1 files changed, 84 insertions, 0 deletions
diff --git a/listener/global.go b/listener/global.go
new file mode 100644
index 0000000..11b18bf
--- /dev/null
+++ b/listener/global.go
@@ -0,0 +1,84 @@
+package main
+import (
+        "sync"
+        "time"
+)
+type eventType int
+const (
+        NEWPID eventType = iota
+        PIDEXIT
+        EXECVE
+        FILEOPEN
+        FILECLOSE
+        FILEWRITE
+        PIVOTROOT
+        TYPENUM
+)
+func (et eventType) String() string {
+        names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILECLOSE", "FILEWRITE", "PIVOTROOT", "TYPENUM"}
+        if et < NEWPID || et > TYPENUM {
+                return "Unknown"
+        }
+        return names[et]
+}
+type Event struct {
+        tag              eventType
+        timestamp        time.Time
+        pid, tgid        int
+        ppid, parentTgid int
+        syscall          int
+        syscallParam     [4]uint64
+        argc             int
+        argv             []string
+        comm             string
+        cwd              string
+        exit_code        int
+        exit_signal      int
+        srcPath          string
+        destPath         string
+}
+var wg sync.WaitGroup        // 掌管协程
+var rawChan chan interface{} // 从接收到整理的管道
+var cookedChan chan Event    // 整理好的信息的管道
+var syscallTable [500]string //记录一下系统调用
+var containerdPid int
+// 插入到数据库的结构
+type Exec struct {
+        Timestamp time.Time `bson:"timestamp"`
+        ExecArgs  []string  `bson:"execArgs"`
+}
+type Process struct {
+        Star           bool      `bson:"star"`
+        StartTimestamp time.Time `bson:"start_timestamp"`
+        Ppid           int       `bson:"ppid"`
+        ParentTgid     int       `bson:"parentTgid"`
+        Pid            int       `bson:"pid"`
+        Tgid           int       `bson:"tgid"`
+        Args           []string  `bson:"args"`
+        Comm           string    `bson:"comm"`
+        RootFS         string    `bson:"rootfs"`
+        Cwd            string    `bson:"cwd"`
+        Children       []int     `bson:"children"`
+        Execve         []Exec    `bson:"execve"`
+        ExitCode       int       `bson:"exit_code"`
+        ExitSignal     int       `bson:"exit_signal"`
+        ExitTimestamp  time.Time `bson:"exit_timestamp"`
+}
+type File struct {
+        OpenTimestamp  time.Time   `bson:"timestamp"`
+        FileName       string      `bson:"fileName"`
+        Pid            int         `bson:"pid"`
+        Fd             int         `bson:"fd"`
+        Flags          [4]uint64   `bson:"flags"`
+        Written        []time.Time `bson:"written"`
+        CloseTimestamp time.Time   `bson:"close_timestamp"`
+}

diff --git a/listener/global.go b/listener/global.go new file mode 100644 index 0000000..11b18bf --- /dev/null +++ b/listener/global.go
@@ -0,0 +1,84 @@
	1	package main
	2
	3	import (
	4	"sync"
	5	"time"
	6	)
	7
	8	type eventType int
	9
	10	const (
	11	NEWPID eventType = iota
	12	PIDEXIT
	13	EXECVE
	14	FILEOPEN
	15	FILECLOSE
	16	FILEWRITE
	17	PIVOTROOT
	18	TYPENUM
	19	)
	20
	21	func (et eventType) String() string {
	22	names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILECLOSE", "FILEWRITE", "PIVOTROOT", "TYPENUM"}
	23	if et < NEWPID \|\| et > TYPENUM {
	24	return "Unknown"
	25	}
	26	return names[et]
	27	}
	28
	29	type Event struct {
	30	tag eventType
	31	timestamp time.Time
	32	pid, tgid int
	33	ppid, parentTgid int
	34	syscall int
	35	syscallParam [4]uint64
	36	argc int
	37	argv []string
	38	comm string
	39	cwd string
	40	exit_code int
	41	exit_signal int
	42	srcPath string
	43	destPath string
	44	}
	45
	46	var wg sync.WaitGroup // 掌管协程
	47	var rawChan chan interface{} // 从接收到整理的管道
	48	var cookedChan chan Event // 整理好的信息的管道
	49	var syscallTable [500]string //记录一下系统调用
	50	var containerdPid int
	51
	52	// 插入到数据库的结构
	53	type Exec struct {
	54	Timestamp time.Time `bson:"timestamp"`
	55	ExecArgs []string `bson:"execArgs"`
	56	}
	57
	58	type Process struct {
	59	Star bool `bson:"star"`
	60	StartTimestamp time.Time `bson:"start_timestamp"`
	61	Ppid int `bson:"ppid"`
	62	ParentTgid int `bson:"parentTgid"`
	63	Pid int `bson:"pid"`
	64	Tgid int `bson:"tgid"`
	65	Args []string `bson:"args"`
	66	Comm string `bson:"comm"`
	67	RootFS string `bson:"rootfs"`
	68	Cwd string `bson:"cwd"`
	69	Children []int `bson:"children"`
	70	Execve []Exec `bson:"execve"`
	71	ExitCode int `bson:"exit_code"`
	72	ExitSignal int `bson:"exit_signal"`
	73	ExitTimestamp time.Time `bson:"exit_timestamp"`
	74	}
	75
	76	type File struct {
	77	OpenTimestamp time.Time `bson:"timestamp"`
	78	FileName string `bson:"fileName"`
	79	Pid int `bson:"pid"`
	80	Fd int `bson:"fd"`
	81	Flags [4]uint64 `bson:"flags"`
	82	Written []time.Time `bson:"written"`
	83	CloseTimestamp time.Time `bson:"close_timestamp"`
	84	}