Versions in this module Expand all Collapse all v1 v1.0.14 Mar 8, 2023 v1.0.13 Mar 8, 2023 v1.0.12 Mar 6, 2023 v1.0.11 Mar 6, 2023 v1.0.10 Mar 6, 2023 v1.0.9 Mar 6, 2023 v1.0.8 Mar 6, 2023 v1.0.7 Mar 6, 2023 v1.0.6 Mar 3, 2023 v1.0.5 Mar 3, 2023 v1.0.4 Mar 3, 2023 v1.0.3 Mar 3, 2023 v1.0.2 Mar 3, 2023 v1.0.1 Mar 3, 2023 v1.0.0 Mar 3, 2023 Changes in this version + const FANOTIFY_METADATA_VERSION + const FAN_ACCESS + const FAN_ACCESS_PERM + const FAN_ALLOW + const FAN_ALL_CLASS_BITS + const FAN_ALL_EVENTS + const FAN_ALL_INIT_FLAGS + const FAN_ALL_MARK_FLAGS + const FAN_ALL_OUTGOING_EVENTS + const FAN_ALL_PERM_EVENTS + const FAN_CLASS_CONTENT + const FAN_CLASS_NOTIF + const FAN_CLASS_PRE_CONTENT + const FAN_CLOEXEC + const FAN_CLOSE + const FAN_CLOSE_NOWRITE + const FAN_CLOSE_WRITE + const FAN_DENY + const FAN_EVENT_ON_CHILD + const FAN_MARK_ADD + const FAN_MARK_DONT_FOLLOW + const FAN_MARK_FLUSH + const FAN_MARK_IGNORED_MASK + const FAN_MARK_IGNORED_SURV_MODIFY + const FAN_MARK_MOUNT + const FAN_MARK_ONLYDIR + const FAN_MARK_REMOVE + const FAN_MODIFY + const FAN_NOFD + const FAN_NONBLOCK + const FAN_ONDIR + const FAN_OPEN + const FAN_OPEN_PERM + const FAN_Q_OVERFLOW + const FAN_UNLIMITED_MARKS + const FAN_UNLIMITED_QUEUE + var DefaultContainerConf share.CLUSFileMonitorProfile = share.CLUSFileMonitorProfile + var ImportantFiles []share.CLUSFileMonitorFilter = []share.CLUSFileMonitorFilter + func ParseMonitorPath(path string) (int, string, error) — linux/amd64 + type EstimateRuleSrcCallback func(id, path string, bBlocked bool) string + type EventMetadata struct + File *os.File + Len uint32 + Mask uint64 + MetadataLen uint16 + Pid int32 + Reserved uint8 + Version uint8 + type FaMonProbeData struct + NDirMarks int + NDirs int + NMntRoots int + NPaths int + NRoots int + NRules int + type FaNotify struct — linux/amd64 + func NewFaNotify(endFaChan chan bool, cb PidLookupCallback, sys *system.SystemTools) (*FaNotify, error) + func (fn *FaNotify) AddMonitorDirFile(path string, filter interface{}, protect, userAdded bool, ...) bool + func (fn *FaNotify) AddMonitorFile(path string, filter interface{}, protect, userAdded bool, cb NotifyCallback, ...) bool + func (fn *FaNotify) AddMonitorFileOnTheFly(path string, filter interface{}, protect, userAdded bool, cb NotifyCallback, ...) bool + func (fn *FaNotify) Close() + func (fn *FaNotify) ContainerCleanup(rootPid int) + func (fn *FaNotify) GetProbeData(m *FaMonProbeData) + func (fn *FaNotify) GetWatchFileList(rootPid int) []*share.CLUSFileMonitorFile + func (fn *FaNotify) GetWatches() []*share.CLUSFileMonitorFile + func (fn *FaNotify) MonitorFileEvents() + func (fn *FaNotify) RemoveMonitorFile(path string) + func (fn *FaNotify) SetMode(rootPid int, access, perm, capBlock, bNeuvectorSvc bool) + func (fn *FaNotify) StartMonitor(rootPid int) bool + func (fn *FaNotify) UpdateAccessRule(rootPid int, conf *share.CLUSFileAccessRule) error + type FileMonitorConfig struct + EnableTrace bool + EndChan chan bool + EstRule EstimateRuleSrcCallback + IsAufs bool + PidLookup PidLookupCallback + SendAccessRule SendFileAccessRuleCallback + SendReport SendAggregateReportCallback + WalkerTask *workerlet.Tasker + type FileWatch struct + func NewFileWatcher(config *FileMonitorConfig) (*FileWatch, error) + func (w *FileWatch) AddProcessFile(id string, rootPid int, pid int) + func (w *FileWatch) Close() + func (w *FileWatch) ContainerCleanup(rootPid int) + func (w *FileWatch) GetAllFileMonitorFile() []*share.CLUSFileMonitorFile + func (w *FileWatch) GetProbeData() *FmonProbeData + func (w *FileWatch) GetWatchFileList(rootPid int) []*share.CLUSFileMonitorFile + func (w *FileWatch) HandleWatchedFiles() + func (w *FileWatch) SetMonitorTrace(bEnable bool) + func (w *FileWatch) StartWatch(id string, rootPid int, conf *FsmonConfig, capBlock, bNeuvectorSvc bool) + func (w *FileWatch) UpdateAccessRules(name string, rootPid int, conf *share.CLUSFileAccessRule) + type FmonProbeData struct + Fan FaMonProbeData + Ino IMonProbeData + NFileEvents int + NGroups int + type FsmonConfig struct + Profile *share.CLUSFileMonitorProfile + Rule *share.CLUSFileAccessRule + type IFile struct + type IMonProbeData struct + NDirs int + NPaths int + NWds int + type Inotify struct — linux/amd64 + func NewInotify() (*Inotify, error) + func (n *Inotify) AddMonitorDirFile(path string, files map[string]interface{}, cb NotifyCallback, ...) bool + func (n *Inotify) AddMonitorFile(path string, cb NotifyCallback, params interface{}) bool + func (n *Inotify) CheckMonitorFileExist(path string) (interface{}, bool) + func (n *Inotify) Close() + func (n *Inotify) ContainerCleanup(rootPid int) + func (n *Inotify) GetProbeData(m *IMonProbeData) + func (n *Inotify) GetWatchCount() uint32 + func (n *Inotify) GetWatchFileList(rootPid int) []string + func (n *Inotify) GetWatches() []string + func (n *Inotify) MonitorFileEvents() + func (n *Inotify) RemoveMonitorFile(path string) + type MonitorMessage struct + Action string + Count int + Group string + ID string + Msg string + Package bool + Path string + ProcCmds []string + ProcEUid int + ProcEUser string + ProcName string + ProcPName string + ProcPPath string + ProcPPid int + ProcPath string + ProcPid int + StartAt time.Time + type NotifyCallback func(path string, mask uint32, params interface{}, pInfo *ProcInfo) + type NotifyFD struct + func Initialize(faflags, openflags int) (*NotifyFD, error) + func (nd *NotifyFD) Close() + func (nd *NotifyFD) GetEvent() (*EventMetadata, error) + func (nd *NotifyFD) GetFd() int32 + func (nd *NotifyFD) Mark(flags int, mask uint64, dfd int, path string) error + func (nd *NotifyFD) Response(ev *EventMetadata, allow bool) error + type PidLookupCallback func(pid int) *ProcInfo — linux/amd64 + type ProcInfo struct + Cmds []string + Deny bool + EUid int + EUser string + InProfile bool + Name string + PName string + PPath string + PPid int + Path string + Pid int + RootPid int + type SendAggregateReportCallback func(fsmsg *MonitorMessage) bool + type SendFileAccessRuleCallback func(rules []*share.CLUSFileAccessRuleReq) error
Go to main page