Documentation
¶
Overview ¶
Package minions specifies a common Minion interface.
A minion performs certain checks on the files provided and returns issues it finds to the caller. Each minion is interested in certain files that can be discovered using ListInitialInterests method. A minion can also return additional interests to the caller as a result of an AnalyzeFiles method call.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func StartMinion ¶
StartMinion initializes a gRPC endpoint and populates it with the provided Minion. It can be used by minions to easily start themselves up.
Types ¶
type LocalStateManager ¶
type LocalStateManager struct {
// contains filtered or unexported fields
}
LocalStateManager uses a local cache to manage a minion's state.
func NewLocalStateManager ¶
func NewLocalStateManager() *LocalStateManager
NewLocalStateManager creates a StateManager backed by a local cache.
func (*LocalStateManager) Get ¶
func (l *LocalStateManager) Get(scanID string) (interface{}, error)
Get atomically retrieves the state of a minion during a scan.
func (*LocalStateManager) Has ¶
func (l *LocalStateManager) Has(scanID string) bool
Has returns true if there is any set state for the given scan.
func (*LocalStateManager) Set ¶
func (l *LocalStateManager) Set(scanID string, state interface{}) error
Set atomically sets the state of a minion during a scan.
type Minion ¶
type Minion interface {
// ListInitialInterests returns the initial Interests of a Minion.
ListInitialInterests(ctx context.Context, req *pb.ListInitialInterestsRequest) (*pb.ListInitialInterestsResponse, error)
// AnalyzeFiles returns security issues found in files from AnalyzeFilesRequest.
AnalyzeFiles(ctx context.Context, req *pb.AnalyzeFilesRequest) (*pb.AnalyzeFilesResponse, error)
}
Minion is a interface that should be implemented by every Minion.
type StateManager ¶
type StateManager interface {
// Set atomically sets the state of a minion during a scan.
Set(scanID string, state interface{}) error
// Get atomically retrieves the state of a minion during a scan.
// Returns an error if the key was not found.
Get(scanID string) (interface{}, error)
// Has returns true if there is any set state for the given scan.
Has(scanID string) bool
}
StateManager handles state keeping for a minion, allowing it to save whatever needs saving. It might or might not work across horizontally scaled minions of the same type: check implementors.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package passwd implements a minion that looks for simple issues within /etc/passwd and /etc/shadow files.
|
Package passwd implements a minion that looks for simple issues within /etc/passwd and /etc/shadow files. |
|
Package redis contains a Redis focused minion, which checks Redis-related security configurations.
|
Package redis contains a Redis focused minion, which checks Redis-related security configurations. |
|
Package testminion contains a minion only to be used for testing.
|
Package testminion contains a minion only to be used for testing. |
|
Package tomcat is a minion which is looking for vulnerabilities in tomcat configuration files.
|
Package tomcat is a minion which is looking for vulnerabilities in tomcat configuration files. |
|
Package vulners contains a minion that uses the Vulners API to perform security scans on software packages installed on a system.
|
Package vulners contains a minion that uses the Vulners API to perform security scans on software packages installed on a system. |
|
dpkg
Package dpkg reads package information in the format of /var/lib/dpkg/status file.
|
Package dpkg reads package information in the format of /var/lib/dpkg/status file. |
|
rpm
Package rpm reads package information through RPMlib from a Packages database.
|
Package rpm reads package information through RPMlib from a Packages database. |