config

package

v0.0.0-...-24e3e83 Latest Latest Go to latest Published: Jun 16, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Gui774ume/network-security-probe

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index ¶

func ReadConfigFile(path string, cfg *NSPConfig) error
type NSPConfig
- func NewConfigFromCLI() (*NSPConfig, error)
- func NewConfigFromPath(path string) (*NSPConfig, error)
type SecurityAction

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ReadConfigFile ¶

func ReadConfigFile(path string, cfg *NSPConfig) error

ReadConfigFile - Read the provided config file and populates the provided config file

Types ¶

type NSPConfig ¶

type NSPConfig struct {
	// CLI - CLI parameters
	CLI struct {
		Verbose           logrus.Level
		ConfigPath        string
		KubeConfigPath    string
		ProfileOutputPath string
		Pid               uint32
		Netns             uint64
		DDLogURL          string
		ProcessCacheSize  uint32
	}

	// eBPF - eBPF tunning options
	EBPF struct {
		PerfMapPageCount  int `yaml:"perf_map_page_count" default:"64"`
		KprobeMaxActive   int `yaml:"kprobe_max_active" default:"-1"`
		MapsChannelLength int `yaml:"maps_chanel_length" default:"1000"`
	} `yaml:"ebpf"`

	// MonitoringOptions - Process level network monitoring options
	MonitoringOptions struct {
		// NetworkMonitorTick - This parameter defines how often the eBPF maps containing networking data should be dumped
		NetworkMonitorTick int `yaml:"network_monitor_tick" default:"0"`
		// DNSMonitoring - When activated, the probe will log DNS activity
		DNSMonitoring bool `yaml:"dns_monitoring"`
		// NetworkInterfacesMonitoring - When activated, the probe will log interface activity (registration etc ...)
		NetworkInterfacesMonitoring bool `yaml:"network_interfaces_monitoring"`
		// ConnectionMonitoring - When activated, the probe will log network connections (egress & ingress)
		ConnectionMonitoring bool `yaml:"connection_monitoring"`
	} `yaml:"monitoring_options"`

	// SecurityOptions - Attacks detection options
	SecurityOptions struct {
		// FloodAttacks - When activated, the probe will trigger an alert when a flood attack is detected (SYN flood)
		FloodAttacks SecurityAction `yaml:"flood_attacks"`
		// ARPSpoofing - When activated, the probe will look for ARP spoofing attacks
		ARPSpoofing SecurityAction `yaml:"arp_spoofing"`
		// DNSSpoofing - When activated, the probe will look for DNS spoofing attacks
		DNSSpoofing SecurityAction `yaml:"dns_spoofing"`

		// EgressDomains - List of egress domains with corresponding security action
		EgressDomains map[string]SecurityAction `yaml:"egress_domains"`
		// EgressDefault - Security action taken for unexpected egress domains
		EgressDefault SecurityAction `yaml:"egress_default"`
		// IngressDomains - List of ingress domains with corresponding security action
		IngressDomains map[string]SecurityAction `yamls:"ingress_domains"`
		// IngressDefault - Security action taken for unexpected ingress domains
		IngressDefault SecurityAction `yaml:"ingress_default"`

		// NetworkProtocols - List of expected network protocols (L3) and their security action
		NetworkProtocols map[string]SecurityAction `yaml:"network_protocols"`
		// NetworkProtocolDefault - Security action taken for unexpected network protocols
		NetworkProtocolDefault SecurityAction `yaml:"network_protocol_default"`
		// TransportProtocol - List of expected transport protocols (L4) and their security action
		TransportProtocols map[string]SecurityAction `yaml:"transport_protocols"`
		// TransportProtocolDefault - Security action taken for unexpected transport protocols
		TransportProtocolDefault SecurityAction `yaml:"transport_protocol_default"`
		// ApplicationProtocols - List of expected application protocols (L7) and their security action
		ApplicationProtocols map[string]SecurityAction `yaml:"application_protocols"`
		// ApplicationProtocolDefault - Security action taken for unexpected application protocols
		ApplicationProtocolDefault SecurityAction `yaml:"application_protocol_default"`
	} `yaml:"security_options"`
}

NSPConfig - Network security probe option

func NewConfigFromCLI ¶

func NewConfigFromCLI() (*NSPConfig, error)

NewConfigFromCLI - Parses command line arguments

func NewConfigFromPath ¶

func NewConfigFromPath(path string) (*NSPConfig, error)

NewConfigFromPath - Returns a configuration parsed from the provided file

type SecurityAction ¶

type SecurityAction struct {
	Alert bool `yaml:"alert" default:"true"`
	Block bool `yaml:"block" default:"false"`
	Kill  bool `yaml:"kill" default:"false"`
}

SecurityAction - A security action defines what the probe should do.

Alert means that an alert will be reported by the probe
Block means that the probe will block the offending connection
Kill means that the offending process will be killed

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL