aboutsummaryrefslogtreecommitdiffstats
path: root/listener
diff options
context:
space:
mode:
authorWe-unite <3205135446@qq.com>2024-09-02 16:45:07 +0800
committerWe-unite <3205135446@qq.com>2024-09-02 16:45:07 +0800
commit08207d77be79afc6f75d1611726b92bdf622717f (patch)
tree918991217807ff18025b998407b87bcd31d4ddc3 /listener
parentf9f8f35ccd8b505a827d40f95c52ed039512b79d (diff)
downloadgodo-08207d77be79afc6f75d1611726b92bdf622717f.tar.gz
godo-08207d77be79afc6f75d1611726b92bdf622717f.zip
Show filt result in tree&json, fix sth in listenerHEADmasterdev
In the listener, I change the order coroutines are started to avoid 'send on a closed channel'. Besides, the method to get syscall names and numbers are not so universial, so let's go back to check unistd.h. In the filter, the output is set to be written to ./log dir. Pid tree are shown in logs/tree.log, and detail info in pids.log, while file info in the logs/files.log. tree.log shows a tree just like `tree` command, the other two files are written in json. What's more, the flags while opening files are also checked ans showed in files.log.
Diffstat (limited to 'listener')
-rw-r--r--listener/basefunc.go54
-rw-r--r--listener/godo.go4
2 files changed, 32 insertions, 26 deletions
diff --git a/listener/basefunc.go b/listener/basefunc.go
index 2f39507..dcaf68a 100644
--- a/listener/basefunc.go
+++ b/listener/basefunc.go
@@ -4,46 +4,52 @@ import (
4 "bufio" 4 "bufio"
5 "fmt" 5 "fmt"
6 "os" 6 "os"
7 "os/exec"
8 "path/filepath" 7 "path/filepath"
8 "regexp"
9 "strconv" 9 "strconv"
10 "strings" 10 "strings"
11 "time" 11 "time"
12) 12)
13 13
14func figureOutSyscalls() error { 14func figureOutSyscalls() error {
15 cmd := exec.Command("ausyscall", "--dump") 15 var targetFile string
16 stdout, err := cmd.StdoutPipe() 16 err := filepath.Walk("/usr/include", func(path string, info os.FileInfo, err error) error {
17 if err != nil {
18 return err
19 }
20 if strings.HasSuffix(path, "asm/unistd_64.h") {
21 targetFile = path
22 return filepath.SkipDir // 找到后提前退出遍历
23 }
24 return nil
25 })
17 if err != nil { 26 if err != nil {
18 return err 27 return err
19 } 28 }
20 29
21 if err := cmd.Start(); err != nil { 30 // 如果没有找到目标文件
31 if targetFile == "" {
32 return fmt.Errorf("file asm/unistd_64.h not found in /usr/include")
33 }
34
35 NRRegex := regexp.MustCompile(`#define __NR_(.*?) (\d+)$`)
36 file, err := os.Open("/usr/include/asm/unistd_64.h")
37 if err != nil {
22 return err 38 return err
23 } 39 }
40 defer file.Close()
24 41
25 scanner := bufio.NewScanner(stdout) 42 scanner := bufio.NewScanner(file)
26 for i := 0; scanner.Scan(); i++ { 43 for scanner.Scan() {
27 if i == 0 {
28 continue
29 }
30 line := scanner.Text() 44 line := scanner.Text()
31 parts := strings.Split(line, "\t") 45 if NRRegex.MatchString(line) {
32 if len(parts) != 2 { 46 match := NRRegex.FindStringSubmatch(line)
33 return fmt.Errorf("invalid ausyscall format") 47 num, err := strconv.Atoi(match[2])
48 if err != nil {
49 return err
50 }
51 syscallTable[num] = match[1]
34 } 52 }
35 num, err := strconv.Atoi(parts[0])
36 if err != nil {
37 return err
38 }
39 syscallTable[num] = parts[1]
40 }
41
42 if err := scanner.Err(); err != nil {
43 return err
44 }
45 if err := cmd.Wait(); err != nil {
46 return err
47 } 53 }
48 return nil 54 return nil
49} 55}
diff --git a/listener/godo.go b/listener/godo.go
index 0e1dc73..4f09b67 100644
--- a/listener/godo.go
+++ b/listener/godo.go
@@ -108,11 +108,11 @@ func coroutine(client *libaudit.AuditClient) error {
108 wg.Add(1) 108 wg.Add(1)
109 go deal() 109 go deal()
110 wg.Add(1) 110 wg.Add(1)
111 go procWatch()
112 wg.Add(1)
113 go receive(client) 111 go receive(client)
114 wg.Add(1) 112 wg.Add(1)
115 go orgnaze() 113 go orgnaze()
114 wg.Add(1)
115 go procWatch()
116 116
117 wg.Wait() 117 wg.Wait()
118 time.Sleep(2 * time.Second) 118 time.Sleep(2 * time.Second)
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-10 00:22:06 +0800