file_integrity

package
v6.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 1, 2018 License: Apache-2.0 Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source
const (
	None               Action = 0
	AttributesModified        = 1 << (iota - 1)
	Created
	Deleted
	Updated
	Moved
	ConfigChange
)

List of possible Actions.

Variables

This section is empty.

Functions

func GetFileOrigin

func GetFileOrigin(fileName string) ([]string, error)

GetFileOrigin is not supported in this platform and always returns an empty list and no error.

func New

func New(base mb.BaseMetricSet) (mb.MetricSet, error)

New returns a new file.MetricSet.

Types

type Action

type Action uint8

Action is a description of the changes described by an event.

func (Action) InAnyOrder

func (action Action) InAnyOrder() ActionArray

func (Action) InOrder

func (action Action) InOrder(existedBefore, existsNow bool) ActionArray

func (Action) MarshalText

func (action Action) MarshalText() ([]byte, error)

MarshalText marshals the Action to a textual representation of itself.

func (Action) String

func (action Action) String() string

type ActionArray

type ActionArray []Action

ActionArray is just syntactic sugar to invoke methods on []Action receiver

func (ActionArray) StringArray

func (actions ActionArray) StringArray() []string

type Config

type Config struct {
	Paths               []string        `config:"paths" validate:"required"`
	HashTypes           []HashType      `config:"hash_types"`
	MaxFileSize         string          `config:"max_file_size"`
	MaxFileSizeBytes    uint64          `config:",ignore"`
	ScanAtStart         bool            `config:"scan_at_start"`
	ScanRatePerSec      string          `config:"scan_rate_per_sec"`
	ScanRateBytesPerSec uint64          `config:",ignore"`
	Recursive           bool            `config:"recursive"` // Recursive enables recursive monitoring of directories.
	ExcludeFiles        []match.Matcher `config:"exclude_files"`
}

Config contains the configuration parameters for the file integrity metricset.

func (*Config) IsExcludedPath

func (c *Config) IsExcludedPath(path string) bool

IsExcludedPath checks if a path matches the exclude_files regular expressions.

func (*Config) Validate

func (c *Config) Validate() error

Validate validates the config data and return an error explaining all the problems with the config. This method modifies the given config.

type Digest

type Digest []byte

Digest is a output of a hash function.

func (Digest) MarshalText

func (d Digest) MarshalText() ([]byte, error)

MarshalText encodes the digest to a hexadecimal representation of itself.

func (Digest) String

func (d Digest) String() string

String returns the digest value in lower-case hexadecimal form.

type Event

type Event struct {
	Timestamp  time.Time           `json:"timestamp"`             // Time of event.
	Path       string              `json:"path"`                  // The path associated with the event.
	TargetPath string              `json:"target_path,omitempty"` // Target path for symlinks.
	Info       *Metadata           `json:"info"`                  // File metadata (if the file exists).
	Source     Source              `json:"source"`                // Source of the event.
	Action     Action              `json:"action"`                // Action (like created, updated).
	Hashes     map[HashType]Digest `json:"hash,omitempty"`        // File hashes.
	// contains filtered or unexported fields
}

Event describe the filesystem change and includes metadata about the file.

func NewEvent

func NewEvent(
	path string,
	action Action,
	source Source,
	maxFileSize uint64,
	hashTypes []HashType,
) Event

NewEvent creates a new Event. Any errors that occur are included in the returned Event.

func NewEventFromFileInfo

func NewEventFromFileInfo(
	path string,
	info os.FileInfo,
	err error,
	action Action,
	source Source,
	maxFileSize uint64,
	hashTypes []HashType,
) Event

NewEventFromFileInfo creates a new Event based on data from a os.FileInfo object that has already been created. Any errors that occur are included in the returned Event.

type EventProducer

type EventProducer interface {
	// Start starts the event producer and writes events to the returned
	// channel. When the producer is finished it will close the returned
	// channel. If the returned event channel is not drained the producer will
	// block (possibly causing data loss). The producer can be stopped
	// prematurely by closing the provided done channel. An error is returned
	// if the producer fails to start.
	Start(done <-chan struct{}) (<-chan Event, error)
}

EventProducer produces events.

func NewEventReader

func NewEventReader(c Config) (EventProducer, error)

func NewFileSystemScanner

func NewFileSystemScanner(c Config) (EventProducer, error)

NewFileSystemScanner creates a new EventProducer instance that scans the configured file paths.

type HashType

type HashType string

HashType identifies a cryptographic algorithm.

const (
	BLAKE2B_256 HashType = "blake2b_256"
	BLAKE2B_384 HashType = "blake2b_384"
	BLAKE2B_512 HashType = "blake2b_512"
	MD5         HashType = "md5"
	SHA1        HashType = "sha1"
	SHA224      HashType = "sha224"
	SHA256      HashType = "sha256"
	SHA384      HashType = "sha384"
	SHA3_224    HashType = "sha3_224"
	SHA3_256    HashType = "sha3_256"
	SHA3_384    HashType = "sha3_384"
	SHA3_512    HashType = "sha3_512"
	SHA512      HashType = "sha512"
	SHA512_224  HashType = "sha512_224"
	SHA512_256  HashType = "sha512_256"
)

Enum of hash types.

func (*HashType) Unpack

func (t *HashType) Unpack(v string) error

Unpack unpacks a string to a HashType for config parsing.

type Metadata

type Metadata struct {
	Inode  uint64      `json:"inode"`
	UID    uint32      `json:"uid"`
	GID    uint32      `json:"gid"`
	SID    string      `json:"sid"`
	Owner  string      `json:"owner"`
	Group  string      `json:"group"`
	Size   uint64      `json:"size"`
	MTime  time.Time   `json:"mtime"`  // Last modification time.
	CTime  time.Time   `json:"ctime"`  // Last metadata change time.
	Type   Type        `json:"type"`   // File type (dir, file, symlink).
	Mode   os.FileMode `json:"mode"`   // Permissions
	SetUID bool        `json:"setuid"` // setuid bit (POSIX only)
	SetGID bool        `json:"setgid"` // setgid bit (POSIX only)
	Origin []string    `json:"origin"` // External origin info for the file (MacOS only)
}

Metadata contains file metadata.

type MetricSet

type MetricSet struct {
	mb.BaseMetricSet
	// contains filtered or unexported fields
}

MetricSet for monitoring file integrity.

func (*MetricSet) Close

func (ms *MetricSet) Close() error

Close cleans up the MetricSet when it finishes.

func (*MetricSet) Run

func (ms *MetricSet) Run(reporter mb.PushReporterV2)

Run runs the MetricSet. The method will not return control to the caller until it is finished (to stop it close the reporter.Done() channel).

type Source

type Source uint8

Source identifies the source of an event (i.e. what triggered it).

const (
	// SourceScan identifies events triggerd by a file system scan.
	SourceScan Source = iota
	// SourceFSNotify identifies events triggered by a notification from the
	// file system.
	SourceFSNotify
)

func (Source) MarshalText

func (s Source) MarshalText() ([]byte, error)

MarshalText marshals the Source to a textual representation of itself.

func (Source) String

func (s Source) String() string

type Type

type Type uint8

Type identifies the file type (e.g. dir, file, symlink).

const (
	UnknownType Type = iota // Typically seen in deleted notifications where the object is gone.
	FileType
	DirType
	SymlinkType
)

Enum of possible file.Types.

func (Type) MarshalText

func (t Type) MarshalText() ([]byte, error)

MarshalText marshals the Type to a textual representation of itself.

func (Type) String

func (t Type) String() string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL