aboutsummaryrefslogtreecommitdiffstats
path: root/listener
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--listener/basefunc.go54
-rw-r--r--listener/godo.go4
2 files changed, 32 insertions, 26 deletions
diff --git a/listener/basefunc.go b/listener/basefunc.go
index 2f39507..dcaf68a 100644
--- a/listener/basefunc.go
+++ b/listener/basefunc.go
@@ -4,46 +4,52 @@ import (
4 "bufio" 4 "bufio"
5 "fmt" 5 "fmt"
6 "os" 6 "os"
7 "os/exec"
8 "path/filepath" 7 "path/filepath"
8 "regexp"
9 "strconv" 9 "strconv"
10 "strings" 10 "strings"
11 "time" 11 "time"
12) 12)
13 13
14func figureOutSyscalls() error { 14func figureOutSyscalls() error {
15 cmd := exec.Command("ausyscall", "--dump") 15 var targetFile string
16 stdout, err := cmd.StdoutPipe() 16 err := filepath.Walk("/usr/include", func(path string, info os.FileInfo, err error) error {
17 if err != nil {
18 return err
19 }
20 if strings.HasSuffix(path, "asm/unistd_64.h") {
21 targetFile = path
22 return filepath.SkipDir // 找到后提前退出遍历
23 }
24 return nil
25 })
17 if err != nil { 26 if err != nil {
18 return err 27 return err
19 } 28 }
20 29
21 if err := cmd.Start(); err != nil { 30 // 如果没有找到目标文件
31 if targetFile == "" {
32 return fmt.Errorf("file asm/unistd_64.h not found in /usr/include")
33 }
34
35 NRRegex := regexp.MustCompile(`#define __NR_(.*?) (\d+)$`)
36 file, err := os.Open("/usr/include/asm/unistd_64.h")
37 if err != nil {
22 return err 38 return err
23 } 39 }
40 defer file.Close()
24 41
25 scanner := bufio.NewScanner(stdout) 42 scanner := bufio.NewScanner(file)
26 for i := 0; scanner.Scan(); i++ { 43 for scanner.Scan() {
27 if i == 0 {
28 continue
29 }
30 line := scanner.Text() 44 line := scanner.Text()
31 parts := strings.Split(line, "\t") 45 if NRRegex.MatchString(line) {
32 if len(parts) != 2 { 46 match := NRRegex.FindStringSubmatch(line)
33 return fmt.Errorf("invalid ausyscall format") 47 num, err := strconv.Atoi(match[2])
48 if err != nil {
49 return err
50 }
51 syscallTable[num] = match[1]
34 } 52 }
35 num, err := strconv.Atoi(parts[0])
36 if err != nil {
37 return err
38 }
39 syscallTable[num] = parts[1]
40 }
41
42 if err := scanner.Err(); err != nil {
43 return err
44 }
45 if err := cmd.Wait(); err != nil {
46 return err
47 } 53 }
48 return nil 54 return nil
49} 55}
diff --git a/listener/godo.go b/listener/godo.go
index 0e1dc73..4f09b67 100644
--- a/listener/godo.go
+++ b/listener/godo.go
@@ -108,11 +108,11 @@ func coroutine(client *libaudit.AuditClient) error {
108 wg.Add(1) 108 wg.Add(1)
109 go deal() 109 go deal()
110 wg.Add(1) 110 wg.Add(1)
111 go procWatch()
112 wg.Add(1)
113 go receive(client) 111 go receive(client)
114 wg.Add(1) 112 wg.Add(1)
115 go orgnaze() 113 go orgnaze()
114 wg.Add(1)
115 go procWatch()
116 116
117 wg.Wait() 117 wg.Wait()
118 time.Sleep(2 * time.Second) 118 time.Sleep(2 * time.Second)