ID_DNS_TYPE_NULL:     {"DNS.Type.Null"},
	C.THRT_ID_SQL_INJECTION:     {"SQL.Injection"},
	C.THRT_ID_APACHE_STRUTS_RCE: {"Apache.Struts.Remote.Code.Execution"},
	C.THRT_ID_DNS_TUNNELING:     {"DNS.Tunneling"},
	C.THRT_ID_K8S_EXTIP_MITM:    {"K8S.externalIPs.MitM"},
}
View Source 
var OEMClusterSecurityRuleGroup = "neuvector.com"
View Source 
var OEMSecurityRuleGroup = "neuvector.com"

Functions

func ActionString 

func ActionString(action uint8) string

func FindProcessInProfile 

func FindProcessInProfile(list []*share.CLUSProcessProfileEntry, p *share.CLUSProcessProfileEntry) (int, bool)

func FindSensorInDlpGroup 

func FindSensorInDlpGroup(list []*share.CLUSDlpSetting, p *share.CLUSDlpSetting) (int, bool)

func FindSensorInWafGroup 

func FindSensorInWafGroup(list []*share.CLUSWafSetting, p *share.CLUSWafSetting) (int, bool)

func FsmonFilterToRest 

func FsmonFilterToRest(path, regex string) string

func GetAppIDByName 

func GetAppIDByName(name string) uint32

func GetAvailablePolicyID 

func GetAvailablePolicyID(ids utils.Set, cfgType share.TCfgType) uint32

First try to find the next largest policy ID of unlearned policies. If it cannot be located, try to find the smallest one. Return 0 if all IDs are used.

func GetInternalDlpRuleName 

func GetInternalDlpRuleName(rulename, sensorname string) string

func GetInternalWafRuleName 

func GetInternalWafRuleName(rulename, sensorname string) string

func GetMappedCspType 

func GetMappedCspType(pCspType *string, ptCspType *share.TCspType) (share.TCspType, string)

func GetOrigDlpRuleName 

func GetOrigDlpRuleName(rulename string) string

func GetOrigWafRuleName 

func GetOrigWafRuleName(rulename string) string

func GetWafRuleID 

func GetWafRuleID(wafsensor *share.CLUSWafSensor) uint32

return 0 if a unique id cannot be found

func LevelToPrio 

func LevelToPrio(level string) (syslog.Priority, bool)

func LevelToString 

func LevelToString(level string) string

func MergeDlpSensors 

func MergeDlpSensors(list []*share.CLUSDlpSetting, p *share.CLUSDlpSetting) ([]*share.CLUSDlpSetting, bool)

func MergeProcess 

func MergeProcess(list []*share.CLUSProcessProfileEntry, p *share.CLUSProcessProfileEntry, bForcedUpdate bool) ([]*share.CLUSProcessProfileEntry, bool)

func MergeWafSensors 

func MergeWafSensors(list []*share.CLUSWafSetting, p *share.CLUSWafSetting) ([]*share.CLUSWafSetting, bool)

func OEMIgnoreImageRepo 

func OEMIgnoreImageRepo(img *share.CLUSImage) bool

func OEMIgnoreWorkload 

func OEMIgnoreWorkload(wl *share.CLUSWorkload) bool

func OEMLicenseValidate 

func OEMLicenseValidate(info *api.RESTLicenseInfo) bool

func OEMPlatformVersionURL 

func OEMPlatformVersionURL() string

func PolicyActionRESTString 

func PolicyActionRESTString(action uint8) string

func PolicyActionString 

func PolicyActionString(action uint8) string

func PolicyRuleIdToCfgType 

func PolicyRuleIdToCfgType(id uint32) share.TCfgType

func PriorityToString 

func PriorityToString(prio syslog.Priority) string

func SeverityString 

func SeverityString(severity uint8) (string, string)

func TCPStateString 

func TCPStateString(state uint8) string

func ThreatName 

func ThreatName(id uint32) string

Types

type CacheEventFunc 

type CacheEventFunc func(ev share.TLogEvent, msg string) error

type DecryptUnmarshaller 

type DecryptUnmarshaller struct{}

func (DecryptUnmarshaller) Uncloak 

func (m DecryptUnmarshaller) Uncloak(data interface{}) error

func (DecryptUnmarshaller) Unmarshal 

func (m DecryptUnmarshaller) Unmarshal(raw []byte, data interface{}) error

type EmptyMarshaller 

type EmptyMarshaller struct{}

func (EmptyMarshaller) Marshal 

func (m EmptyMarshaller) Marshal(data interface{}) ([]byte, error)

type EncryptMarshaller 

type EncryptMarshaller struct{}

func (EncryptMarshaller) Marshal 

func (m EncryptMarshaller) Marshal(data interface{}) ([]byte, error)

type LocalDevice 

type LocalDevice struct {
	Host   *share.CLUSHost
	Ctrler *share.CLUSController
}

type LogAuditInfo 

type LogAuditInfo struct {
	Name  string
	Level string
}

type LogEventInfo 

type LogEventInfo struct {
	Name     string
	Category string
	Level    string
}

type LogIncidentInfo 

type LogIncidentInfo struct {
	Name  string
	Level string
}

type LogThreatInfo 

type LogThreatInfo struct {
	Name string
}

Threat attributes are separated into two places. Eventually they will be generated from a single source

type MarshalInvalidTypeError 

type MarshalInvalidTypeError struct {
	// contains filtered or unexported fields
}

func (MarshalInvalidTypeError) Error 

func (e MarshalInvalidTypeError) Error() string

type Marshaller 

type Marshaller interface {
	Marshal(data interface{}) ([]byte, error)
}

type MaskMarshaller 

type MaskMarshaller struct{}

func (MaskMarshaller) Marshal 

func (m MaskMarshaller) Marshal(data interface{}) ([]byte, error)

type RPCEndpoint 

type RPCEndpoint struct {
	ID            string
	Leader        bool
	ClusterIP     string
	RPCServerPort uint16
}

type Syslogger 

type Syslogger struct {
	// contains filtered or unexported fields
}

func NewSyslogger 

func NewSyslogger(cfg *share.CLUSSyslogConfig) *Syslogger

func (*Syslogger) Close 

func (s *Syslogger) Close()

func (*Syslogger) Identifier 

func (s *Syslogger) Identifier() string

func (*Syslogger) Send 

func (s *Syslogger) Send(elog interface{}, level, cat, header string) error

type TelemetryData 

type TelemetryData struct {
	Hosts          int // nodes
	Groups         int
	PolicyRules    int
	PrimaryCluster int // 1 for master cluster, 0 otherwise
	Clusters       int // all clusters in fed for master cluster, 0 for worker cluster, or 1 for standalone.
	UseProxy       int // for http client, not for telemetry
}

type Unmarshaller 

type Unmarshaller interface {
	Unmarshal(raw []byte, data interface{}) error
	Uncloak(data interface{}) error
}

type Webhook 

type Webhook struct {
	// contains filtered or unexported fields
}

func NewWebHook 

func NewWebHook(url, target string) *Webhook

func (*Webhook) Notify 

func (w *Webhook) Notify(elog interface{}, level, category, cluster, title, comment string, proxy *share.CLUSProxy)

type WorkloadRisk 

type WorkloadRisk struct {
	ID               string
	Name             string
	ImageID          string
	PlatformRole     string
	Domain           string
	BaseOS           string
	PolicyMode       string
	Children         []*WorkloadRisk
	CustomBenchValue []byte
	DockerBenchValue []byte
	MasterBenchValue []byte
	WorkerBenchValue []byte
	SecretBenchValue []byte
	SetidBenchValue  []byte
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.