diff options
Diffstat (limited to 'listener')
-rw-r--r-- | listener/godo.go | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/listener/godo.go b/listener/godo.go index efe9585..87e9446 100644 --- a/listener/godo.go +++ b/listener/godo.go | |||
@@ -24,6 +24,8 @@ var ( | |||
24 | receiveOnly = fs.Bool("ro", false, "receive only using multicast, requires kernel 3.16+") | 24 | receiveOnly = fs.Bool("ro", false, "receive only using multicast, requires kernel 3.16+") |
25 | ) | 25 | ) |
26 | 26 | ||
27 | const bufferPages = 100 | ||
28 | |||
27 | func main() { | 29 | func main() { |
28 | // 检查用户身份,并添加auditd规则,监听所有syscall | 30 | // 检查用户身份,并添加auditd规则,监听所有syscall |
29 | if os.Geteuid() != 0 { | 31 | if os.Geteuid() != 0 { |
@@ -44,7 +46,7 @@ func main() { | |||
44 | var auditCmd *exec.Cmd | 46 | var auditCmd *exec.Cmd |
45 | 47 | ||
46 | pidSyscall := []string{"execve", "pivot_root"} | 48 | pidSyscall := []string{"execve", "pivot_root"} |
47 | // // 设置监听规则 | 49 | // 设置监听规则 |
48 | for i := 0; i < len(pidSyscall); i++ { | 50 | for i := 0; i < len(pidSyscall); i++ { |
49 | auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i]) | 51 | auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i]) |
50 | auditCmd.Run() | 52 | auditCmd.Run() |
@@ -77,8 +79,9 @@ func main() { | |||
77 | 79 | ||
78 | func coroutine(client *libaudit.AuditClient) { | 80 | func coroutine(client *libaudit.AuditClient) { |
79 | // 各协程至此开始 | 81 | // 各协程至此开始 |
80 | rawChan = make(chan interface{}, 65536) | 82 | bufferSize := bufferPages * syscall.Getpagesize() |
81 | cookedChan = make(chan Event, 65536) | 83 | rawChan = make(chan interface{}, bufferSize) |
84 | cookedChan = make(chan Event, bufferSize) | ||
82 | 85 | ||
83 | wg.Add(1) | 86 | wg.Add(1) |
84 | go procWatch() | 87 | go procWatch() |
@@ -102,7 +105,7 @@ func procWatch() error { | |||
102 | } | 105 | } |
103 | defer ns.Close() | 106 | defer ns.Close() |
104 | for { | 107 | for { |
105 | res, err := ns.Receive(20) | 108 | res, err := ns.Receive(bufferPages) |
106 | if err != nil { | 109 | if err != nil { |
107 | fmt.Fprintf(os.Stderr, "Error recv: %v\n", err) | 110 | fmt.Fprintf(os.Stderr, "Error recv: %v\n", err) |
108 | continue | 111 | continue |