mig: github.com/mozilla/mig Index | Files | Directories

package mig

import "github.com/mozilla/mig"

Index

Package Files

acl.go action.go agent.go command.go constants.go investigator.go loader.go logging_posix.go manifest.go misc.go runner.go version.go

Constants

const (
    AgtStatusOnline    string = "online"
    AgtStatusDestroyed string = "destroyed"
    AgtStatusOffline   string = "offline"
    AgtStatusIdle      string = "idle"
)

Various agent status values

const (
    StatusSent      string = "sent"
    StatusSuccess   string = "success"
    StatusCancelled string = "cancelled"
    StatusExpired   string = "expired"
    StatusFailed    string = "failed"
    StatusTimeout   string = "timeout"
)

Various command status values

const (
    ExchangeToAgents     = "toagents"
    ExchangeToSchedulers = "toschedulers"
    QueueAgentHeartbeat  = "mig.agt.heartbeats"
    QueueAgentResults    = "mig.agt.results"
)

Various constants that indicate exchange and queue names used in RabbitMQ

const (
    PermSearch = 1 << iota
    PermAction
    PermActionCreate
    PermCommand
    PermAgent
    PermDashboard
    PermLoader
    PermLoaderStatus
    PermLoaderExpect
    PermLoaderKey
    PermLoaderNew
    PermManifest
    PermManifestSign
    PermManifestNew
    PermManifestStatus
    PermManifestLoaders
    PermInvestigator
    PermInvestigatorCreate
    PermInvestigatorUpdate
)

Permissions that can be assigned to investigators

const (
    StatusActiveInvestigator   string = "active"
    StatusDisabledInvestigator string = "disabled"
)

Possible status values for an investigator

const ActionVersion uint16 = 2

ActionVersion is the version of the syntax that is expected

const LoaderHashedKeyLength = 32

LoaderHashedKeyLength is the length of the hashed loader key in the database

const LoaderKeyLength = 32

LoaderKeyLength is the length of the loader key

const LoaderPrefixAndKeyLength = 40

LoaderPrefixAndKeyLength is the key length for a loader key including the prefix

const LoaderPrefixLength = 8

LoaderPrefixLength is the length of the loader prefix

const LoaderSaltLength = 16

LoaderSaltLength is the length of the salt applied to loader keys

Variables

var BundleDictionary = map[string][]BundleDictionaryEntry{
    "linux":   bundleEntryLinux,
    "darwin":  bundleEntryDarwin,
    "windows": bundleEntryWindows,
}

BundleDictionary maps GOOS platform names to specific bundle entry values

var PermSets = []string{"PermManifest", "PermLoader", "PermAdmin"}

PermSets describes permission sets that can be applied; note default is omitted as this is currently always applied

var Version = ""

Version can be set at compile time to indicate the version of MIG components. You'd typically want to set this during install using flags such as -ldflags "-X github.com/mozilla/mig.Version=20170913-0.06824ce0.dev" when calling the go build tools.

func GenID Uses

func GenID() float64

GenID returns a float64 ID number that is unique to this process. The ID is initialized at the number of seconds since MIG's creation date, shifted 16 bits to the right and incremented by one every time a new ID is requested. The resulting value must fit in 53 bits of precision provided by the float64 type.

func GenerateLoaderKey Uses

func GenerateLoaderKey() string

GenerateLoaderKey will generate a new loader key value

func GenerateLoaderPrefix Uses

func GenerateLoaderPrefix() string

GenerateLoaderPrefix will generate a new loader prefix value

func ProcessLog Uses

func ProcessLog(logctx Logging, l Log) (stop bool, err error)

ProcessLog receives events and performs logging and evaluation of the log severity level, in the event of an emergency level entry stop will be true

func RandAPIKeyString Uses

func RandAPIKeyString(length int) string

RandAPIKeyString is used for prefix and key generation, and just returns a random string consisting of alphanumeric characters of length characters long

func ValidateLoaderKey Uses

func ValidateLoaderKey(key string) error

ValidateLoaderKey validates a loader key, returns nil if it is valid

func ValidateLoaderPrefix Uses

func ValidateLoaderPrefix(prefix string) error

ValidateLoaderPrefix validates a loader prefix value, returns nil if it is valid

func ValidateLoaderPrefixAndKey Uses

func ValidateLoaderPrefixAndKey(pk string) error

ValidateLoaderPrefixAndKey validates a loader key that includes the prefix

type ACL Uses

type ACL map[string]struct {
    MinimumWeight int
    Investigators map[string]struct {
        Fingerprint string
        Weight      int
    }
}

ACL defines an access control list used by the agent to determine what investigators can call a given module. The key in this map is the module name, and can be "default" in which case this element will be used if no key for a given module exists.

The value includes a minimum weight to authorize the request, and a map of investigators with the key of the map being the name of the investigator, and the value storing the PGP fingerprint of the investigators key and the weight that investigator has.

type Action Uses

type Action struct {
    ID             float64        `json:"id"`
    Name           string         `json:"name"`
    Target         string         `json:"target"`
    Description    Description    `json:"description,omitempty"`
    Threat         Threat         `json:"threat,omitempty"`
    ValidFrom      time.Time      `json:"validfrom"`
    ExpireAfter    time.Time      `json:"expireafter"`
    Operations     []Operation    `json:"operations"`
    PGPSignatures  []string       `json:"pgpsignatures"`
    Investigators  []Investigator `json:"investigators,omitempty"`
    Status         string         `json:"status,omitempty"`
    StartTime      time.Time      `json:"starttime,omitempty"`
    FinishTime     time.Time      `json:"finishtime,omitempty"`
    LastUpdateTime time.Time      `json:"lastupdatetime,omitempty"`
    Counters       ActionCounters `json:"counters,omitempty"`
    SyntaxVersion  uint16         `json:"syntaxversion,omitempty"`
}

Action is the json object that is created by an investigator and provided to the MIG platform. It must be PGP signed.

func ActionFromFile Uses

func ActionFromFile(path string) (Action, error)

ActionFromFile reads an action from a local file on the file system and returns a mig.Action structure

func (Action) IndentedString Uses

func (a Action) IndentedString() (string, error)

IndentedString returns an indented JSON string representing the action suitable for display

func (Action) PrintCounters Uses

func (a Action) PrintCounters()

PrintCounters prints the counters of an action to stderr

func (Action) Sign Uses

func (a Action) Sign(keyid string, secring io.Reader) (sig string, err error)

Sign computes and returns the GPG signature of a MIG action in its stringified form

func (Action) String Uses

func (a Action) String() (str string, err error)

concatenates Action components into a string

func (Action) ToTempFile Uses

func (a Action) ToTempFile() (filename string, err error)

ToTempFile writes an action into a generated temporary file and returns its filename

func (Action) Validate Uses

func (a Action) Validate() (err error)

Validate verifies that the Action received contained all the necessary fields, and returns an error when it doesn't.

func (Action) VerifyACL Uses

func (a Action) VerifyACL(acl ACL, keyring io.Reader, onlyVerifyPubKey bool) (err error)

VerifyACL validates that an action has been issued by investigators that have adequate permissions to execute the action. It takes a look at each operation included in the action and verifies the signatures in the action against the agents ACL.

func (Action) VerifySignatures Uses

func (a Action) VerifySignatures(keyring io.Reader) (err error)

VerifySignatures verifies that the Action contains valid signatures from known investigators. It does not verify permissions.

type ActionCounters Uses

type ActionCounters struct {
    Sent      int `json:"sent,omitempty"`
    Done      int `json:"done,omitempty"`
    InFlight  int `json:"inflight,omitempty"`
    Success   int `json:"success,omitempty"`
    Cancelled int `json:"cancelled,omitempty"`
    Expired   int `json:"expired,omitempty"`
    Failed    int `json:"failed,omitempty"`
    TimeOut   int `json:"timeout,omitempty"`
}

ActionCounters are counters used to track the completion of an action

type Agent Uses

type Agent struct {
    ID              float64           `json:"id,omitempty"`
    Name            string            `json:"name"`
    QueueLoc        string            `json:"queueloc"`
    Mode            string            `json:"mode"`
    Version         string            `json:"version,omitempty"`
    PID             int               `json:"pid,omitempty"`
    LoaderName      string            `json:"loadername,omitempty"`
    StartTime       time.Time         `json:"starttime,omitempty"`
    DestructionTime time.Time         `json:"destructiontime,omitempty"`
    HeartBeatTS     time.Time         `json:"heartbeatts,omitempty"`
    RefreshTS       time.Time         `json:"refreshts,omitempty"`
    Status          string            `json:"status,omitempty"`
    Authorized      bool              `json:"authorized,omitempty"`
    Env             AgentEnv          `json:"environment,omitempty"`
    Tags            map[string]string `json:"tags,omitempty"`
}

Agent stores the description of an agent and serves as a canvas for heartbeat messages

type AgentEnv Uses

type AgentEnv struct {
    Init      string      `json:"init,omitempty"`
    Ident     string      `json:"ident,omitempty"`
    OS        string      `json:"os,omitempty"`
    Arch      string      `json:"arch,omitempty"`
    IsProxied bool        `json:"isproxied"`
    Proxy     string      `json:"proxy,omitempty"`
    Addresses []string    `json:"addresses,omitempty"`
    PublicIP  string      `json:"publicip,omitempty"`
    AWS       AgentEnvAWS `json:"aws,omitempty"`
    Modules   []string    `json:"modules,omitempty"`
}

AgentEnv stores basic information of the endpoint

type AgentEnvAWS Uses

type AgentEnvAWS struct {
    InstanceID   string `json:"instanceid,omitempty"`
    LocalIPV4    string `json:"localipv4,omitempty"`
    AMIID        string `json:"amiid,omitempty"`
    InstanceType string `json:"instancetype,omitempty"`
}

AgentEnvAWS stores AWS specific agent environment values

type AgentsStats Uses

type AgentsStats struct {
    Timestamp             time.Time           `json:"timestamp"`
    OnlineAgents          float64             `json:"onlineagents"`
    OnlineAgentsByVersion []AgentsVersionsSum `json:"onlineagentsbyversion"`
    OnlineEndpoints       float64             `json:"onlineendpoints"`
    IdleAgents            float64             `json:"idleagents"`
    IdleAgentsByVersion   []AgentsVersionsSum `json:"idleagentsbyversion"`
    IdleEndpoints         float64             `json:"idleendpoints"`
    NewEndpoints          float64             `json:"newendpoints"`
    MultiAgentsEndpoints  float64             `json:"multiagentsendpoints"`
    DisappearedEndpoints  float64             `json:"disappearedendpoints"`
    FlappingEndpoints     float64             `json:"flappingendpoints"`
}

AgentsStats stores information about the global MIG environment, primarily used in command line tools and the API/scheduler

type AgentsVersionsSum Uses

type AgentsVersionsSum struct {
    Version string  `json:"version"`
    Count   float64 `json:"count"`
}

AgentsVersionsSum stores information on the count of agents at a specific version level, primarily used in command line tools and the API/scheduler

type BundleDictionaryEntry Uses

type BundleDictionaryEntry struct {
    Name   string
    Path   string
    SHA256 string
    Perm   os.FileMode
}

BundleDictionaryEntry is used to map tokens within the loader manifest to objects on the file system. We don't allow specification of an exact path for interrogation or manipulation in the manifest. This results in some restrictions but hardens the loader against making unauthorized changes to the file system.

func GetHostBundle Uses

func GetHostBundle() ([]BundleDictionaryEntry, error)

GetHostBundle returns the correct BundleDictionaryEntry given the platform the code is executing on

func HashBundle Uses

func HashBundle(b []BundleDictionaryEntry) ([]BundleDictionaryEntry, error)

HashBundle populates a slice of BundleDictionaryEntrys, adding the SHA256 checksums from the file system

type Command Uses

type Command struct {
    ID     float64 `json:"id"`
    Action Action  `json:"action"`
    Agent  Agent   `json:"agent"`

    // Status can be one of:
    // sent: the command has been sent by the scheduler to the agent
    // success: the command has successfully ran on the agent and been returned to the scheduler
    // cancelled: the command has been cancelled by the investigator
    // expired: the command has been expired by the scheduler
    // failed: the command has failed on the agent and been returned to the scheduler
    // timeout: module execution has timed out, and the agent returned the command to the scheduler
    Status string `json:"status"`

    Results    []modules.Result `json:"results"`
    StartTime  time.Time        `json:"starttime"`
    FinishTime time.Time        `json:"finishtime"`
}

Command describes an action as applied to a single agent, and will include results

func CmdFromFile Uses

func CmdFromFile(path string) (cmd Command, err error)

CmdFromFile reads a command from a local file on the file system and return the mig.Command structure

type Description Uses

type Description struct {
    Author   string  `json:"author,omitempty"`
    Email    string  `json:"email,omitempty"`
    URL      string  `json:"url,omitempty"`
    Revision float64 `json:"revision,omitempty"`
}

Description is a simple object that contains detail about the action's author, and it's revision.

type Investigator Uses

type Investigator struct {
    ID             float64   `json:"id,omitempty"`
    Name           string    `json:"name"`
    PGPFingerprint string    `json:"pgpfingerprint"`
    PublicKey      []byte    `json:"publickey,omitempty"`
    PrivateKey     []byte    `json:"privatekey,omitempty"`
    Status         string    `json:"status"`
    CreatedAt      time.Time `json:"createdat"`
    LastModified   time.Time `json:"lastmodified"`
    APIKey         string    `json:"apikey,omitempty"`

    Permissions InvestigatorPerms `json:"permissions"`
}

Investigator describes a single MIG investigator

func (*Investigator) CheckPermission Uses

func (i *Investigator) CheckPermission(pv int64) bool

CheckPermission validates if an investigator has given permission pv

type InvestigatorAPIAuthHelper Uses

type InvestigatorAPIAuthHelper struct {
    ID     float64 // Investigator ID
    APIKey []byte  // Key hash
    Salt   []byte  // Key salt
}

InvestigatorAPIAuthHelper is a small struct used to pass information between the database and the API, and is used primarily for authorizing requests using API keys.

type InvestigatorPerms Uses

type InvestigatorPerms struct {
    Search             bool `json:"search"`
    Action             bool `json:"action"`
    ActionCreate       bool `json:"action_create"`
    Command            bool `json:"command"`
    Agent              bool `json:"agent"`
    Dashboard          bool `json:"dashboard"`
    Loader             bool `json:"loader"`
    LoaderStatus       bool `json:"loader_status"`
    LoaderExpect       bool `json:"loader_expect"`
    LoaderKey          bool `json:"loader_key"`
    LoaderNew          bool `json:"loader_new"`
    Manifest           bool `json:"manifest"`
    ManifestSign       bool `json:"manifest_sign"`
    ManifestStatus     bool `json:"manifest_status"`
    ManifestNew        bool `json:"manifest_new"`
    ManifestLoaders    bool `json:"manifest_loaders"`
    Investigator       bool `json:"investigator"`
    InvestigatorCreate bool `json:"investigator_create"`
    InvestigatorUpdate bool `json:"investigator_update"`
}

InvestigatorPerms describes permissions assigned to an investigator

func (*InvestigatorPerms) AdminSet Uses

func (ip *InvestigatorPerms) AdminSet()

AdminSet sets administrative permissions on the investigator

func (*InvestigatorPerms) DefaultSet Uses

func (ip *InvestigatorPerms) DefaultSet()

DefaultSet sets a default set of permissions on the investigator

func (*InvestigatorPerms) FromMask Uses

func (ip *InvestigatorPerms) FromMask(mask int64)

FromMask converts a permission bit mask into a boolean permission set

func (*InvestigatorPerms) FromSetList Uses

func (ip *InvestigatorPerms) FromSetList(sl []string) error

FromSetList applies permission sets in slice sl to the investigator

func (*InvestigatorPerms) LoaderSet Uses

func (ip *InvestigatorPerms) LoaderSet()

LoaderSet sets loader related permissions on the investigator

func (*InvestigatorPerms) ManifestSet Uses

func (ip *InvestigatorPerms) ManifestSet()

ManifestSet sets manifest related permissions on the investigator

func (*InvestigatorPerms) ToDescriptive Uses

func (ip *InvestigatorPerms) ToDescriptive() string

ToDescriptive converts an existing boolean permission set to a descriptive string, used primarily in mig-console for summarizing permissions assigned to an investigator

func (*InvestigatorPerms) ToMask Uses

func (ip *InvestigatorPerms) ToMask() (ret int64)

ToMask converts a boolean permission set to a permission bit mask

type LoaderAuthDetails Uses

type LoaderAuthDetails struct {
    ID   float64
    Hash []byte
    Salt []byte
}

LoaderAuthDetails is a small helper type used primarily during the loader authentication process between the API and database code, temporarily stores authentication information

func (*LoaderAuthDetails) Validate Uses

func (lad *LoaderAuthDetails) Validate() error

Validate validates a LoaderAuthDetails type

type LoaderEntry Uses

type LoaderEntry struct {
    ID        float64   `json:"id"`        // Loader ID
    Name      string    `json:"name"`      // Loader name
    Prefix    string    `json:"prefix"`    // Loader key prefix
    Key       string    `json:"key"`       // Loader key (only populated during creation)
    AgentName string    `json:"agentname"` // Loader environment, agent name
    LastSeen  time.Time `json:"lastseen"`  // Last time loader was used
    Enabled   bool      `json:"enabled"`   // Loader entry is active
    ExpectEnv string    `json:"expectenv"` // Expected environment
}

LoaderEntry describes a loader entry stored in the database

func (*LoaderEntry) Validate Uses

func (le *LoaderEntry) Validate() (err error)

Validate validates a loader entry

type Log Uses

type Log struct {
    OpID, ActionID, CommandID float64
    Sev, Desc                 string
    Priority                  syslog.Priority
}

Log defines a log entry

func (Log) Alert Uses

func (l Log) Alert() (mlog Log)

Alert sets Log entry level to alert

func (Log) Crit Uses

func (l Log) Crit() (mlog Log)

Crit sets Log entry level to critical

func (Log) Debug Uses

func (l Log) Debug() (mlog Log)

Debug sets log entry level to debug

func (Log) Emerg Uses

func (l Log) Emerg() (mlog Log)

Emerg sets Log entry level to emergency

func (Log) Err Uses

func (l Log) Err() (mlog Log)

Err sets Log entry level to error

func (Log) Info Uses

func (l Log) Info() (mlog Log)

Info sets Log entry level to info

func (Log) Notice Uses

func (l Log) Notice() (mlog Log)

Notice sets Log entry level to notice

func (Log) Warning Uses

func (l Log) Warning() (mlog Log)

Warning sets Log entry level to warning

type Logging Uses

type Logging struct {
    // configuration
    Mode, Level, File, Host, Protocol, Facility string
    Port                                        int
    MaxFileSize                                 int64
    // contains filtered or unexported fields
}

Logging stores the attributes needed to perform the logging

func InitLogger Uses

func InitLogger(origLogctx Logging, progname string) (logctx Logging, err error)

InitLogger prepares the context for logging based on the configuration in Logging

func (Logging) Destroy Uses

func (logctx Logging) Destroy()

Destroy can be used to indicate no further logging with the given logging context will take place

type ManifestEntry Uses

type ManifestEntry struct {
    Name   string `json:"name"`   // Corresponds to a bundle name
    SHA256 string `json:"sha256"` // SHA256 of entry
}

ManifestEntry describes an individual file element within a manifest

type ManifestFetchResponse Uses

type ManifestFetchResponse struct {
    Data []byte `json:"data"`
}

ManifestFetchResponse is the response to a manifest object fetch

type ManifestParameters Uses

type ManifestParameters struct {
    AgentIdentifier Agent  `json:"agent"`  // Agent context information
    Object          string `json:"object"` // Object being requested
}

ManifestParameters are sent from the loader to the API as part of a manifest request.

func (*ManifestParameters) Validate Uses

func (m *ManifestParameters) Validate() error

Validate validetes a ManifestParameters type for correct formatting

func (*ManifestParameters) ValidateFetch Uses

func (m *ManifestParameters) ValidateFetch() error

ValidateFetch validates the parameters included in a manifest request with an object fetch component

type ManifestRecord Uses

type ManifestRecord struct {
    ID         float64   `json:"id"`                // Manifest record ID
    Name       string    `json:"name"`              // The name of the manifest record
    Content    string    `json:"content,omitempty"` // Full data contents of record
    Timestamp  time.Time `json:"timestamp"`         // Record timestamp
    Status     string    `json:"status"`            // Record status
    Target     string    `json:"target"`            // Targetting parameters for record
    Signatures []string  `json:"signatures"`        // Signatures applied to the record
}

ManifestRecord describes a manifest record stored within the MIG database

func (*ManifestRecord) ContentFromFile Uses

func (m *ManifestRecord) ContentFromFile(path string) (err error)

ContentFromFile loads manifest content from a file on the file system (a gzip'd tar file), primarily utilized by mig-console during manifest creation operations

func (*ManifestRecord) FileFromContent Uses

func (m *ManifestRecord) FileFromContent(path string) (err error)

FileFromContent writes manifest content to a file on the file system

func (*ManifestRecord) ManifestObject Uses

func (m *ManifestRecord) ManifestObject(obj string) ([]byte, error)

ManifestObject returns the requested file object as a gzip compressed byte slice from the manifest record

func (*ManifestRecord) ManifestResponse Uses

func (m *ManifestRecord) ManifestResponse() (ManifestResponse, error)

ManifestResponse converts a manifest record into a manifest response

func (*ManifestRecord) Sign Uses

func (m *ManifestRecord) Sign(keyid string, secring io.Reader) (sig string, err error)

Sign will sign a manifest record using the indicated key ID

func (*ManifestRecord) Validate Uses

func (m *ManifestRecord) Validate() (err error)

Validate validates an existing manifest record

type ManifestResponse Uses

type ManifestResponse struct {
    LoaderName string          `json:"loader_name"`
    Entries    []ManifestEntry `json:"entries"`
    Signatures []string        `json:"signatures"`
}

ManifestResponse is the response to a standard manifest request

func (*ManifestResponse) Validate Uses

func (m *ManifestResponse) Validate() error

Validate validates a ManifestResponse type ensuring required content is present

func (*ManifestResponse) VerifySignatures Uses

func (m *ManifestResponse) VerifySignatures(keyring io.Reader) (validcnt int, err error)

VerifySignatures verifies the signatures present in a manifest response against the keys present in keyring. It returns the number of valid unique signatures identified in the ManifestResponse.

type Operation Uses

type Operation struct {
    Module     string      `json:"module"`
    Parameters interface{} `json:"parameters"`

    // If WantCompressed is set in the operation, the parameters
    // will be compressed in PostAction() when the client sends the
    // action to the API. This will also result in IsCompressed being
    // marked as true, so the receiving agent knows it must decompress
    // the parameter data.
    IsCompressed   bool `json:"is_compressed,omitempty"`
    WantCompressed bool `json:"want_compressed,omitempty"`
}

Operation is an object that maps to an agent module. The parameters of the operation are passed to the module as an argument, and thus their format depends on the module itself.

func (*Operation) CompressOperationParam Uses

func (op *Operation) CompressOperationParam() (err error)

CompressOperationParam compresses the parameters stored within an operation

func (*Operation) DecompressOperationParam Uses

func (op *Operation) DecompressOperationParam() (err error)

DecompressOperationParam decompresses the parameters stored within an operation

type RunnerResult Uses

type RunnerResult struct {
    Action     Action    `json:"action"`
    Commands   []Command `json:"commands"`
    EntityName string    `json:"name"`
    UsePlugin  string    `json:"plugin"`
}

RunnerResult describes results that are produced by mig-runner. This data would be consumed by mig-runner plugins.

type Threat Uses

type Threat struct {
    Ref    string `json:"ref,omitempty"`
    Level  string `json:"level,omitempty"`
    Family string `json:"family,omitempty"`
    Type   string `json:"type,omitempty"`
}

Threat provides the investigator with details on a threat indicator if included in an action

Directories

PathSynopsis
client
client/migmig is the command line tool that investigators can use to launch actions for execution by agents to retrieve/display the results of the actions.
client/mig-action-generatorThis Source Code Form is subject to the terms of the Mozilla Public License, v.
client/mig-action-verifierThis Source Code Form is subject to the terms of the Mozilla Public License, v.
client/mig-agent-search
client/mig-consoleThis Source Code Form is subject to the terms of the Mozilla Public License, v.
database
database/search
mig-agentThis Source Code Form is subject to the terms of the Mozilla Public License, v.
mig-agent/agentcontextThe agentcontext package provides functionality to obtain information about the system a given agent or loader is running on.
mig-apiThis Source Code Form is subject to the terms of the Mozilla Public License, v.
mig-api/agents
mig-loaderThe MIG loader is a simple bootstrapping tool for MIG.
mig-runnerThis Source Code Form is subject to the terms of the Mozilla Public License, v.
mig-schedulerThis Source Code Form is subject to the terms of the Mozilla Public License, v.
modulepack
modulesThis package implements interfaces to write modules for MIG.
modules/agentdestroyagentdestroy is a module used in the upgrade protocol to kill an agent that has been upgraded.
modules/auditPackage audit implements a persistent module which can read and parse the operating system audit trail.
modules/dispatchPackage dispatch implements alert dispatching for the agent as a module.
modules/exampleThis is an example module.
modules/examplepersist
modules/filePackage file provides functions to scan a file system as an agent module.
modules/fswatch
modules/memoryThe memory module implements scanning of the memory of processes using the Masche memory scanning package.
modules/netstatnetstat is a module that retrieves network information about the endpoint, such as mac addresses, local and connected IPs, listening TCP and UDP sockets and peers
modules/pingThe Ping module implements icmp, tcp and udp pings/ Usage doc is online at http://mig.mozilla.org/doc/module_ping.html
modules/pkg
modules/scribescribe module implementation for MIG.
modules/sshkeyPackage sshkey implements the sshkey module in the agent
modules/timedriftThe timedrift module evaluate the local time of a target against network time retrieved using NTP.
modules/yara
pgpThe PGP package is a helper around Golang's OpenPGP implementation
pgp/gpgagentPackage gpgagent interacts with the local GPG Agent.
pgp/pinentryPackage pinentry interfaces with the pinentry(1) command to securely prompt the user for a password using whichever user interface the user is currently using.
runner-plugins/runner-complianceThis Source Code Form is subject to the terms of the Mozilla Public License, v.
runner-plugins/runner-scriberunner-scribe is a mig-runner plugin that processes results coming from automated actions and forwards the results as vulnerability events to MozDef
servicePackage service provides a simple way to create a system service.
testutil
tools

Package mig imports 23 packages (graph) and is imported by 17 packages. Updated 2019-07-12. Refresh now. Tools for package owners.