diff options
Diffstat (limited to 'src/godo.go')
| -rw-r--r-- | src/godo.go | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/godo.go b/src/godo.go index cbd9e0a..2ba32d6 100644 --- a/src/godo.go +++ b/src/godo.go | |||
| @@ -37,9 +37,11 @@ func main() { | |||
| 37 | fmt.Printf("Error figuring out syscall numbers: %v\n", err) | 37 | fmt.Printf("Error figuring out syscall numbers: %v\n", err) |
| 38 | } | 38 | } |
| 39 | 39 | ||
| 40 | exec.Command("auditctl", "-D").Run() | ||
| 41 | exec.Command("auditctl", "-b", "1000000000").Run() | ||
| 42 | exec.Command("auditctl", "--reset-lost").Run() | ||
| 43 | |||
| 40 | var auditCmd *exec.Cmd | 44 | var auditCmd *exec.Cmd |
| 41 | auditCmd = exec.Command("auditctl", "-D") // 清空所有规则 | ||
| 42 | auditCmd.Run() | ||
| 43 | 45 | ||
| 44 | pidSyscall := []string{"execve"} | 46 | pidSyscall := []string{"execve"} |
| 45 | // pidSyscall := []string{"fork", "vfork", "clone", "execve", "exit", "exit_group"} | 47 | // pidSyscall := []string{"fork", "vfork", "clone", "execve", "exit", "exit_group"} |
| @@ -50,7 +52,7 @@ func main() { | |||
| 50 | } | 52 | } |
| 51 | 53 | ||
| 52 | // 监听文件的消息 | 54 | // 监听文件的消息 |
| 53 | fileSyscall := []string{"open", "write", "close"} | 55 | fileSyscall := []string{"open"} |
| 54 | // fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"} | 56 | // fileSyscall := []string{"open", "write", "creat", "unlink", "opendir", "mkdir", "rmdir", "chmod", "fchmod", "chown", "fchown", "lchown", "flock"} |
| 55 | for i := 0; i < len(fileSyscall); i++ { | 57 | for i := 0; i < len(fileSyscall); i++ { |
| 56 | auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", fileSyscall[i]) | 58 | auditCmd = exec.Command("auditctl", "-a", "exit,always", "-F", "arch=b64", "-S", fileSyscall[i]) |