aboutsummaryrefslogtreecommitdiffstats
path: root/listener/godo.go
diff options
context:
space:
mode:
Diffstat (limited to 'listener/godo.go')
-rw-r--r--listener/godo.go37
1 files changed, 29 insertions, 8 deletions
diff --git a/listener/godo.go b/listener/godo.go
index 8d82231..0e1dc73 100644
--- a/listener/godo.go
+++ b/listener/godo.go
@@ -18,14 +18,15 @@ import (
18 18
19var ( 19var (
20 fs = flag.NewFlagSet("audit", flag.ExitOnError) 20 fs = flag.NewFlagSet("audit", flag.ExitOnError)
21 diag = fs.String("diag", "", "dump raw information from kernel to file") 21 diag = fs.String("diag", "godo.log", "dump raw information from kernel to file")
22 rate = fs.Uint("rate", 0, "rate limit in kernel (default 0, no rate limit)") 22 rate = fs.Uint("rate", 0, "rate limit in kernel (default 0, no rate limit)")
23 backlog = fs.Uint("backlog", 8192, "backlog limit") 23 backlog = fs.Uint("backlog", 1<<30, "backlog limit")
24 immutable = fs.Bool("immutable", false, "make kernel audit settings immutable (requires reboot to undo)") 24 immutable = fs.Bool("immutable", false, "make kernel audit settings immutable (requires reboot to undo)")
25 receiveOnly = fs.Bool("ro", false, "receive only using multicast, requires kernel 3.16+") 25 receiveOnly = fs.Bool("ro", false, "receive only using multicast, requires kernel 3.16+")
26 mongoURI = fs.String("mongo", "localhost:27017", "mongo database uri")
26) 27)
27 28
28const bufferPages = 100 29const bufferPages = 1000
29 30
30func main() { 31func main() {
31 // 检查用户身份,并添加auditd规则,监听所有syscall 32 // 检查用户身份,并添加auditd规则,监听所有syscall
@@ -41,7 +42,6 @@ func main() {
41 } 42 }
42 43
43 exec.Command("auditctl", "-D").Run() 44 exec.Command("auditctl", "-D").Run()
44 exec.Command("auditctl", "-b", "1000000000").Run()
45 exec.Command("auditctl", "--reset-lost").Run() 45 exec.Command("auditctl", "--reset-lost").Run()
46 46
47 var auditCmd *exec.Cmd 47 var auditCmd *exec.Cmd
@@ -78,24 +78,45 @@ func main() {
78 } 78 }
79} 79}
80 80
81func coroutine(client *libaudit.AuditClient) { 81func coroutine(client *libaudit.AuditClient) error {
82 // 各协程至此开始 82 // 各协程至此开始
83 bufferSize := bufferPages * syscall.Getpagesize() 83 bufferSize := bufferPages * syscall.Getpagesize()
84 rawChan = make(chan interface{}, bufferSize) 84 rawChan = make(chan interface{}, bufferSize)
85 cookedChan = make(chan Event, bufferSize) 85 cookedChan = make(chan Event, bufferSize)
86 86
87 var err error
88 if err = pidCol.init(dbName, pidColName); err != nil {
89 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
90 return err
91 }
92 if err = initPidCol(); err != nil {
93 fmt.Fprintf(os.Stderr, "Err while initing pidcol: %v\n", err)
94 }
95
96 if err = fdCol.init(dbName, fdColName); err != nil {
97 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
98 return err
99 }
100 if err = fileCol.init(dbName, fileColName); err != nil {
101 fmt.Fprintf(os.Stderr, "Error while initing the mongodb: %v\n", err)
102 }
103
104 defer pidCol.Disconnect()
105 defer fdCol.Disconnect()
106 defer fileCol.Disconnect()
107
108 wg.Add(1)
109 go deal()
87 wg.Add(1) 110 wg.Add(1)
88 go procWatch() 111 go procWatch()
89
90 wg.Add(1) 112 wg.Add(1)
91 go receive(client) 113 go receive(client)
92 wg.Add(1) 114 wg.Add(1)
93 go orgnaze() 115 go orgnaze()
94 wg.Add(1)
95 go deal()
96 116
97 wg.Wait() 117 wg.Wait()
98 time.Sleep(2 * time.Second) 118 time.Sleep(2 * time.Second)
119 return nil
99} 120}
100 121
101func procWatch() error { 122func procWatch() error {
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-10 00:26:30 +0800