1 files changed, 3 insertions, 3 deletions
diff --git a/src/godo.go b/src/godo.go
index 77e677c..923ef85 100644
--- a/src/godo.go
+++ b/src/godo.go
@@ -44,14 +44,14 @@ func main() {
        var auditCmd *exec.Cmd
        pidSyscall := []string{"execve"}
-        // 设置监听规则
+        // // 设置监听规则
        for i := 0; i < len(pidSyscall); i++ {
                auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i])
                auditCmd.Run()
        }
        // 监听文件的消息
-        fileSyscall := []string{"open", "write", "close"}
+        fileSyscall := []string{"open", "close", "write"}
        // fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"}
        for i := 0; i < len(fileSyscall); i++ {
                auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", fileSyscall[i])
@@ -106,7 +106,7 @@ func procWatch() error {
        }
        defer ns.Close()
        for {
-                res, err := ns.Receive()
+                res, err := ns.Receive(20)
                if err != nil {
                        fmt.Printf("Error recv: %v\n", err)
                        continue

diff --git a/src/godo.go b/src/godo.go index 77e677c..923ef85 100644 --- a/src/godo.go +++ b/src/godo.go
@@ -44,14 +44,14 @@ func main() {
44	var auditCmd *exec.Cmd	44	var auditCmd *exec.Cmd
45		45
46	pidSyscall := []string{"execve"}	46	pidSyscall := []string{"execve"}
47	// 设置监听规则	47	// // 设置监听规则
48	for i := 0; i < len(pidSyscall); i++ {	48	for i := 0; i < len(pidSyscall); i++ {
49	auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i])	49	auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", pidSyscall[i])
50	auditCmd.Run()	50	auditCmd.Run()
51	}	51	}
52		52
53	// 监听文件的消息	53	// 监听文件的消息
54	fileSyscall := []string{"open", "write", "close"}	54	fileSyscall := []string{"open", "close", "write"}
55	// fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"}	55	// fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"}
56	for i := 0; i < len(fileSyscall); i++ {	56	for i := 0; i < len(fileSyscall); i++ {
57	auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", fileSyscall[i])	57	auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", fileSyscall[i])
@@ -106,7 +106,7 @@ func procWatch() error {
106	}	106	}
107	defer ns.Close()	107	defer ns.Close()
108	for {	108	for {
109	res, err := ns.Receive()	109	res, err := ns.Receive(20)
110	if err != nil {	110	if err != nil {
111	fmt.Printf("Error recv: %v\n", err)	111	fmt.Printf("Error recv: %v\n", err)
112	continue	112	continue