summaryrefslogtreecommitdiffstats
path: root/src/godo.go
diff options
context:
space:
mode:
authorWe-unite <3205135446@qq.com>2024-07-29 11:46:02 +0800
committerWe-unite <3205135446@qq.com>2024-07-29 11:46:02 +0800
commita345258c3082903702c81c6c830ff1fd35758861 (patch)
treea8521e954630b299c85adc10182ee3470a982415 /src/godo.go
parentec260a31927ef77295eaa07ba370b58b416f47f5 (diff)
downloadgodo-a345258c3082903702c81c6c830ff1fd35758861.tar.gz
godo-a345258c3082903702c81c6c830ff1fd35758861.zip
Hear file Open and close, especially O_TRUNC
this commit i successfully catch open/close syscall, and insert them as an independent collection in mongodb otherwise along with pids. and now I've record those open flag "O_TRUNC" as written.
Diffstat (limited to '')
-rw-r--r--src/godo.go11
1 files changed, 6 insertions, 5 deletions
diff --git a/src/godo.go b/src/godo.go
index 2a00dad..0edcc9f 100644
--- a/src/godo.go
+++ b/src/godo.go
@@ -44,12 +44,13 @@ func main() {
44 auditCmd.Run() 44 auditCmd.Run()
45 } 45 }
46 46
47 // // 监听文件的消息 47 // 监听文件的消息
48 fileSyscall := []string{"open", "write", "close"}
48 // fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"} 49 // fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"}
49 // for i := 0; i < len(fileSyscall); i++ { 50 for i := 0; i < len(fileSyscall); i++ {
50 // auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i]) 51 auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", fileSyscall[i])
51 // auditCmd.Run() 52 auditCmd.Run()
52 // } 53 }
53 54
54 // 查找pid 55 // 查找pid
55 containerdPid, err = getPid() 56 containerdPid, err = getPid()