common

package
v5.0.0-preview.1+incom... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const DLPRuleTag string = "_nvCtR."
View Source
const DefaultAdminPass string = "admin"
View Source
const DefaultAdminUser string = "admin"
View Source
const DefaultIdleTimeout uint32 = 300
View Source
const DlpPrefix string = "DLP."
View Source
const NetworkViolation string = "Network.Violation"

For name match in response rule

View Source
const OEMDefaultUserLocale string = "en"
View Source
const ScanPlatformID = "platform"
View Source
const WAFRuleTag string = "_nVwAfCtR."
View Source
const WafPrefix string = "WAF."

Variables

View Source
var DefaultSystemConfig = share.CLUSSystemConfig{
	NewServicePolicyMode:      share.PolicyModeLearn,
	NewServiceProfileBaseline: share.ProfileBasic,
	UnusedGroupAging:          share.UnusedGroupAgingDefault,
	CLUSSyslogConfig: share.CLUSSyslogConfig{
		SyslogIP:         nil,
		SyslogServer:     "",
		SyslogIPProto:    syscall.IPPROTO_UDP,
		SyslogPort:       api.SyslogDefaultUDPPort,
		SyslogLevel:      api.LogLevelINFO,
		SyslogEnable:     false,
		SyslogCategories: defaultSyslogCategory,
		SyslogInJSON:     false,
	},
	AuthOrder:       []string{},
	ClusterName:     defaultClusterName,
	Webhooks:        []share.CLUSWebhook{},
	ControllerDebug: []string{},
	TapProxymesh:    true,
	XffEnabled:      true,
}
View Source
var ErrAtomicWriteFail error = errors.New("Atomic write failed")
View Source
var ErrObjectAccessDenied error = errors.New("Access denied")
View Source
var ErrObjectExists error = errors.New("Object exists")
View Source
var ErrObjectNotFound error = errors.New("Object not found")
View Source
var ErrUnsupported error = errors.New("Unsupported action")
View Source
var LogEventMap = map[share.TLogEvent]LogEventInfo{
	share.CLUSEvWorkloadStart:               {api.EventNameContainerStart, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvWorkloadStop:                {api.EventNameContainerStop, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvWorkloadSecured:             {api.EventNameContainerSecured, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvWorkloadRemove:              {api.EventNameContainerRemove, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvAgentStart:                  {api.EventNameAgentStart, api.EventCatAgent, api.LogLevelINFO},
	share.CLUSEvAgentStop:                   {api.EventNameAgentStop, api.EventCatAgent, api.LogLevelINFO},
	share.CLUSEvAgentJoin:                   {api.EventNameAgentJoin, api.EventCatAgent, api.LogLevelINFO},
	share.CLUSEvAgentDisconnect:             {api.EventNameAgentDisconnect, api.EventCatAgent, api.LogLevelNOTICE},
	share.CLUSEvAgentConnect:                {api.EventNameAgentConnect, api.EventCatAgent, api.LogLevelNOTICE},
	share.CLUSEvAgentKicked:                 {api.EventNameAgentKicked, api.EventCatAgent, api.LogLevelWARNING},
	share.CLUSEvControllerStart:             {api.EventNameControllerStart, api.EventCatController, api.LogLevelINFO},
	share.CLUSEvControllerStop:              {api.EventNameControllerStop, api.EventCatController, api.LogLevelINFO},
	share.CLUSEvControllerJoin:              {api.EventNameControllerJoin, api.EventCatController, api.LogLevelINFO},
	share.CLUSEvControllerDisconnect:        {api.EventNameControllerDisconnect, api.EventCatController, api.LogLevelNOTICE},
	share.CLUSEvControllerConnect:           {api.EventNameControllerConnect, api.EventCatController, api.LogLevelNOTICE},
	share.CLUSEvControllerLeadLost:          {api.EventNameControllerLeadLost, api.EventCatController, api.LogLevelWARNING},
	share.CLUSEvControllerLeadElect:         {api.EventNameControllerLeadElect, api.EventCatController, api.LogLevelNOTICE},
	share.CLUSEvAuthLogin:                   {api.EventNameAuthLogin, api.EventCatAuth, api.LogLevelINFO},
	share.CLUSEvAuthLogout:                  {api.EventNameAuthLogout, api.EventCatAuth, api.LogLevelINFO},
	share.CLUSEvAuthTimeout:                 {api.EventNameAuthTimeout, api.EventCatAuth, api.LogLevelNOTICE},
	share.CLUSEvAuthLoginFailed:             {api.EventNameAuthLoginFailed, api.EventCatAuth, api.LogLevelWARNING},
	share.CLUSEvAuthLoginBlocked:            {api.EventNameAuthLoginBlocked, api.EventCatAuth, api.LogLevelNOTICE},
	share.CLUSEvAuthLoginUnblocked:          {api.EventNameAuthLoginUnblocked, api.EventCatAuth, api.LogLevelINFO},
	share.CLUSEvAuthUserPwdResetByAdmin:     {api.EventNameAuthUserPwdRestByAdmin, api.EventCatAuth, api.LogLevelINFO},
	share.CLUSEvAuthAccessDenied:            {api.EventNameAuthAccessDenied, api.EventCatAuth, api.LogLevelWARNING},
	share.CLUSEvRESTWrite:                   {api.EventNameRESTWrite, api.EventCatREST, api.LogLevelINFO},
	share.CLUSEvRESTRead:                    {api.EventNameRESTRead, api.EventCatREST, api.LogLevelINFO},
	share.CLUSEvScannerJoin:                 {api.EventNameScannerJoin, api.EventCatScan, api.LogLevelINFO},
	share.CLUSEvScannerUpdate:               {api.EventNameScannerUpdate, api.EventCatScan, api.LogLevelINFO},
	share.CLUSEvScannerLeave:                {api.EventNameScannerLeave, api.EventCatScan, api.LogLevelINFO},
	share.CLUSEvScanFail:                    {api.EventNameScanFail, api.EventCatScan, api.LogLevelNOTICE},
	share.CLUSEvScanSucceed:                 {api.EventNameScanSucceed, api.EventCatScan, api.LogLevelINFO},
	share.CLUSEvBenchDockerFail:             {api.EventNameBenchDockerFail, api.EventCatBench, api.LogLevelNOTICE},
	share.CLUSEvBenchKubeFail:               {api.EventNameBenchKubeFail, api.EventCatBench, api.LogLevelNOTICE},
	share.CLUSEvLicenseUpdate:               {api.EventNameLicenseUpdate, api.EventCatLicense, api.LogLevelINFO},
	share.CLUSEvLicenseExpire:               {api.EventNameLicenseExpire, api.EventCatLicense, api.LogLevelWARNING},
	share.CLUSEvLicenseRemove:               {api.EventNameLicenseRemove, api.EventCatLicense, api.LogLevelWARNING},
	share.CLUSEvLicenseEnforcerLimitReached: {api.EventNameLicenseEnforcerLimitReached, api.EventCatLicense, api.LogLevelWARNING},
	share.CLUSEvWorkloadQuarantined:         {api.EventNameContainerQuarantined, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvWorkloadUnquarantined:       {api.EventNameContainerUnquarantined, api.EventCatWorkload, api.LogLevelINFO},
	share.CLUSEvAdmCtrlK8sConfigured:        {api.EventNameAdmCtrlK8sConfigured, api.EventCatAdmCtrl, api.LogLevelNOTICE},
	share.CLUSEvAdmCtrlK8sConfigFailed:      {api.EventNameAdmCtrlK8sConfigFailed, api.EventCatAdmCtrl, api.LogLevelCRIT},
	share.CLUSEvInitCfgMapDone:              {api.EventNameInitCfgMapDone, api.EventCatConfigMap, api.LogLevelINFO},
	share.CLUSEvInitCfgMapError:             {api.EventNameInitCfgMapError, api.EventCatConfigMap, api.LogLevelERR},
	share.CLUSEvCrdImported:                 {api.EventNameCrdImported, api.EventCatCrd, api.LogLevelINFO},
	share.CLUSEvCrdRemoved:                  {api.EventNameCrdRemoved, api.EventCatCrd, api.LogLevelINFO},
	share.CLUSEvCrdErrDetected:              {api.EventNameCrdErrDetected, api.EventCatCrd, api.LogLevelERR},
	share.CLUSEvFedPromote:                  {api.EventNameFedPromote, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvFedDemote:                   {api.EventNameFedDemote, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvFedJoin:                     {api.EventNameFedJoin, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvFedLeave:                    {api.EventNameFedLeave, api.EventCatFed, api.LogLevelNOTICE},
	share.CLUSEvFedKick:                     {api.EventNameFedKick, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvFedPolicySync:               {api.EventNameFedPolicySync, api.EventCatFed, api.LogLevelINFO},
	share.CLUSEvImport:                      {api.EventNameImport, api.EventCatConfig, api.LogLevelNOTICE},
	share.CLUSEvExport:                      {api.EventNameExport, api.EventCatConfig, api.LogLevelNOTICE},
	share.CLUSEvImportFail:                  {api.EventNameImportFail, api.EventCatConfig, api.LogLevelERR},
	share.CLUSEvExportFail:                  {api.EventNameExportFail, api.EventCatConfig, api.LogLevelERR},
	share.CLUSEvCloudScanRet:                {api.EventNameCloudScanNormal, api.EventCatCloud, api.LogLevelINFO},
	share.CLUSEvCloudScanAlert:              {api.EventNameCloudScanAlert, api.EventCatCloud, api.LogLevelWARNING},
	share.CLUSEvCloudScanFail:               {api.EventNameCloudScanFail, api.EventCatCloud, api.LogLevelERR},
	share.CLUSEvGroupAutoRemove:             {api.EventNameGroupAutoRemove, api.EventCatGroup, api.LogLevelINFO},
	share.CLUSEvMemoryPressureAgent:         {api.EventNameMemoryPressureAgent, api.EventCatAgent, api.LogLevelWARNING},
	share.CLUSEvMemoryPressureController:    {api.EventNameMemoryPressureController, api.EventCatController, api.LogLevelWARNING},
}
View Source
var LogThreatMap = map[uint32]LogThreatInfo{
	C.THRT_ID_SYN_FLOOD:         {"TCP.SYN.Flood"},
	C.THRT_ID_ICMP_FLOOD:        {"ICMP.Flood"},
	C.THRT_ID_IP_SRC_SESSION:    {"Source.IP.Session.Limit"},
	C.THRT_ID_BAD_PACKET:        {"Invalid.Packet.Format"},
	C.THRT_ID_IP_TEARDROP:       {"IP.Fragment.Teardrop"},
	C.THRT_ID_TCP_SYN_DATA:      {"TCP.SYN.With.Data"},
	C.THRT_ID_TCP_SPLIT_HDSHK:   {"TCP.Split.Handshake"},
	C.THRT_ID_TCP_NODATA:        {"TCP.No.Client.Data"},
	C.THRT_ID_TCP_SMALL_WINDOW:  {"TCP.Small.Window"},
	C.THRT_ID_TCP_SMALL_MSS:     {"TCP.SACK.DDoS.With.Small.MSS"},
	C.THRT_ID_PING_DEATH:        {"Ping.Death"},
	C.THRT_ID_DNS_LOOP_PTR:      {"DNS.Loop.Pointer"},
	C.THRT_ID_SSH_VER_1:         {"SSH.Version.1"},
	C.THRT_ID_SSL_HEARTBLEED:    {"SSL.Heartbleed"},
	C.THRT_ID_SSL_CIPHER_OVF:    {"SSL.Cipher.Overflow"},
	C.THRT_ID_SSL_VER_2OR3:      {"SSL.Version.2or3"},
	C.THRT_ID_SSL_TLS_1DOT0:     {"SSL.TLS1.0"},
	C.THRT_ID_HTTP_NEG_LEN:      {"HTTP.Negative.Body.Length"},
	C.THRT_ID_HTTP_SMUGGLING:    {"HTTP.Request.Smuggling"},
	C.THRT_ID_HTTP_SLOWLORIS:    {"HTTP.Request.Slowloris"},
	C.THRT_ID_DNS_OVERFLOW:      {"DNS.Stack.Overflow"},
	C.THRT_ID_MYSQL_ACCESS_DENY: {"MySQL.Access.Deny"},
	C.THRT_ID_DNS_ZONE_TRANSFER: {"DNS.Zone.Transfer"},
	C.THRT_ID_ICMP_TUNNELING:    {"ICMP.Tunneling"},
	C.THRT_ID_DNS_TYPE_NULL:     {"DNS.Type.Null"},
	C.THRT_ID_SQL_INJECTION:     {"SQL.Injection"},
	C.THRT_ID_APACHE_STRUTS_RCE: {"Apache.Struts.Remote.Code.Execution"},
	C.THRT_ID_DNS_TUNNELING:     {"DNS.Tunneling"},
	C.THRT_ID_K8S_EXTIP_MITM:    {"K8S.externalIPs.MitM"},
}
View Source
var OEMClusterSecurityRuleGroup = "neuvector.com"
View Source
var OEMSecurityRuleGroup = "neuvector.com"

Functions

func ActionString

func ActionString(action uint8) string

func CountVulTrait

func CountVulTrait(traits []*VulTrait) (int, int)

func FillVulDetails

func FillVulDetails(cvedb CVEDBType, baseOS string, vts []*VulTrait, showTag string) []*api.RESTVulnerability

func FindSensorInDlpGroup

func FindSensorInDlpGroup(list []*share.CLUSDlpSetting, p *share.CLUSDlpSetting) (int, bool)

func FindSensorInWafGroup

func FindSensorInWafGroup(list []*share.CLUSWafSetting, p *share.CLUSWafSetting) (int, bool)

func FsmonFilterToRest

func FsmonFilterToRest(path, regex string) string

func GatherVulTrait

func GatherVulTrait(traits []*VulTrait) ([]string, []string)

func GetAvailablePolicyID

func GetAvailablePolicyID(ids utils.Set, cfgType share.TCfgType) uint32

First try to find the next largest policy ID of unlearned policies. If it cannot be located, try to find the smallest one. Return 0 if all IDs are used.

func GetComplianceMeta

func GetComplianceMeta() ([]api.RESTBenchMeta, map[string]api.RESTBenchMeta)

func GetInternalDlpRuleName

func GetInternalDlpRuleName(rulename, sensorname string) string

func GetInternalWafRuleName

func GetInternalWafRuleName(rulename, sensorname string) string

func GetOrigDlpRuleName

func GetOrigDlpRuleName(rulename string) string

func GetOrigWafRuleName

func GetOrigWafRuleName(rulename string) string

func GetScannerDB

func GetScannerDB() *share.CLUSScannerDB

func GetSecretBenchMessage

func GetSecretBenchMessage(stype, loc, evidence string) string

func GetSetIDBenchMessage

func GetSetIDBenchMessage(stype, loc, evidence string) string

func ImageBench2REST

func ImageBench2REST(cmds []string, secrets []*api.RESTScanSecret, setids []*api.RESTScanSetIdPerm, tagMap map[string][]string) []*api.RESTBenchItem

func LevelToPrio

func LevelToPrio(level string) (syslog.Priority, bool)

func LevelToString

func LevelToString(level string) string

func MergeDlpSensors

func MergeDlpSensors(list []*share.CLUSDlpSetting, p *share.CLUSDlpSetting) ([]*share.CLUSDlpSetting, bool)

func MergeWafSensors

func MergeWafSensors(list []*share.CLUSWafSetting, p *share.CLUSWafSetting) ([]*share.CLUSWafSetting, bool)

func OEMIgnoreImageRepo

func OEMIgnoreImageRepo(img *share.CLUSImage) bool

func OEMIgnoreWorkload

func OEMIgnoreWorkload(wl *share.CLUSWorkload) bool

func OEMLicenseValidate

func OEMLicenseValidate(info *api.RESTLicenseInfo) bool

func OEMPlatformVersionURL

func OEMPlatformVersionURL() string

func PolicyActionRESTString

func PolicyActionRESTString(action uint8) string

func PolicyActionString

func PolicyActionString(action uint8) string

func PolicyRuleIdToCfgType

func PolicyRuleIdToCfgType(id uint32) share.TCfgType

func PriorityToString

func PriorityToString(prio syslog.Priority) string

func ScanModule2REST

func ScanModule2REST(m *share.ScanModule) *api.RESTScanModule

func ScanRepoResult2REST

func ScanRepoResult2REST(result *share.ScanResult, tagMap map[string][]string) *api.RESTScanRepoReport

func ScanSecrets2REST

func ScanSecrets2REST(s *share.ScanSecretLog) *api.RESTScanSecret

func ScanSetIdPerm2REST

func ScanSetIdPerm2REST(p *share.ScanSetIdPermLog) *api.RESTScanSetIdPerm

func ScanVul2REST

func ScanVul2REST(cvedb CVEDBType, baseOS string, vul *share.ScanVulnerability) *api.RESTVulnerability

Functions can be used in both controllers and scanner

func SetScannerDB

func SetScannerDB(newDB *share.CLUSScannerDB)

func SeverityString

func SeverityString(severity uint8) (string, string)

func ThreatName

func ThreatName(id uint32) string

Types

type CVEDBType

type CVEDBType map[string]*share.ScanVulnerability

type DecryptUnmarshaller

type DecryptUnmarshaller struct{}

func (DecryptUnmarshaller) Uncloak

func (m DecryptUnmarshaller) Uncloak(data interface{}) error

func (DecryptUnmarshaller) Unmarshal

func (m DecryptUnmarshaller) Unmarshal(raw []byte, data interface{}) error

type EmptyMarshaller

type EmptyMarshaller struct{}

func (EmptyMarshaller) Marshal

func (m EmptyMarshaller) Marshal(data interface{}) ([]byte, error)

type EncryptMarshaller

type EncryptMarshaller struct{}

func (EncryptMarshaller) Marshal

func (m EncryptMarshaller) Marshal(data interface{}) ([]byte, error)

type LocalDevice

type LocalDevice struct {
	Host   *share.CLUSHost
	Ctrler *share.CLUSController
}

type LogAuditInfo

type LogAuditInfo struct {
	Name  string
	Level string
}

type LogEventInfo

type LogEventInfo struct {
	Name     string
	Category string
	Level    string
}

type LogIncidentInfo

type LogIncidentInfo struct {
	Name  string
	Level string
}

type LogThreatInfo

type LogThreatInfo struct {
	Name string
}

Threat attributes are separated into two places. Eventually they will be generated from a single source

type MarshalInvalidTypeError

type MarshalInvalidTypeError struct {
	// contains filtered or unexported fields
}

func (MarshalInvalidTypeError) Error

func (e MarshalInvalidTypeError) Error() string

type Marshaller

type Marshaller interface {
	Marshal(data interface{}) ([]byte, error)
}

type MaskMarshaller

type MaskMarshaller struct{}

func (MaskMarshaller) Marshal

func (m MaskMarshaller) Marshal(data interface{}) ([]byte, error)

type RPCEndpoint

type RPCEndpoint struct {
	ID            string
	Leader        bool
	ClusterIP     string
	RPCServerPort uint16
}

type RegTestMeg

type RegTestMeg struct {
	// contains filtered or unexported fields
}

type Syslogger

type Syslogger struct {
	// contains filtered or unexported fields
}

func NewSyslogger

func NewSyslogger(cfg *share.CLUSSyslogConfig) *Syslogger

func (*Syslogger) Close

func (s *Syslogger) Close()

func (*Syslogger) Send

func (s *Syslogger) Send(elog interface{}, level, cat, header string) error

type Unmarshaller

type Unmarshaller interface {
	Unmarshal(raw []byte, data interface{}) error
	Uncloak(data interface{}) error
}

type VPFInterface

type VPFInterface interface {
	GetUpdatedTime() time.Time

	FilterVulnerabilities(vuls []*api.RESTVulnerability, idns []api.RESTIDName, showTag string) []*api.RESTVulnerability
	FilterVulTraits(traits []*VulTrait, idns []api.RESTIDName) utils.Set
	// contains filtered or unexported methods
}

func MakeVulnerabilityProfileFilter

func MakeVulnerabilityProfileFilter(vf *api.RESTVulnerabilityProfile) VPFInterface

type VulTrait

type VulTrait struct {
	Name string
	// contains filtered or unexported fields
}

These are the unique attributes of vul. that can be different in different workload, other info can get from cvedb

func ExtractVulnerability

func ExtractVulnerability(vuls []*share.ScanVulnerability) []*VulTrait

func (VulTrait) IsFiltered

func (v VulTrait) IsFiltered() bool

type Webhook

type Webhook struct {
	// contains filtered or unexported fields
}

func NewWebHook

func NewWebHook(url string) *Webhook

func (*Webhook) Notify

func (w *Webhook) Notify(elog interface{}, target, level, category, cluster, title string)

func (*Webhook) Validate

func (w *Webhook) Validate() error

type WorkloadFilter

type WorkloadFilter struct {
	ID           string
	PodName      string
	ImageID      string
	PlatformRole string
	Domain       string
	PolicyMode   string
	Children     []*WorkloadFilter
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL