diff options
author | We-unite <3205135446@qq.com> | 2024-08-19 19:41:01 +0800 |
---|---|---|
committer | We-unite <3205135446@qq.com> | 2024-08-22 14:12:01 +0800 |
commit | f9f8f35ccd8b505a827d40f95c52ed039512b79d (patch) | |
tree | 241c393f6b865958191df802cd112f26d40dddc4 /listener/godo.go | |
parent | ae4957b41156d576e849ec0424edd4d89d8d49f2 (diff) | |
download | godo-f9f8f35ccd8b505a827d40f95c52ed039512b79d.tar.gz godo-f9f8f35ccd8b505a827d40f95c52ed039512b79d.zip |
Write documents of the program.
Add README.md on the design of the whole program, and how its every
part(listener, filter) works, finally how to compile and use them.
Besides, notes.md records the things and technology learned in this
program, such as how to read kernel src, how the pthread_create/fork/
clone syscall works on processes and threads, the techs used to make
docker container works well, and books to be read. Good good study,
day day up.
Diffstat (limited to '')
-rw-r--r-- | listener/godo.go | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/listener/godo.go b/listener/godo.go index 8d82231..0e1dc73 100644 --- a/listener/godo.go +++ b/listener/godo.go | |||
@@ -18,14 +18,15 @@ import ( | |||
18 | 18 | ||
19 | var ( | 19 | var ( |
20 | fs = flag.NewFlagSet("audit", flag.ExitOnError) | 20 | fs = flag.NewFlagSet("audit", flag.ExitOnError) |
21 | diag = fs.String("diag", "", "dump raw information from kernel to file") | 21 | diag = fs.String("diag", "godo.log", "dump raw information from kernel to file") |
22 | rate = fs.Uint("rate", 0, "rate limit in kernel (default 0, no rate limit)") | 22 | rate = fs.Uint("rate", 0, "rate limit in kernel (default 0, no rate limit)") |
23 | backlog = fs.Uint("backlog", 8192, "backlog limit") | 23 | backlog = fs.Uint("backlog", 1<<30, "backlog limit") |
24 | immutable = fs.Bool("immutable", false, "make kernel audit settings immutable (requires reboot to undo)") | 24 | immutable = fs.Bool("immutable", false, "make kernel audit settings immutable (requires reboot to undo)") |
25 | receiveOnly = fs.Bool("ro", false, "receive only using multicast, requires kernel 3.16+") | 25 | receiveOnly = fs.Bool("ro", false, "receive only using multicast, requires kernel 3.16+") |
26 | mongoURI = fs.String("mongo", "localhost:27017", "mongo database uri") | ||
26 | ) | 27 | ) |
27 | 28 | ||
28 | const bufferPages = 100 | 29 | const bufferPages = 1000 |
29 | 30 | ||
30 | func main() { | 31 | func main() { |
31 | // 检查用户身份,并添加auditd规则,监听所有syscall | 32 | // 检查用户身份,并添加auditd规则,监听所有syscall |
@@ -41,7 +42,6 @@ func main() { | |||
41 | } | 42 | } |
42 | 43 | ||
43 | exec.Command("auditctl", "-D").Run() | 44 | exec.Command("auditctl", "-D").Run() |
44 | exec.Command("auditctl", "-b", "1000000000").Run() | ||
45 | exec.Command("auditctl", "--reset-lost").Run() | 45 | exec.Command("auditctl", "--reset-lost").Run() |
46 | 46 | ||
47 | var auditCmd *exec.Cmd | 47 | var auditCmd *exec.Cmd |
@@ -78,24 +78,45 @@ func main() { | |||
78 | } | 78 | } |
79 | } | 79 | } |
80 | 80 | ||
81 | func coroutine(client *libaudit.AuditClient) { | 81 | func coroutine(client *libaudit.AuditClient) error { |
82 | // 各协程至此开始 | 82 | // 各协程至此开始 |
83 | bufferSize := bufferPages * syscall.Getpagesize() | 83 | bufferSize := bufferPages * syscall.Getpagesize() |
84 | rawChan = make(chan interface{}, bufferSize) | 84 | rawChan = make(chan interface{}, bufferSize) |
85 | cookedChan = make(chan Event, bufferSize) | 85 | cookedChan = make(chan Event, bufferSize) |
86 | 86 | ||
87 | var err error | ||
88 | if err = pidCol.init(dbName, pidColName); err != nil { | ||
89 | fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err) | ||
90 | return err | ||
91 | } | ||
92 | if err = initPidCol(); err != nil { | ||
93 | fmt.Fprintf(os.Stderr, "Err while initing pidcol: %v\n", err) | ||
94 | } | ||
95 | |||
96 | if err = fdCol.init(dbName, fdColName); err != nil { | ||
97 | fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err) | ||
98 | return err | ||
99 | } | ||
100 | if err = fileCol.init(dbName, fileColName); err != nil { | ||
101 | fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err) | ||
102 | } | ||
103 | |||
104 | defer pidCol.Disconnect() | ||
105 | defer fdCol.Disconnect() | ||
106 | defer fileCol.Disconnect() | ||
107 | |||
108 | wg.Add(1) | ||
109 | go deal() | ||
87 | wg.Add(1) | 110 | wg.Add(1) |
88 | go procWatch() | 111 | go procWatch() |
89 | |||
90 | wg.Add(1) | 112 | wg.Add(1) |
91 | go receive(client) | 113 | go receive(client) |
92 | wg.Add(1) | 114 | wg.Add(1) |
93 | go orgnaze() | 115 | go orgnaze() |
94 | wg.Add(1) | ||
95 | go deal() | ||
96 | 116 | ||
97 | wg.Wait() | 117 | wg.Wait() |
98 | time.Sleep(2 * time.Second) | 118 | time.Sleep(2 * time.Second) |
119 | return nil | ||
99 | } | 120 | } |
100 | 121 | ||
101 | func procWatch() error { | 122 | func procWatch() error { |