summaryrefslogtreecommitdiffstats
path: root/src/godo.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/godo.go')
-rw-r--r--src/godo.go14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/godo.go b/src/godo.go
index cc29a01..2a00dad 100644
--- a/src/godo.go
+++ b/src/godo.go
@@ -33,16 +33,24 @@ func main() {
33 fmt.Printf("Error figuring out syscall numbers: %v\n", err) 33 fmt.Printf("Error figuring out syscall numbers: %v\n", err)
34 } 34 }
35 35
36 syscall := [6]string{"fork", "vfork", "clone", "execve", "exit", "exit_group"}
37 var auditCmd *exec.Cmd 36 var auditCmd *exec.Cmd
38 auditCmd = exec.Command("auditctl", "-D") // 清空所有规则 37 auditCmd = exec.Command("auditctl", "-D") // 清空所有规则
39 auditCmd.Run() 38 auditCmd.Run()
39
40 pidSyscall := []string{"fork", "vfork", "clone", "execve", "exit", "exit_group"}
40 // 设置监听规则 41 // 设置监听规则
41 for i := 0; i < len(syscall); i++ { 42 for i := 0; i < len(pidSyscall); i++ {
42 auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", syscall[i]) 43 auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i])
43 auditCmd.Run() 44 auditCmd.Run()
44 } 45 }
45 46
47 // // 监听文件的消息
48 // fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"}
49 // for i := 0; i < len(fileSyscall); i++ {
50 // auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i])
51 // auditCmd.Run()
52 // }
53
46 // 查找pid 54 // 查找pid
47 containerdPid, err = getPid() 55 containerdPid, err = getPid()
48 if err != nil { 56 if err != nil {
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-08 17:19:03 +0800