Documentation
¶
Overview ¶
The Dexter engine contains all the functionality to run the dexter daemon loop.
Index ¶
- func GetPublicKeyForInvestigator(name string) (*rsa.PublicKey, error)
- func LoadInvestigatorNames() (list []string)
- func LocalInvestigatorName() string
- func Start()
- type DecryptionPayload
- type Investigation
- func (investigation *Investigation) Approve(privateKey *rsa.PrivateKey)
- func (investigation *Investigation) ApproverNames() []string
- func (investigation *Investigation) MinimumConsensus() int
- func (investigation *Investigation) ReportDirectory() string
- func (investigation *Investigation) ReportZip() string
- func (investigation *Investigation) ScopeFactsStrings() []string
- func (investigation *Investigation) ScopeFactsToString() string
- func (investigation *Investigation) Sign(privateKey *rsa.PrivateKey)
- func (investigation *Investigation) Upload() error
- func (investigation *Investigation) ValidUniqueApprovers() int
- type Investigator
- type Poller
- type PublicKey
- type S3Poller
- type Signature
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetPublicKeyForInvestigator ¶
Lookup an embedded investigator and parse their public key into an *rsa.PublicKey.
func LoadInvestigatorNames ¶
func LoadInvestigatorNames() (list []string)
Return the list of embedded investigators.
func LocalInvestigatorName ¶
func LocalInvestigatorName() string
Return the name of the investigator currently operating Dexter from the CLI.
Types ¶
type DecryptionPayload ¶
A decryption payload contains all the information needed for an investigator to decrypt an investigation, a nonce for data encryption and the encrypted data encryption key.
func (DecryptionPayload) GetEncryptionKey ¶
func (payload DecryptionPayload) GetEncryptionKey(passwordFunc func() string) []byte
Decrypt the encrypted data encryption key using the local investigator's key. A password function is used to retrieve the password for the local investigator's private key.
type Investigation ¶
type Investigation struct {
ID string
TaskList map[string][]string
Scope map[string][]string
KillContainers bool
KillHost bool
Issuer Signature
Approvers []Signature
RecipientNames []string
}
An investigation is an instruction for some Dexter daemons to run some tasks. The Task list defines the tasks and their argumetns, while the Scope defines facts that must be true about the host in order for the investigation to be in scope.
func AllInvestigations ¶
func AllInvestigations() []Investigation
Get all investigations, including archived ones
func CurrentInvestigations ¶
func CurrentInvestigations() []Investigation
Get current investigations.
func InvestigationByID ¶
func InvestigationByID(uuid string) (Investigation, error)
Lookup an investigation by ID, or partial ID.
func InvestigationByIDWithCache ¶
func InvestigationByIDWithCache(cache []Investigation, uuid string) (Investigation, error)
Lookup an investigation by ID, or partial ID, using an already downloaded list of investigation.
func (*Investigation) Approve ¶
func (investigation *Investigation) Approve(privateKey *rsa.PrivateKey)
func (*Investigation) ApproverNames ¶
func (investigation *Investigation) ApproverNames() []string
List the names of the investigators who approved an investigation.
func (*Investigation) MinimumConsensus ¶
func (investigation *Investigation) MinimumConsensus() int
Each task has different consensus requirements, return the highest value from all the tasks. That will be the amount of consensus required for this investigation.
func (*Investigation) ReportDirectory ¶
func (investigation *Investigation) ReportDirectory() string
Return the local filesystem path that is being used to write report artifacts during this investigation.
func (*Investigation) ReportZip ¶
func (investigation *Investigation) ReportZip() string
Return the path on the local filesystem for the zipped report that resulted from this investigation.
func (*Investigation) ScopeFactsStrings ¶
func (investigation *Investigation) ScopeFactsStrings() []string
Get a slice of strings that are printable versions of the facts on this investigation.
func (*Investigation) ScopeFactsToString ¶
func (investigation *Investigation) ScopeFactsToString() string
Get a single string that represents all facts on this investigation.
func (*Investigation) Sign ¶
func (investigation *Investigation) Sign(privateKey *rsa.PrivateKey)
func (*Investigation) Upload ¶
func (investigation *Investigation) Upload() error
Upload this investigation to S3.
func (*Investigation) ValidUniqueApprovers ¶
func (investigation *Investigation) ValidUniqueApprovers() int
Return the number of signatures on an investigation that are from a unique set of investigators and are valid. This is equivalent to the current consensus level.
type Investigator ¶
An investigator is defined by their name and public key.
func LoadInvestigators ¶
func LoadInvestigators() (list []Investigator)
Load the investigator structs from the embedded files and return a slice of investigators.
func LoadLocalInvestigator ¶
func LoadLocalInvestigator() Investigator
Return the local investigator as an Investigator struct.
func NewInvestigator ¶
func NewInvestigator(name, password string) (Investigator, []byte, error)
Create a new investigator object and the encrypted private key PEM block
func (Investigator) String ¶
func (investigator Investigator) String() ([]byte, error)
Serialize the investigation into JSON
type Poller ¶
type Poller interface {
Poll() chan Investigation
}
A poller is anyy structure that can return a channel of investigations.
type PublicKey ¶
type PublicKey struct {
N, E string
}
Values for RSA public key, represented as strings for JSON.
Source Files
Directories