comm

package
v0.0.0-...-3db7fe0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 21, 2021 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	HEARTBEAT            = 1000
	POLICY               = 1001
	ATTACK               = 1002
	MONITOR              = 1003
	ASSET                = 1004
	REBOUND_SHELL_ATTACK = 1005
)
View Source 
const (
	BruteForce          = 1
	FILE_Monit          = 2
	Command_Monit       = 3
	Process_Monit       = 4
	Network_Monit       = 5
	WebShell            = 6
	BaseLine            = 7
	AppLog              = 8
	Audit               = 9
	Asset               = 10
	Rebound_Shell_Event = 11
)

Variables

View Source 
var ProcessTablePath = AgentHome() + "/conf/process-table.json"

Functions

func AgentHome 

func AgentHome() string

func AppLogMsg 

func AppLogMsg(agentId string, eventType int, msg string, ip string, port string, rule string) (string, error)

func BuildAttackMsg 

func BuildAttackMsg(agentId string, eventType int, msg string, ip string, port string) (string, error)

func CheckPort 

func CheckPort(port string) bool

func CheckSum 

func CheckSum(data []byte) uint16

func CopyString 

func CopyString(s string) string

func Daemon 

func Daemon(nochdir, noclose int) int

func DeepFields 

func DeepFields(ifaceType reflect.Type) []reflect.StructField

func ExecFileForEcho 

func ExecFileForEcho(projectPath string) (string, error)

func Exists 

func Exists(path string) bool

func FlushAgentConfig 

func FlushAgentConfig(agentConf AgentConf, agentConfPath string)

func FlushData2File 

func FlushData2File(proxyTable interface{}, filePath string)

func GetIp 

func GetIp() (string, error)

func GetMessage 

func GetMessage(agentId string, data []byte) (string, error)

func HttpDownload 

func HttpDownload(url, fileName string) bool

func HttpPost 

func HttpPost(url string, data interface{}) string

发送POST请求 url: 请求地址 data: POST请求提交的数据 contentType: 请求体格式,如:application/json content: 请求放回的内容

func IsIpConnect 

func IsIpConnect(ip string) bool

func IsZombie 

func IsZombie(processId int) bool

func KillProcess 

func KillProcess(pp *os.Process) error

func LoadFileForObj 

func LoadFileForObj(filename string, itf interface{}) (interface{}, bool)

func MD5 

func MD5(filename string) string

func MonitForKillSelfTask 

func MonitForKillSelfTask()

func ProcessIsExist 

func ProcessIsExist(pid int) bool

func QueryEngineId 

func QueryEngineId() string

func ReadFile 

func ReadFile(filePath string) (bool, string)

func ReadProcessTable 

func ReadProcessTable() (bool, map[string]Pid)

func ReadProxyTable 

func ReadProxyTable() (bool, map[string]ProxyStrategy)

func RedisGet 

func RedisGet(key string, AgentConf AgentConf) (success bool, data string)

func RedisSet 

func RedisSet(key, value string, AgentConf AgentConf) bool

func SendMsg 

func SendMsg(msgID int32, evetmsg string, commAddr string) error

func StartMemCpuMonitor 

func StartMemCpuMonitor(name string, cpuLimit float64)

func StructCopy 

func StructCopy(DstStructPtr interface{}, SrcStructPtr interface{})

func Unzip 

func Unzip(zipFile string, destDir string) error

func UpdateProcessTable 

func UpdateProcessTable(processTable map[string]Pid)

Types

type AgentConf 

type AgentConf struct {
	StrategyAddr     string `json:"strategyAddr"`
	StrategyPass     string `json:"strategyPass"`
	Version          string `json:"version"`
	HeartbeatChannel string `json:"heartbeatChannel"`
	SshKeyUploadUrl  string `json:"sshKeyUploadUrl"`
	HoneyPublicIp    string `json:"honeyPublicIp"`
}

func LoadAgentConf 

func LoadAgentConf(agentHome string) AgentConf

type AgentMonitorMsg 

type AgentMonitorMsg struct {
	CPU        string `json:"cpu"`
	Mem        string `json:"mem"`
	Plugins    string `json:"plugins"`
	NetInRate  string `json:"netInRate"`
	NetOutRate string `json:"netOutRate"`
}

type AuditData 

type AuditData struct {
	A0      string `json:"a0"`
	A1      string `json:"a1"`
	A2      string `json:"a2"`
	A3      string `json:"a3"`
	Arch    string `json:"arch"`
	Argc    string `json:"argc"`
	Exit    string `json:"exit"`
	Syscall string `json:"syscall"`
	Tty     string `json:"tty"`
}

type AuditFile 

type AuditFile struct {
	Path   string `json:"path"`
	Device string `json:"device"`
	Inode  string `json:"inode"`
	Mode   string `json:"mode"`
	Uid    string `json:"uid"`
	Gid    string `json:"gid"`
}

type AuditMsg 

type AuditMsg struct {
	Timestamp   string   `json:"@timestamp"`
	Sequence    int      `json:"sequence"`
	Category    string   `json:"category"`
	Record_type string   `json:"record_type"`
	Result      string   `json:"result"`
	Session     string   `json:"session"`
	Tags        []string `json:"tags"`
	//Summary     interface{} `json:"summary"`
	//User        interface{} `json:"user"`
	Process AuditProcess `json:"process"`
	File    AuditFile    `json:"file"`
	Data    AuditData    `json:"data"`
	Paths   []AuditPath  `json:"paths"`
}

type AuditPath 

type AuditPath struct {
	CapFe      string `json:"cap_fe"`
	CapFi      string `json:"cap_fi"`
	CapFp      string `json:"cap_fp"`
	CapFrootid string `json:"cap_frootid"`
	CapFver    string `json:"cap_fver"`
	Dev        string `json:"dev"`
	Inode      string `json:"inode"`
	Item       string `json:"item"`
	Mode       string `json:"mode"`
	Name       string `json:"name"`
	Nametype   string `json:"nametype"`
	Ogid       string `json:"ogid"`
	Ouid       string `json:"ouid"`
	Rdev       string `json:"rdev"`
}

type AuditProcess 

type AuditProcess struct {
	Pid   string `json:"pid"`
	Ppid  string `json:"ppid"`
	Title string `json:"title"`
	Name  string `json:"name"`
	Exe   string `json:"exe"`
	Cwd   string `json:"cwd"`
}

type AuditReport 

type AuditReport struct {
	Eventtype  int    `json:"eventtype"`
	Createtime string `json:"createtime"`
}

type BasePolicy 

type BasePolicy struct {
	TaskId  string // 任务ID
	AgentId string // 选择执行本策略的 Agent
	Status  int    // 下发端 1: OPEN | 0:CLOSE // 执行端 SUCCESS | FAIL
	Type    string // FILE | HIS
	Data    string // 诱饵压缩包下载地址 HTTP
}

诱饵父类 提供类别、agentId/taskId/下发状态/执行状态 这些总体的描述数据

type EngineStrategy 

type EngineStrategy struct {
	LatestVersion string
	Md5           string
}

type EngineStrategyResp 

type EngineStrategyResp struct {
	Code int
	Msg  string
	Data EngineStrategy
}

type EventMsg 

type EventMsg struct {
	Eventtype  int    `json:"eventtype"`
	Msg        string `json:"msg"`
	Createtime string `json:"createtime"`
	Ip         string `json:"ip"`
	Port       int    `json:"port"`
	Rule       string `json:"rule"`
}

type FileBaitPolicy 

type FileBaitPolicy struct {
	BasePolicy
	Md5 string // 压缩包MD5值
}

* 文件诱饵的策略数据结构

type FileConf 

type FileConf struct {
	Debug      bool   `json:"debug"`
	CertFile   string `json:"certFile"`
	KeyFile    string `json:"keyFile"`
	CaFile     string `json:"caFile"`
	AuthAddr   string `json:"authAddr"`
	CommAddr   string `json:"commAddr"`
	PolicyAddr string `json:"policyAddr"`
	PolicyPass string `json:"policyPass"`
}

type HisBaitItem 

type HisBaitItem struct {
	Enabled         bool
	User            string
	Pass            string
	Addr            string
	Port            string
	Url             string
	RemotePath      string
	LocalPath       string
	Command         string
	Htype           string
	DbName          string
	Accesskeyid     string
	RegionId        string
	Secretaccesskey string
}

type HisBaitPolicy 

type HisBaitPolicy struct {
	BashHistoryPath string
	RandomLine      string
	Enabled         bool
	Honeybits       []HisBaitItem
}

* History诱饵的策略数据结构

type ICMP 

type ICMP struct {
	Type        uint8
	Code        uint8
	Checksum    uint16
	Identifier  uint16
	SequenceNum uint16
}

type Message 

type Message struct {
	Agentid string `json:"agentid"`
	Data    string `json:"data"`
}

type Msg 

type Msg struct {
	// contains filtered or unexported fields
}

type Pid 

type Pid struct {
	Name   string
	Id     int
	Result string
	Mode   string
}

func StartProject 

func StartProject(projectPath, mode, nickName string) (Pid, error)

func (Pid) KillSelf 

func (p Pid) KillSelf() error

* 先主动Kill 然后标记Kill(清除Process-Table)

type Plugin 

type Plugin struct {
	Modname    string `json:"modname"`
	Enable     string `json:"enable"`
	Updatetime string `json:"updatetime"`
	Data       string `json:"data"`
}

type Policy 

type Policy struct {
	Agentid  string   `json:"agentid"`
	Policyid string   `json:"policyid"`
	Md5sum   string   `json:"md5sum"`
	Plugins  []Plugin `json:"plugins"`
}

type ProxyStrategy 

type ProxyStrategy struct {
	BasePolicy

	ListenPort int
	ServerType string
	HoneyIP    string
	HoneyPort  int
	Pid        int    // hosteye agent 自有
	Path       string // 中继代理才有
	Date       string
	SecCenter  string
}

type RedisServer 

type RedisServer struct {
	// contains filtered or unexported fields
}

func NewRedis 

func NewRedis(redisHost, redisAuth string) *RedisServer

NewRedis ...

func (*RedisServer) Listen 

func (rs *RedisServer) Listen(pool *redis.Pool, key string, message chan redis.Message) error

func (*RedisServer) ListenChannel 

func (rs *RedisServer) ListenChannel(pool *redis.Pool, key string, message chan redis.Message)

func (*RedisServer) NewPool 

func (rs *RedisServer) NewPool() *redis.Pool

func (*RedisServer) PublishMsg 

func (rs *RedisServer) PublishMsg(pool *redis.Pool, key, value string)

type SshKeyBody 

type SshKeyBody struct {
	SshKey  string `json:"ssh_key"`
	AgentId string `json:"agentid"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.