ossec

package
v1.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2024 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Overview

see: https://documentation.wazuh.com/4.0/development/message-format.html

Index

Constants

View Source 
const (
	// EncryptionMethodBlowFish use BlowFish for transprot encryption
	EncryptionMethodBlowFish = EncryptionMethod(0)
	// EncryptionMethodAES use AES for transprot encryption
	EncryptionMethodAES = EncryptionMethod(1)
	// maximum number of messages that can be send ber second (500 is the hard limit on the server - be gentle  )
	SendRateLimit = 450

	// time between server pings
	NotifyTime      = 10
	SysinfoInterval = 60 // each 60th  ping -> 1/h
	WazuhVersion    = "4.3.0"
)
View Source 
const (
	CONTROL_HEADER     = "#!-"
	EXECD_HEADER       = "execd "
	FILE_UPDATE_HEADER = CONTROL_HEADER + "up file "
	FILE_CLOSE_HEADER  = CONTROL_HEADER + "close file "
	HC_STARTUP         = "agent startup "
	HC_ACK             = CONTROL_HEADER + "agent ack "
	HC_SK_DB_COMPLETED = "syscheck-db-completed"
	HC_SK_RESTART      = "syscheck restart"
	HC_REQUEST         = "req "
	HC_FIM_DB_SFS      = "fim-db-start-first-scan"
	HC_FIM_DB_EFS      = "fim-db-end-first-scan"
	HC_FIM_DB_SS       = "fim-db-start-scan"
	HC_FIM_DB_ES       = "fim-db-end-scan"
	CFGA_DB_DUMP       = "sca-dump"
	HC_SK              = "syscheck "
	HC_FIM_FILE        = "fim_file "
	HC_FIM_REGISTRY    = "fim_registry "

	LOCALFILE_MQ    = '1'
	SYSLOG_MQ       = '2'
	HOSTINFO_MQ     = '3'
	SECURE_MQ       = '4'
	DBSYNC_MQ       = '5'
	SYSCHECK_MQ     = '8'
	ROOTCHECK_MQ    = '9'
	MYSQL_MQ        = 'a'
	POSTGRESQL_MQ   = 'b'
	AUTH_MQ         = 'c'
	SYSCOLLECTOR_MQ = 'd'
	CISCAT_MQ       = 'e'
	WIN_EVT_MQ      = 'f'

	RIDS_DIR        = "rids"
	REMOTE_DIR      = "remote"
	WM_SYS_LOCATION = "syscollector"

	STATS_MODULE    = 11
	FTS_MODULE      = 12
	SYSCHECK_MODULE = 13
	HOSTINFO_MODULE = 15

	ROOTCHECK_MOD    = "rootcheck"
	HOSTINFO_NEW     = "hostinfo_new"
	HOSTINFO_MOD     = "hostinfo_modified"
	FIM_MOD          = "syscheck_integrity_changed"
	FIM_NEW          = "syscheck_new_entry"
	FIM_DEL          = "syscheck_deleted"
	FIM_REG_KEY_MOD  = "syscheck_registry_key_modified"
	FIM_REG_KEY_NEW  = "syscheck_registry_key_added"
	FIM_REG_KEY_DEL  = "syscheck_registry_key_deleted"
	FIM_REG_VAL_MOD  = "syscheck_registry_value_modified"
	FIM_REG_VAL_NEW  = "syscheck_registry_value_added"
	FIM_REG_VAL_DEL  = "syscheck_registry_value_deleted"
	SYSCOLLECTOR_MOD = "syscollector"
	CISCAT_MOD       = "ciscat"
	WINEVT_MOD       = "windows_eventchannel"
	SCA_MOD          = "sca"

	/* Types of events (from decoders) */
	UNKNOWN         = 0
	SYSLOG          = 1  /* syslog message */
	IDS             = 2  /* IDS alert */
	FIREWALL        = 3  /* Firewall event */
	WEBLOG          = 7  /* Apache log */
	SQUID           = 8  /* Squid log */
	DECODER_WINDOWS = 9  /* Windows log */
	HOST_INFO       = 10 /* Host information log (from nmap or similar) */
	OSSEC_RL        = 11 /* OSSEC rule */

	ReadWaitTimeout      = time.Duration(30 * time.Second)
	ReadImmediateTimeout = time.Duration(1 * time.Second)
)
View Source 
const (
	TYPE_OS          = "OS"
	TYPE_HARDWARE    = "hardware"
	TYPE_NETWORK     = "network"
	TYPE_NETWORK_END = "network_end"
	TYPE_PROCESS     = "process"
	TYPE_PROCESS_END = "process_end"
	TYPE_PORT        = "port"
	TYPE_PORT_END    = "port_end"
	TYPE_PACKAGE     = "program"
	TYPE_PACKAGE_END = "program_end"
)

Variables

View Source 
var AgentCollector = newAgentCollector()
View Source 
var CpeNamePattern = regexp.MustCompile(`^[c][pP][eE]:(2\.3:|/)([AHOaho])?(.*)$`)

Functions

func DefaultAgentName added in v0.8.12 

func DefaultAgentName() (string, error)

func PKCS7Padding added in v0.6.0 

func PKCS7Padding(ciphertext []byte, blockSize int) []byte

Use PKCS7 to fill, IOS is also 7

func PKCS7UnPadding added in v0.6.0 

func PKCS7UnPadding(origData []byte) []byte

Types

type AgentKey 

type AgentKey struct {
	AgentID         string
	AgentName       string
	AgentKey        string
	AgentHashedKey  string
	AgentAllowedIPs string
	AgentIP         string
}

AgentKey a single key entry

func GetAgentKey added in v0.9.1 

func GetAgentKey(filename string) (*AgentKey, error)

GetAgentKey read from Environment and if not found there, try default file

func GetAgentKeyFromFile added in v0.8.12 

func GetAgentKeyFromFile(agentName string, filename string) (*AgentKey, error)

func InitAgent added in v0.8.12 

func InitAgent(cfg *EnrollmentConfig) (*AgentKey, error)

func ParseAgentKey 

func ParseAgentKey(line string) (*AgentKey, error)

ParseAgentKey parse a single key entry line

func RegisterAgent added in v0.3.0 

func RegisterAgent(cfg *EnrollmentConfig) (*AgentKey, error)

RegisterAgent register an agent via the AuthD Service

func (*AgentKey) WriteAgentKey added in v0.6.1 

func (a *AgentKey) WriteAgentKey(filename string) error

type AgentKeyMap 

type AgentKeyMap map[string]*AgentKey

AgentKeyMap map of agents in agents key file

func LoadAgentKeyMap 

func LoadAgentKeyMap(filename string) (AgentKeyMap, error)

LoadAgentKeyMap read all agent infos from a file (/var/ossec/etc/client.keys)

type AgentOption 

type AgentOption func(*Client) error

AgentOption allows setting custom parameters during construction

func WithAgentAllowedIPs 

func WithAgentAllowedIPs(allowedIPs string) AgentOption

WithAgentAllowedIPs which IPs are allwed

func WithAgentIP 

func WithAgentIP(agentIP string) AgentOption

WithAgentIP use specific Agent IP in messages

func WithBasePath added in v0.5.0 

func WithBasePath(basePath string) AgentOption

WithBasePath use specific where to cache downloaded files

func WithClientName added in v0.3.5 

func WithClientName(clientName string) AgentOption

WithClientName use a custom client name

func WithClientVersion added in v0.3.5 

func WithClientVersion(clientVersion string) AgentOption

WithClientVersion use a custom client version

func WithConfigHash added in v0.9.0 

func WithConfigHash(configHash string) AgentOption

WithConfigHash specify a local config hash

func WithContext 

func WithContext(ctx context.Context) AgentOption

WithContext use a custom context

func WithEncryptionMethod 

func WithEncryptionMethod(encryptionMethod EncryptionMethod) AgentOption

WithEncryptionMethod specify encryption method to use

func WithPort 

func WithPort(port uint16) AgentOption

WithPort use specific port

func WithTCP 

func WithTCP(tcp bool) AgentOption

WithTCP use TCP as Transport

func WithUDP 

func WithUDP(udp bool) AgentOption

WithUDP use UDP as Transport

func WithZapLogger 

func WithZapLogger(logger *zap.Logger) AgentOption

WithZapLogger use a custom logger

type AgentShutDownEvent added in v0.6.1 

type AgentShutDownEvent struct {
}

type CPE added in v1.0.0 

type CPE struct {
	Name            string  `xml:"name,attr" json:"name,omitempty"`
	CpeVersion      float32 `json:"cpe_version,omitempty"`
	Part            string  `json:"part,omitempty"`
	Vendor          string  `json:"vendor,omitempty"`
	Product         string  `json:"product,omitempty"`
	Version         string  `json:"version,omitempty"`
	Update          string  `json:"update,omitempty"`
	Edition         string  `json:"edition,omitempty"`
	Language        string  `json:"language,omitempty"`
	SoftwareEdition string  `json:"software_edition,omitempty"`
	TargetSoftware  string  `json:"target_software,omitempty"`
	TargetHardware  string  `json:"target_hardware,omitempty"`
	Other           string  `json:"other,omitempty"`
	Deprecated      bool    `xml:"deprecated,attr,omitempty" json:"deprecated,omitempty"`
	Title           string  `json:"title"`
}

func ParseCPE added in v1.0.0 

func ParseCPE(name string) *CPE

type Client 

type Client struct {
	*AgentKey
	Server            string
	Port              uint16
	UDP               bool
	EncryptionMethod  EncryptionMethod
	ClientName        string
	ClientVersion     string
	ConfigHash        string
	RemoteFiles       map[string]RemoteFileInfo
	CurrentRemoteFile *RemoteFileInfo
	Scanner           *SysCollector
	// contains filtered or unexported fields
}

Client allowes to handshake with the server to reach a pending state (which allowes the agent to become a group member)

func NewAgent 

func NewAgent(server string, agentID string, agentName string, agentKey string, opts ...AgentOption) (*Client, error)

NewAgent create a new Agent for the target server

func (*Client) AgentLoop 

func (a *Client) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueuePosting, chan interface{}, error)

AgentLoop Process messages and keep track of connection status

func (*Client) Close 

func (a *Client) Close() error

Close closes the connection. Any blocked Read or Write operations will be unblocked and return errors.

func (*Client) Connect 

func (a *Client) Connect(isStartup bool) error

Connect connect and do a handshake

func (*Client) GetBasePath added in v1.0.0 

func (a *Client) GetBasePath() string

func (*Client) IsConencted added in v0.5.0 

func (a *Client) IsConencted() bool

func (*Client) PingServer 

func (a *Client) PingServer() error

PingServer send a single ping to the server

func (*Client) ReadClientCounter added in v0.8.11 

func (a *Client) ReadClientCounter() error

ReadClientCounter read counters from disk

func (*Client) ReadServerResponse added in v0.6.0 

func (a *Client) ReadServerResponse(timeout time.Duration) error

ReadServerResponse read next message

func (*Client) ReportIntegrity added in v0.7.0 

func (a *Client) ReportIntegrity() error

Send Integrity Status

func (*Client) SendMessage 

func (a *Client) SendMessage(msg string, readTimeout time.Duration) error

SendMessage send a message and wait for an answer

func (*Client) WriteClientCounter added in v0.8.11 

func (a *Client) WriteClientCounter() error

WriteClientCounter persist current counters

func (*Client) WriteMessage 

func (a *Client) WriteMessage(msg string) error

WriteMessage without waiting for an answerr a message and wait for an answer

type ClientConfig 

type ClientConfig struct {
	XMLName xml.Name `xml:"client"`

	// Address specifies the IP address or the hostname of the Wazuh manager.
	Address string `xml:"server>address,omitempty"`

	// Port sSpecifies the port to send events to on the manager. This must match the associated listening port configured on the Wazuh manager.
	Port uint16 `xml:"server>port,omitempty"`

	// Protocol specifies the protocol to use when connecting to the manager.
	Protocol string `xml:"server>protocol,omitempty"`

	// MaxRetries number of connection retries.
	MaxRetries uint16 `xml:"server>max_retries,omitempty"`

	// RetryInterval Time interval between connection attempts (seconds).
	RetryInterval uint16 `xml:"server>retry_interval,omitempty"`

	// ConfigProfile specifies the agent.conf profile(s) to be used by the agent.
	ConfigProfile string `xml:"config-profile,omitempty"`

	// NotifyTime specifies the time in seconds between agent checkins to the manager. More frequent checkins speed up dissemination of an updated agent.conf file to the agents, but may also put an undo load on the manager if there are a large number of agents.
	NotifyTime uint16 `xml:"notify_time,omitempty"`

	// TimeReconnect specifies the time in seconds before a reconnection is attempted. This should be set to a higher number than the notify_time parameter.
	TimeReconnect uint16 `xml:"time-reconnect,omitempty"`

	// LocalIP specifies which IP address will be used to communicate with the manager when the agent has multiple network interfaces.
	LocalIP string `xml:"local_ip,omitempty"`

	//  AutoRestart toggles on and off the automatic restart of agents when a new valid configuration is received from the manager.
	AutoRestart ConvertibleBoolean `xml:"auto_restart,omitempty"`

	// CryptoMethod choose the encryption of the messages that the agent sends to the manager.
	CryptoMethod string `xml:"crypto_method,omitempty"`
}

ClientConfig see: https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html

func LoadClientConfig 

func LoadClientConfig(filename string) (*ClientConfig, error)

LoadClientConfig Load the client configuration from a fole

func NewClientConfig 

func NewClientConfig() *ClientConfig

NewClientConfig new client config with default values set

type ConvertibleBoolean 

type ConvertibleBoolean bool

ConvertibleBoolean xml bool values (0,no,false / 1,yes,true)

func (*ConvertibleBoolean) UnmarshalText added in v0.3.5 

func (bit *ConvertibleBoolean) UnmarshalText(data []byte) error

UnmarshalJSON convert string to boolean

type CorruptMessage added in v0.5.0 

type CorruptMessage struct {
	// contains filtered or unexported fields
}

func NewCorruptMessage added in v0.5.0 

func NewCorruptMessage(typ string) CorruptMessage

func (CorruptMessage) Error added in v0.5.0 

func (cme CorruptMessage) Error() string

type EncryptionMethod 

type EncryptionMethod int

EncryptionMethod supported transport encryption

type EnrollmentConfig added in v0.3.0 

type EnrollmentConfig struct {
	// Manager's direction or ip address
	ManagerName string
	// Port Manager's port
	Port int
	// (optional) Name of the agent. In case of NULL enrollment message will send local hostname
	AgentName string
	AgentID   string
	AgentIP   string
	// IP address or CIDR of the agent. In case of null the manager will use the source ip
	SenderIP string
	// Forces manager to use source ip
	UseSrcIP bool
	// password verification
	AuthPass string
	// Agent Key (null if not used)
	AgentKey string
	// Agent Certificate
	AgentCert stringMap
	// CA Certificate to verify server (null if not used)
	CACert string

	Groups []string
	// contains filtered or unexported fields
}

EnrollmentConfig enrolment configuration

func NewEnrollmentConfig added in v0.3.0 

func NewEnrollmentConfig() (*EnrollmentConfig, error)

NewEnrollmentConfig initialize new enrolment config

func (*EnrollmentConfig) SetLogger added in v0.6.1 

func (c *EnrollmentConfig) SetLogger(logger *zap.Logger)

type Event 

type Event struct {
	IntegrationEvent
	Event string `json:"Wodle event,omitempty"`
}

Event static structured event data user, srcip, dstip, srcport, dstport, protocol, action, id, url, data, extra_data, status, system_name https://documentation.wazuh.com/4.0/user-manual/ruleset/dynamic-fields.html https://github.com/wazuh/wazuh/blob/master/src/analysisd/decoders/plugins/json_decoder.c

type FileUpdatedEvent added in v0.6.1 

type FileUpdatedEvent struct {
	FileInfo *RemoteFileInfo
}

type FimData added in v0.7.0 

type FimData struct {
	ID       int64  `json:"id,omitempty"`
	Begin    string `json:"begin"`
	End      string `json:"end"`
	Checksum string `json:"checksum"`
}

type FimMessage added in v0.7.0 

type FimMessage struct {
	Component string  `json:"component,omitempty"`
	Type      string  `json:"type"`
	Data      FimData `json:"data"`
}

func NewFimMessage added in v0.7.0 

func NewFimMessage() (*FimMessage, error)

type Hardware added in v0.7.0 

type Hardware struct {
	// R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})")));
	*Sysinfo
	Inventory HardwareInventory `json:"inventory"`
}

type HardwareInventory added in v1.0.0 

type HardwareInventory struct {
	BoardSerial *string  `json:"board_serial,omitempty"`
	CPUName     *string  `json:"cpu_name,omitempty"`
	CPUCores    *int     `json:"cpu_cores,omitempty"`
	CPUMhz      *float64 `json:"cpu_mhz,omitempty"`
	RamFree     *uint64  `json:"ram_free,omitempty"`
	RamTotal    *uint64  `json:"ram_total,omitempty"`
	RamUsage    *float64 `json:"ram_usage,omitempty"`
}

type IPAddressInfo added in v1.0.0 

type IPAddressInfo struct {
	Address   []string `json:"address,omitempty"`
	Netmask   []string `json:"netmask,omitempty"`
	Broadcast []string `json:"broadcast,omitempty"`
	Gateway   *string  `json:"gateway,omitempty"`
	// DHCP can be 'enabled', 'disabled', 'unknown', 'BOOTP'
	DHCP   string `json:"dhcp,omitempty"`
	Metric *int64 `json:"metric,omitempty"`
}

type IPv4Address added in v1.0.0 

type IPv4Address struct {
}

type InitInfo 

type InitInfo struct {
	Directory string          `json:"Directory"`
	Name      string          `json:"Name"`
	Version   *semver.Version `json:"Version"`
	Revision  uint            `json:"Revision"`
	Date      time.Time       `json:"Date"`
	Type      string          `json:"Type"`
	// contains filtered or unexported fields
}

InitInfo information gathered from ossec-init.conf 

var LocalInitInfo *InitInfo

LocalInitInfo contains the init info of the locally installed OSSEC

func DefaultInintInfo added in v0.3.1 

func DefaultInintInfo() *InitInfo

DefaultInintInfo Create a default Info

func NewInitInfo 

func NewInitInfo() (*InitInfo, error)

NewInitInfo read InitInfo from default location

func ReadInitInfo 

func ReadInitInfo(file io.Reader) (*InitInfo, error)

ReadInitInfo read InitInfo from file

func (*InitInfo) Get 

func (i *InitInfo) Get(key string) (string, bool)

Get retreive raw data

type IntegrationEvent 

type IntegrationEvent struct {
	Integration string          `json:"integration,omitempty"`
	Meta        IntegrationMeta `json:"meta,omitempty"`
}

IntegrationEvent basic integration message

type IntegrationMeta 

type IntegrationMeta struct {
	//	InputType       string      `json:"input>type,omitempty"`
	//	DecoderName     string      `json:"decoder>name,omitempty"`
	ID               string      `json:"id,omitempty"`
	URL              string      `json:"url,omitempty"`
	User             string      `json:"user,omitempty"`
	SourceUser       string      `json:"srcuser,omitempty"`
	SourceIP         *net.IP     `json:"srcip,omitempty"`
	SourcePort       *uint       `json:"srcport,omitempty"`
	DestinationIP    *net.IP     `json:"dstip,omitempty"`
	DestinationGeoIP string      `json:"dstgeoip,omitempty"`
	DestinationUser  string      `json:"dstuser,omitempty"`
	DestinationPort  *uint       `json:"dstport,omitempty"`
	Protocol         string      `json:"protocol,omitempty"`
	Action           string      `json:"action,omitempty"`
	Status           string      `json:"status,omitempty"`
	SystemName       string      `json:"systemname,omitempty"`
	ExtraData        interface{} `json:"extra_data,omitempty"`
}

IntegrationMeta standard metadata

type LocalConfig 

type LocalConfig struct {
	XMLName      xml.Name     `xml:"ossec_config"`
	ClientConfig ClientConfig `xml:"client"`
}

LocalConfig see https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/index.html

type Network added in v0.7.0 

type Network struct {
	// R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})")));
	*Sysinfo
	Interface *NetworkInterface `json:"iface,omitempty"`
}

type NetworkInterface added in v1.0.0 

type NetworkInterface struct {
	Name      *string        `json:"name,omitempty"`
	Adapter   *string        `json:"adapter,omitempty"`
	Type      *string        `json:"type,omitempty"`
	State     *string        `json:"state,omitempty"`
	MAC       *string        `json:"mac,omitempty"`
	TXPackets *int64         `json:"tx_packets,omitempty"`
	RXPackets *int64         `json:"rx_packets,omitempty"`
	TXBytes   *int64         `json:"tx_bytes,omitempty"`
	RXBytes   *int64         `json:"rx_bytes,omitempty"`
	TXErrors  *int64         `json:"tx_errors,omitempty"`
	RXErrors  *int64         `json:"rx_errors,omitempty"`
	TXDropped *int64         `json:"tx_dropped,omitempty"`
	RXDropped *int64         `json:"rx_dropped,omitempty"`
	MTU       *int           `json:"mtu,omitempty"`
	IPv4      *IPAddressInfo `json:"IPv4,omitempty"`
	IPv6      *IPAddressInfo `json:"IPv6,omitempty"`
}

type OS added in v0.7.0 

type OS struct {
	//   R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})")));
	*Sysinfo
	Inventory OSInventory `json:"inventory"`
}

type OSInventory added in v1.0.0 

type OSInventory struct {
	OSName       *string `json:"os_name,omitempty"`
	OSVersion    *string `json:"os_version,omitempty"`
	OSCodename   *string `json:"os_codename,omitempty"`
	OSMajor      *string `json:"os_major,omitempty"`
	OSMinor      *string `json:"os_minor,omitempty"`
	OSBuild      *string `json:"os_build,omitempty"`
	Hostname     *string `json:"hostname,omitempty"`
	OSRelease    *string `json:"os_release,omitempty"`
	Architecture *string `json:"architecture,omitempty"`
}

type Package added in v0.7.0 

type Package struct {
	// R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})")));
	*Sysinfo
	Package *PackageDetails `json:"program"`
}

type PackageDetails added in v1.0.0 

type PackageDetails struct {
	Format       *string `json:"format,omitempty"`
	Name         *string `json:"name,omitempty"`
	Priority     *string `json:"priority,omitempty"`
	Group        *string `json:"group,omitempty"`
	Size         *int64  `json:"size,omitempty"`
	Vendor       *string `json:"vendor,omitempty"`
	Version      *string `json:"version,omitempty"`
	Architecture *string `json:"architecture,omitempty"`
	MultiArch    *string `json:"multi-arch,omitempty"`
	Source       *string `json:"source,omitempty"`
	Description  *string `json:"description,omitempty"`
	InstallTime  *string `json:"install_time,omitempty"`
	Location     *string `json:"location,omitempty"`

	Triaged *string `json:"triaged,omitempty"` // read only
	CPE     *string `json:"cpe,omitempty"`     // read only
}

R"([{"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":"411","source":"xorg","version":"1:7.7+19ubuntu14","os_patch":""},{"hotfix":"KB4586786"}])")));

type Port added in v0.7.0 

type Port struct {
	// R"({"ports":[{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}]})")));
	*Sysinfo
	PortInfo *PortInfo `json:"port,omitempty"`
}

type PortInfo added in v1.0.0 

type PortInfo struct {
	Protocol   string  `json:"protocol,omitempty"`
	LocalIP    *string `json:"local_ip,omitempty"`
	RemoteIP   *string `json:"remote_ip,omitempty"`
	State      *string `json:"state,omitempty"`
	Pid        *int    `json:"PID,omitempty"`
	Process    *string `json:"process,omitempty"`
	LocalPort  *uint16 `json:"local_port,omitempty"`
	RemotePort *uint16 `json:"remote_port,omitempty"`
	TXQueue    *uint   `json:"tx_queue,omitempty"`
	RXQueue    *uint   `json:"rx_queue,omitempty"`
	Inode      *uint   `json:"inode,omitempty"`
}

type Process added in v0.7.0 

type Process struct {
	*Sysinfo
	ProcessDetails *ProcessEntry `json:"process,omitempty"`
}

type ProcessEntry added in v1.0.0 

type ProcessEntry struct {
	Name      *string  `json:"name,omitempty"`
	Cmd       *string  `json:"cmd,omitempty"`
	ArgVs     []string `json:"argvs,omitempty"`
	EGroup    *string  `json:"egroup,omitempty"`
	EUser     *string  `json:"euser,omitempty"`
	FGroup    *string  `json:"fgroup,omitempty"`
	RGroup    *string  `json:"rgroup,omitempty"`
	RUser     *string  `json:"ruser,omitempty"`
	SGroup    *int     `json:"sgroup,omitempty"`
	SUser     *int     `json:"suser,omitempty"`
	State     *string  `json:"state,omitempty"`
	Nice      *int     `json:"nice,omitempty"`
	NLWP      *int     `json:"nlwp,omitempty"`
	PGrp      *int     `json:"pgrp,omitempty"`
	PID       *int     `json:"pid,omitempty"`
	PPID      *int     `json:"ppid,omitempty"`
	Priority  int      `json:"priority"`
	Processor *int     `json:"processor,omitempty"`
	Resident  *int     `json:"resident,omitempty"`
	Session   *int     `json:"session,omitempty"`
	Share     *int     `json:"share,omitempty"`
	Size      *uint64  `json:"size,omitempty"`
	STime     *int     `json:"stime,omitempty"`
	TGID      *int     `json:"tgid,omitempty"`
	TTY       *int     `json:"tty,omitempty"`
	UTime     *int     `json:"utime,omitempty"`
	VMSize    *uint64  `json:"vm_size,omitempty"`
}

type Queue 

type Queue struct {
	TargetQueue rune
	AgentName   string
	Type        string
	QueuePath   string
	InitInfo    *InitInfo
	Logger      *zap.Logger
	// contains filtered or unexported fields
}

Queue helper to create a custom wodle

func NewQueue 

func NewQueue(typ string, opts ...QueueOption) (*Queue, error)

NewQueue create new wodle

func (*Queue) AgentLoop 

func (w *Queue) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueuePosting, chan interface{}, error)

AgentLoop process incoming messages

func (*Queue) DebugMessage 

func (w *Queue) DebugMessage(msg string) error

DebugMessage send a debug event

func (*Queue) SendMessage 

func (w *Queue) SendMessage(event interface{}, location string, programName string) error

SendMessage send a single message to the agent´s queue

type QueueError added in v0.4.0 

type QueueError struct {
	Operation  string
	InnerError error
}

func NewQueueError added in v0.4.0 

func NewQueueError(operation string, innerError error) QueueError

func (QueueError) Error added in v0.4.0 

func (m QueueError) Error() string

type QueueOption 

type QueueOption func(*Queue) error

QueueOption allows setting custom parameters during construction

func WithInitInfo 

func WithInitInfo(initInfo *InitInfo) QueueOption

WithInitInfo use a custom context

func WithQueueLogger 

func WithQueueLogger(logger *zap.Logger) QueueOption

WithQueueLogger use a custom logger

func WithQueuePath 

func WithQueuePath(path string) QueueOption

WithQueuePath use a custom queue path

func WithTargetQueue 

func WithTargetQueue(queue rune) QueueOption

WithTargetQueue use a custom target queue

type QueuePosting 

type QueuePosting struct {
	TargetQueue rune        `json:"queue"`
	Location    string      `json:"location"`
	ProgramName string      `json:"program"`
	Timestamp   time.Time   `json:"timestamp,omitempty"`
	Raw         interface{} `json:"raw,omitempty"`
}

QueuePosting a massage for the queue

type RemoteFileInfo added in v0.6.0 

type RemoteFileInfo struct {
	Filename string
	Hash     string
	Content  *bytes.Buffer
}

type SysCollector added in v1.0.0 

type SysCollector struct {
	// contains filtered or unexported fields
}
var Scanner *SysCollector

func NewScanner added in v1.0.0 

func NewScanner(client *Client) *SysCollector

func (*SysCollector) NewHardware added in v1.0.0 

func (s *SysCollector) NewHardware() *Hardware

func (*SysCollector) NewNetwork added in v1.0.0 

func (s *SysCollector) NewNetwork(intf net.Interface) (*Network, bool)

func (*SysCollector) NewOS added in v1.0.0 

func (s *SysCollector) NewOS() *OS

func (*SysCollector) NewPackageFromComponent added in v1.0.0 

func (s *SysCollector) NewPackageFromComponent(component cdx.Component) *Package

func (*SysCollector) NewPort added in v1.0.0 

func (s *SysCollector) NewPort(pi *PortInfo) *Port

func (*SysCollector) NewPortInfo added in v1.0.0 

func (s *SysCollector) NewPortInfo(pi *PortInfo) *PortInfo

func (*SysCollector) NewProcess added in v1.0.0 

func (s *SysCollector) NewProcess(typ string) *Process

func (SysCollector) NewSysinfo added in v1.0.0 

func (s SysCollector) NewSysinfo(typ string) *Sysinfo

func (*SysCollector) PostSysinfo added in v1.0.0 

func (s *SysCollector) PostSysinfo(input chan *QueuePosting)

func (*SysCollector) RemovePort added in v1.0.0 

func (s *SysCollector) RemovePort(name string)

func (*SysCollector) SetPort added in v1.0.0 

func (s *SysCollector) SetPort(name string, port *PortInfo)

type Sysinfo added in v0.7.0 

type Sysinfo struct {
	// ScanTime  string     `json:"scan_time,omitempty"`
	Type     string  `json:"type"`
	Checksum *string `json:"checksum,omitempty"`
	ID       int64   `json:"ID,omitempty"`
	ItemID   *int64  `json:"item_id,omitempty"`
	ScanTime string  `json:"timestamp"`
}

type WithLoggin 

type WithLoggin struct {
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.