diff options
author | We-unite <3205135446@qq.com> | 2024-07-26 15:20:45 +0800 |
---|---|---|
committer | We-unite <3205135446@qq.com> | 2024-07-26 15:20:45 +0800 |
commit | b765715b4795ce4bc8940c7b1a1092a78550de94 (patch) | |
tree | 2e81f5f914b59f332e54d6802c942224d5f37ff6 /src/global.go | |
parent | fc61a4a525846fa31ee2288df4e82f745bb39c95 (diff) | |
download | godo-b765715b4795ce4bc8940c7b1a1092a78550de94.tar.gz godo-b765715b4795ce4bc8940c7b1a1092a78550de94.zip |
The 1st prompt to record file changed by process
To record it, we must listen to open/write and several syscalls,
and now I've add open into the 2nd coroutine. In syscall open,
what we should do is to judge the permission flag (the 2nd param
in the syscall), to find out if it can write to the file. If so,
the exit code is its file descriptor, and when write is called, the
audit shows only file descriptor but no file name.
So the next step is to add things into 3rd coroutine, to make the
whole program running again, and find out bugs.
Diffstat (limited to '')
-rw-r--r-- | src/global.go | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/src/global.go b/src/global.go index c3001ab..3ddbc79 100644 --- a/src/global.go +++ b/src/global.go | |||
@@ -5,23 +5,35 @@ import ( | |||
5 | "time" | 5 | "time" |
6 | ) | 6 | ) |
7 | 7 | ||
8 | type eventType int | ||
9 | |||
10 | const ( | ||
11 | NEWPID eventType = iota | ||
12 | PIDEXIT | ||
13 | FILEOPEN | ||
14 | FILEWRITE | ||
15 | TYPENUM | ||
16 | ) | ||
17 | |||
8 | type Event struct { | 18 | type Event struct { |
9 | timestamp time.Time | 19 | tag eventType |
10 | pid, ppid int | 20 | timestamp time.Time |
11 | syscall int | 21 | pid, ppid int |
12 | exit_code uint64 | 22 | syscall int |
13 | argc int | 23 | exit_code uint64 |
14 | argv []string | 24 | argc int |
15 | cwd string | 25 | argv []string |
26 | cwd string | ||
27 | syscallParam [4]uint64 | ||
28 | pathName string | ||
16 | } | 29 | } |
17 | 30 | ||
18 | type process struct { | 31 | func (et eventType) String() string { |
19 | timestamp time.Time | 32 | names := []string{"newPid", "pidExit", "open", "write", "typeNum"} |
20 | pid, ppid int | 33 | if et < NEWPID || et > TYPENUM { |
21 | argv []string | 34 | return "Unknown" |
22 | cwd string | 35 | } |
23 | rootfs string | 36 | return names[et] |
24 | children []int | ||
25 | } | 37 | } |
26 | 38 | ||
27 | var wg sync.WaitGroup // 掌管协程 | 39 | var wg sync.WaitGroup // 掌管协程 |