Documentation
¶
Index ¶
- Constants
- Variables
- func AgentHome() string
- func AppLogMsg(agentId string, eventType int, msg string, ip string, port string, rule string) (string, error)
- func BuildAttackMsg(agentId string, eventType int, msg string, ip string, port string) (string, error)
- func CheckPort(port string) bool
- func CheckSum(data []byte) uint16
- func CopyString(s string) string
- func Daemon(nochdir, noclose int) int
- func DeepFields(ifaceType reflect.Type) []reflect.StructField
- func ExecFileForEcho(projectPath string) (string, error)
- func Exists(path string) bool
- func FlushAgentConfig(agentConf AgentConf, agentConfPath string)
- func FlushData2File(proxyTable interface{}, filePath string)
- func GetIp() (string, error)
- func GetMessage(agentId string, data []byte) (string, error)
- func HttpDownload(url, fileName string) bool
- func HttpPost(url string, data interface{}) string
- func IsIpConnect(ip string) bool
- func IsZombie(processId int) bool
- func KillProcess(pp *os.Process) error
- func LoadFileForObj(filename string, itf interface{}) (interface{}, bool)
- func MD5(filename string) string
- func MonitForKillSelfTask()
- func ProcessIsExist(pid int) bool
- func QueryEngineId() string
- func ReadFile(filePath string) (bool, string)
- func ReadProcessTable() (bool, map[string]Pid)
- func ReadProxyTable() (bool, map[string]ProxyStrategy)
- func RedisGet(key string, AgentConf AgentConf) (success bool, data string)
- func RedisSet(key, value string, AgentConf AgentConf) bool
- func SendMsg(msgID int32, evetmsg string, commAddr string) error
- func StartMemCpuMonitor(name string, cpuLimit float64)
- func StructCopy(DstStructPtr interface{}, SrcStructPtr interface{})
- func Unzip(zipFile string, destDir string) error
- func UpdateProcessTable(processTable map[string]Pid)
- type AgentConf
- type AgentMonitorMsg
- type AuditData
- type AuditFile
- type AuditMsg
- type AuditPath
- type AuditProcess
- type AuditReport
- type BasePolicy
- type EngineStrategy
- type EngineStrategyResp
- type EventMsg
- type FileBaitPolicy
- type FileConf
- type HisBaitItem
- type HisBaitPolicy
- type ICMP
- type Message
- type Msg
- type Pid
- type Plugin
- type Policy
- type ProxyStrategy
- type RedisServer
- func (rs *RedisServer) Listen(pool *redis.Pool, key string, message chan redis.Message) error
- func (rs *RedisServer) ListenChannel(pool *redis.Pool, key string, message chan redis.Message)
- func (rs *RedisServer) NewPool() *redis.Pool
- func (rs *RedisServer) PublishMsg(pool *redis.Pool, key, value string)
- type SshKeyBody
Constants ¶
View Source
const ( HEARTBEAT = 1000 POLICY = 1001 ATTACK = 1002 MONITOR = 1003 ASSET = 1004 REBOUND_SHELL_ATTACK = 1005 )
View Source
const ( BruteForce = 1 FILE_Monit = 2 Command_Monit = 3 Process_Monit = 4 Network_Monit = 5 WebShell = 6 BaseLine = 7 AppLog = 8 Audit = 9 Asset = 10 Rebound_Shell_Event = 11 )
Variables ¶
View Source
var ProcessTablePath = AgentHome() + "/conf/process-table.json"
Functions ¶
func BuildAttackMsg ¶
func CopyString ¶
func DeepFields ¶
func DeepFields(ifaceType reflect.Type) []reflect.StructField
func ExecFileForEcho ¶
func FlushAgentConfig ¶
func FlushData2File ¶
func FlushData2File(proxyTable interface{}, filePath string)
func HttpDownload ¶
func HttpPost ¶
发送POST请求 url: 请求地址 data: POST请求提交的数据 contentType: 请求体格式,如:application/json content: 请求放回的内容
func IsIpConnect ¶
func KillProcess ¶
func LoadFileForObj ¶
func MonitForKillSelfTask ¶
func MonitForKillSelfTask()
func ProcessIsExist ¶
func QueryEngineId ¶
func QueryEngineId() string
func ReadProcessTable ¶
func ReadProxyTable ¶
func ReadProxyTable() (bool, map[string]ProxyStrategy)
func StartMemCpuMonitor ¶
func StructCopy ¶
func StructCopy(DstStructPtr interface{}, SrcStructPtr interface{})
func UpdateProcessTable ¶
Types ¶
type AgentConf ¶
type AgentConf struct {
StrategyAddr string `json:"strategyAddr"`
StrategyPass string `json:"strategyPass"`
Version string `json:"version"`
HeartbeatChannel string `json:"heartbeatChannel"`
SshKeyUploadUrl string `json:"sshKeyUploadUrl"`
HoneyPublicIp string `json:"honeyPublicIp"`
}
func LoadAgentConf ¶
type AgentMonitorMsg ¶
type AuditMsg ¶
type AuditMsg struct {
Timestamp string `json:"@timestamp"`
Sequence int `json:"sequence"`
Category string `json:"category"`
Record_type string `json:"record_type"`
Result string `json:"result"`
Session string `json:"session"`
Tags []string `json:"tags"`
//Summary interface{} `json:"summary"`
//User interface{} `json:"user"`
Process AuditProcess `json:"process"`
File AuditFile `json:"file"`
Data AuditData `json:"data"`
Paths []AuditPath `json:"paths"`
}
type AuditPath ¶
type AuditPath struct {
CapFe string `json:"cap_fe"`
CapFi string `json:"cap_fi"`
CapFp string `json:"cap_fp"`
CapFrootid string `json:"cap_frootid"`
CapFver string `json:"cap_fver"`
Dev string `json:"dev"`
Inode string `json:"inode"`
Item string `json:"item"`
Mode string `json:"mode"`
Name string `json:"name"`
Nametype string `json:"nametype"`
Ogid string `json:"ogid"`
Ouid string `json:"ouid"`
Rdev string `json:"rdev"`
}
type AuditProcess ¶
type AuditReport ¶
type BasePolicy ¶
type BasePolicy struct {
TaskId string // 任务ID
AgentId string // 选择执行本策略的 Agent
Status int // 下发端 1: OPEN | 0:CLOSE // 执行端 SUCCESS | FAIL
Type string // FILE | HIS
Data string // 诱饵压缩包下载地址 HTTP
}
诱饵父类 提供类别、agentId/taskId/下发状态/执行状态 这些总体的描述数据
type EngineStrategy ¶
type EngineStrategyResp ¶
type EngineStrategyResp struct {
Code int
Msg string
Data EngineStrategy
}
type HisBaitItem ¶
type HisBaitPolicy ¶
type HisBaitPolicy struct {
BashHistoryPath string
RandomLine string
Enabled bool
Honeybits []HisBaitItem
}
* History诱饵的策略数据结构
type Pid ¶
func StartProject ¶
type ProxyStrategy ¶
type RedisServer ¶
type RedisServer struct {
// contains filtered or unexported fields
}
func (*RedisServer) ListenChannel ¶
func (*RedisServer) NewPool ¶
func (rs *RedisServer) NewPool() *redis.Pool
func (*RedisServer) PublishMsg ¶
func (rs *RedisServer) PublishMsg(pool *redis.Pool, key, value string)
type SshKeyBody ¶
Source Files
Click to show internal directories.
Click to hide internal directories.