aboutsummaryrefslogtreecommitdiffstats
path: root/src/godo.go
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/godo.go24
1 files changed, 10 insertions, 14 deletions
diff --git a/src/godo.go b/src/godo.go
index 923ef85..a30aa88 100644
--- a/src/godo.go
+++ b/src/godo.go
@@ -27,14 +27,14 @@ var (
27func main() { 27func main() {
28 // 检查用户身份,并添加auditd规则,监听所有syscall 28 // 检查用户身份,并添加auditd规则,监听所有syscall
29 if os.Geteuid() != 0 { 29 if os.Geteuid() != 0 {
30 fmt.Printf("Err: Please run me as root, %d!\n", os.Getegid()) 30 fmt.Fprintf(os.Stderr, "Err: Please run me as root, %d!\n", os.Getegid())
31 return 31 return
32 } 32 }
33 33
34 // 所有的系统调用号与名称的关系 34 // 所有的系统调用号与名称的关系
35 err := figureOutSyscalls() 35 err := figureOutSyscalls()
36 if err != nil { 36 if err != nil {
37 fmt.Printf("Error figuring out syscall numbers: %v\n", err) 37 fmt.Fprintf(os.Stderr, "Error figuring out syscall numbers: %v\n", err)
38 } 38 }
39 39
40 exec.Command("auditctl", "-D").Run() 40 exec.Command("auditctl", "-D").Run()
@@ -43,7 +43,7 @@ func main() {
43 43
44 var auditCmd *exec.Cmd 44 var auditCmd *exec.Cmd
45 45
46 pidSyscall := []string{"execve"} 46 pidSyscall := []string{"execve", "pivot_root"}
47 // // 设置监听规则 47 // // 设置监听规则
48 for i := 0; i < len(pidSyscall); i++ { 48 for i := 0; i < len(pidSyscall); i++ {
49 auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i]) 49 auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i])
@@ -61,14 +61,10 @@ func main() {
61 // 查找pid 61 // 查找pid
62 containerdPid, err = getPid() 62 containerdPid, err = getPid()
63 if err != nil { 63 if err != nil {
64 fmt.Printf("Error finding containerd: %v\n", err) 64 fmt.Fprintf(os.Stderr, "Error finding containerd: %v\n", err)
65 return 65 return
66 } 66 }
67 67
68 // 创世之神,1号进程
69 // 1号进程还是不要在进程树上直接出现了,不然它的小儿子们都会出现
70 // /usr/bin/containerd,也就是我们最关注的进程
71
72 // 开始运行,解析命令行参数后监听 68 // 开始运行,解析命令行参数后监听
73 if err := fs.Parse(os.Args[1:]); err != nil { 69 if err := fs.Parse(os.Args[1:]); err != nil {
74 log.Fatal(err) 70 log.Fatal(err)
@@ -81,8 +77,8 @@ func main() {
81 77
82func coroutine(client *libaudit.AuditClient) { 78func coroutine(client *libaudit.AuditClient) {
83 // 各协程至此开始 79 // 各协程至此开始
84 rawChan = make(chan interface{}) 80 rawChan = make(chan interface{}, 65536)
85 cookedChan = make(chan Event) 81 cookedChan = make(chan Event, 65536)
86 82
87 wg.Add(1) 83 wg.Add(1)
88 go procWatch() 84 go procWatch()
@@ -101,14 +97,14 @@ func coroutine(client *libaudit.AuditClient) {
101func procWatch() error { 97func procWatch() error {
102 ns, err := netlink.NewNetlinkSocket(syscall.NETLINK_CONNECTOR, 12345) 98 ns, err := netlink.NewNetlinkSocket(syscall.NETLINK_CONNECTOR, 12345)
103 if err != nil { 99 if err != nil {
104 fmt.Printf("Error creating socket: %v\n", err) 100 fmt.Fprintf(os.Stderr, "Error creating socket: %v\n", err)
105 return err 101 return err
106 } 102 }
107 defer ns.Close() 103 defer ns.Close()
108 for { 104 for {
109 res, err := ns.Receive(20) 105 res, err := ns.Receive(20)
110 if err != nil { 106 if err != nil {
111 fmt.Printf("Error recv: %v\n", err) 107 fmt.Fprintf(os.Stderr, "Error recv: %v\n", err)
112 continue 108 continue
113 } 109 }
114 for i := 0; i < len(res); i++ { 110 for i := 0; i < len(res); i++ {
@@ -146,7 +142,7 @@ func checkProc(pCooked *Event) {
146 fileName := fmt.Sprintf("/proc/%d/task/%d/cmdline", pCooked.tgid, pCooked.pid) 142 fileName := fmt.Sprintf("/proc/%d/task/%d/cmdline", pCooked.tgid, pCooked.pid)
147 fd, err := os.Open(fileName) 143 fd, err := os.Open(fileName)
148 if err != nil { 144 if err != nil {
149 fmt.Printf("Err: %v\n", err) 145 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
150 return 146 return
151 } 147 }
152 148
@@ -162,7 +158,7 @@ func checkProc(pCooked *Event) {
162 fileName = fmt.Sprintf("/proc/%d/task/%d/cwd", pCooked.tgid, pCooked.pid) 158 fileName = fmt.Sprintf("/proc/%d/task/%d/cwd", pCooked.tgid, pCooked.pid)
163 pCooked.cwd, err = os.Readlink(fileName) 159 pCooked.cwd, err = os.Readlink(fileName)
164 if err != nil { 160 if err != nil {
165 fmt.Printf("Err readlink %s: %v\n", fileName, err) 161 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
166 pCooked.cwd = "" 162 pCooked.cwd = ""
167 } 163 }
168} 164}