diff options
| -rw-r--r-- | src/deal.go | 20 | ||||
| -rw-r--r-- | src/mongo.go | 16 | ||||
| -rw-r--r-- | src/organize.go | 1 |
3 files changed, 1 insertions, 36 deletions
diff --git a/src/deal.go b/src/deal.go index 1dd309c..f2b7d4b 100644 --- a/src/deal.go +++ b/src/deal.go | |||
| @@ -34,6 +34,7 @@ func deal() { | |||
| 34 | "pid": containerdPid, | 34 | "pid": containerdPid, |
| 35 | "cwd": "/", | 35 | "cwd": "/", |
| 36 | "children": []bson.M{}, | 36 | "children": []bson.M{}, |
| 37 | "daemon": true, | ||
| 37 | }) | 38 | }) |
| 38 | if err != nil { | 39 | if err != nil { |
| 39 | fmt.Printf("Error while initing the mongodb: %v\n", err) | 40 | fmt.Printf("Error while initing the mongodb: %v\n", err) |
| @@ -77,9 +78,6 @@ func deal() { | |||
| 77 | } | 78 | } |
| 78 | 79 | ||
| 79 | func deletePid(cooked Event) { | 80 | func deletePid(cooked Event) { |
| 80 | if !pidCol.GetLock() { | ||
| 81 | return | ||
| 82 | } | ||
| 83 | // 先从老爹那里销户 | 81 | // 先从老爹那里销户 |
| 84 | pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{ | 82 | pidCol.UpdateOne(bson.M{"pid": cooked.ppid}, bson.M{ |
| 85 | "$pull": bson.M{ | 83 | "$pull": bson.M{ |
| @@ -100,17 +98,9 @@ func deletePid(cooked Event) { | |||
| 100 | "exit_signal": cooked.exit_signal, | 98 | "exit_signal": cooked.exit_signal, |
| 101 | }, | 99 | }, |
| 102 | }) | 100 | }) |
| 103 | pidCol.Mutex.Unlock() | ||
| 104 | } | 101 | } |
| 105 | 102 | ||
| 106 | func dealNewPid(cooked Event) { | 103 | func dealNewPid(cooked Event) { |
| 107 | fmt.Printf("Fork\t%6d\t%6d\t%6d\t%6d\n", cooked.ppid, cooked.parentTgid, cooked.pid, cooked.tgid) | ||
| 108 | // 有无父进程在观察中 | ||
| 109 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.parentTgid}) | ||
| 110 | if err != nil || len(docRes) != 1 { | ||
| 111 | return | ||
| 112 | } | ||
| 113 | |||
| 114 | // 自身是否已经记录 | 104 | // 自身是否已经记录 |
| 115 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid}) | 105 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.pid}) |
| 116 | if err != nil { | 106 | if err != nil { |
| @@ -118,9 +108,6 @@ func dealNewPid(cooked Event) { | |||
| 118 | return | 108 | return |
| 119 | } | 109 | } |
| 120 | 110 | ||
| 121 | if !pidCol.GetLock() { | ||
| 122 | return | ||
| 123 | } | ||
| 124 | if len(docRes) != 0 { | 111 | if len(docRes) != 0 { |
| 125 | // 进程原本就存在,换言之别的消息先到了 | 112 | // 进程原本就存在,换言之别的消息先到了 |
| 126 | // 所有先行抵达的消息必须保留execve/children字段 | 113 | // 所有先行抵达的消息必须保留execve/children字段 |
| @@ -157,7 +144,6 @@ func dealNewPid(cooked Event) { | |||
| 157 | "children": cooked.pid, | 144 | "children": cooked.pid, |
| 158 | }, | 145 | }, |
| 159 | }) | 146 | }) |
| 160 | pidCol.Mutex.Unlock() | ||
| 161 | } | 147 | } |
| 162 | 148 | ||
| 163 | func dealExecve(cooked Event) { | 149 | func dealExecve(cooked Event) { |
| @@ -173,9 +159,6 @@ func dealExecve(cooked Event) { | |||
| 173 | return | 159 | return |
| 174 | } | 160 | } |
| 175 | 161 | ||
| 176 | if !pidCol.GetLock() { | ||
| 177 | return | ||
| 178 | } | ||
| 179 | if len(docRes) == 1 { | 162 | if len(docRes) == 1 { |
| 180 | // 自身已在,直接记录 | 163 | // 自身已在,直接记录 |
| 181 | pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{ | 164 | pidCol.UpdateOne(bson.M{"pid": cooked.pid}, bson.M{ |
| @@ -200,7 +183,6 @@ func dealExecve(cooked Event) { | |||
| 200 | }, | 183 | }, |
| 201 | }) | 184 | }) |
| 202 | } | 185 | } |
| 203 | pidCol.Mutex.Unlock() | ||
| 204 | } | 186 | } |
| 205 | 187 | ||
| 206 | func fileOpen(cooked Event) { | 188 | func fileOpen(cooked Event) { |
diff --git a/src/mongo.go b/src/mongo.go index 764f877..1d9f74f 100644 --- a/src/mongo.go +++ b/src/mongo.go | |||
| @@ -2,8 +2,6 @@ package main | |||
| 2 | 2 | ||
| 3 | import ( | 3 | import ( |
| 4 | "context" | 4 | "context" |
| 5 | "fmt" | ||
| 6 | "sync" | ||
| 7 | "time" | 5 | "time" |
| 8 | 6 | ||
| 9 | "go.mongodb.org/mongo-driver/bson" | 7 | "go.mongodb.org/mongo-driver/bson" |
| @@ -15,8 +13,6 @@ type mongoClient struct { | |||
| 15 | dbName, colName string | 13 | dbName, colName string |
| 16 | client *mongo.Client | 14 | client *mongo.Client |
| 17 | col *mongo.Collection | 15 | col *mongo.Collection |
| 18 | Mutex sync.Mutex | ||
| 19 | // Attention: 这把锁是否有必要? | ||
| 20 | } | 16 | } |
| 21 | 17 | ||
| 22 | func (mc *mongoClient) init(dbName, colName string) error { | 18 | func (mc *mongoClient) init(dbName, colName string) error { |
| @@ -100,15 +96,3 @@ func (mc *mongoClient) Disconnect() error { | |||
| 100 | mc.colName = "" | 96 | mc.colName = "" |
| 101 | return nil | 97 | return nil |
| 102 | } | 98 | } |
| 103 | |||
| 104 | func (mc *mongoClient) GetLock() bool { | ||
| 105 | for i := 0; i < 200000; { | ||
| 106 | if !mc.Mutex.TryLock() { | ||
| 107 | i++ | ||
| 108 | } else { | ||
| 109 | return true | ||
| 110 | } | ||
| 111 | } | ||
| 112 | fmt.Printf("Die...\n") | ||
| 113 | return false | ||
| 114 | } | ||
diff --git a/src/organize.go b/src/organize.go index 5268a90..12119ad 100644 --- a/src/organize.go +++ b/src/organize.go | |||
| @@ -47,7 +47,6 @@ func orgnaze() { | |||
| 47 | break | 47 | break |
| 48 | } | 48 | } |
| 49 | rawEvent = raw.(libaudit.RawAuditMessage) | 49 | rawEvent = raw.(libaudit.RawAuditMessage) |
| 50 | fmt.Printf("type=%v msg=%s\n", rawEvent.Type, rawEvent.Data) | ||
| 51 | 50 | ||
| 52 | switch rawEvent.Type { | 51 | switch rawEvent.Type { |
| 53 | case auparse.AUDIT_SYSCALL: | 52 | case auparse.AUDIT_SYSCALL: |