Documentation ¶
Index ¶
- type ArchitecturesType
- type ArchitecturesTypeList
- type AuditFilePermissions
- type AuditFilterActionType
- type AuditFilterKind
- type AuditFilterListType
- type AuditFilterOperator
- type AuditFilterSpec
- type AuditFilterType
- type AuditProfileRule
- type AuditProfileRuleList
- type AuditProfileRuleType
- type AuditSystemCallType
- type CapabilitiesActionType
- type CapabilitiesType
- type CapabilitiesTypeMap
- type FileWatchRule
- type MidgardClaims
- type MidgardClaimsRestrictions
- type ServiceToken
- type SyscallEnforcementAction
- type SyscallEnforcementOperator
- type SyscallEnforcementRule
- type SyscallEnforcementRulesMap
- type SyscallEnforcermentArg
- type SyscallRule
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ArchitecturesType ¶
type ArchitecturesType string
ArchitecturesType is the type for different architectures supported.
const ( ArchitectureTypeX86 ArchitecturesType = "x86" ArchitectureTypeX86_64 ArchitecturesType = "amd64" ArchitectureTypeX32 ArchitecturesType = "x32" ArchitectureTypeARM ArchitecturesType = "arm" ArchitectureTypeAARCH64 ArchitecturesType = "arm64" ArchitectureTypeMIPS ArchitecturesType = "mips" ArchitectureTypeMIPS64 ArchitecturesType = "mips64" ArchitectureTypeMIPS64N32 ArchitecturesType = "mips64n32" ArchitectureTypeMIPSEL ArchitecturesType = "mipsel" ArchitectureTypeMIPSEL64 ArchitecturesType = "mipsel64" ArchitectureTypeMIPSEL64N32 ArchitecturesType = "mipsel64n32" ArchitectureTypePPC ArchitecturesType = "ppc" ArchitectureTypePPC64 ArchitecturesType = "ppc64" ArchitectureTypePPC64LE ArchitecturesType = "ppc64le" ArchitectureTypeS390 ArchitecturesType = "s390" ArchitectureTypeS390X ArchitecturesType = "s390x" )
Values of ArchitecturesType.
func (ArchitecturesType) Validate ¶
func (a ArchitecturesType) Validate() error
Validate validates the architectures.
type ArchitecturesTypeList ¶
type ArchitecturesTypeList []ArchitecturesType
ArchitecturesTypeList is a list of ArchitectureTypes.
func (ArchitecturesTypeList) Validate ¶
func (a ArchitecturesTypeList) Validate() error
Validate validates an architectures type list.
type AuditFilePermissions ¶
type AuditFilePermissions string
AuditFilePermissions is the type of file permissions
const ( AuditFilePermissionsWrite AuditFilePermissions = "w" AuditFilePermissionsRead AuditFilePermissions = "r" AuditFilePermissionsExecute AuditFilePermissions = "x" AuditFilePermissionsAttribute AuditFilePermissions = "a" )
Values of AuditFilePermissions
func (AuditFilePermissions) Validate ¶
func (a AuditFilePermissions) Validate(attribute string) error
Validate validates the audit file permissions
type AuditFilterActionType ¶
type AuditFilterActionType string
AuditFilterActionType are the types allowed in the audit filter action
const ( AuditFilterActionTypeNever AuditFilterActionType = "never" AuditFilterActionTypeAlways AuditFilterActionType = "always" )
Values of AuditFilterActionType
func AuditFilterActionTypeFromString ¶
func AuditFilterActionTypeFromString(value string) (AuditFilterActionType, error)
AuditFilterActionTypeFromString returns the AuditFilterActionType from a given string value.
func (AuditFilterActionType) Validate ¶
func (a AuditFilterActionType) Validate(attribute string) error
Validate validates the AuditFilterActionType
type AuditFilterKind ¶
type AuditFilterKind uint8
AuditFilterKind specifies a type of filter to apply to a syscall rule.
const ( AuditFilterKindInterFieldFilter AuditFilterKind = iota + 1 // Inter-field comparison filtering (-C). AuditFilteRKindValueFilter // Filtering based on values (-F). )
The type of filters that can be applied.
func AuditFilterKindFromInt ¶
func AuditFilterKindFromInt(value int) (AuditFilterKind, error)
AuditFilterKindFromInt converts an int to an AuditFilterKind.
type AuditFilterListType ¶
type AuditFilterListType string
AuditFilterListType are the types allowed in the list argument of audit filters
const ( AuditFilterListTypeTask AuditFilterListType = "task" AuditFilterListTypeExit AuditFilterListType = "exit" AuditFilterListTypeUser AuditFilterListType = "user" AuditFilterListTypeExclude AuditFilterListType = "exclude" )
Values of AuditFilterListType
func AuditFilterListTypeFromString ¶
func AuditFilterListTypeFromString(value string) (AuditFilterListType, error)
AuditFilterListTypeFromString returns the AuditFilterListType from a given string value.
func (AuditFilterListType) Validate ¶
func (a AuditFilterListType) Validate(attribute string) error
Validate validates the AuditFilterListType
type AuditFilterOperator ¶
type AuditFilterOperator string
AuditFilterOperator is the operator for filters.
const ( AuditFilterOperatorEqual AuditFilterOperator = "=" AuditFilterOperatorNotEqual AuditFilterOperator = "!=" AuditFilterOperatorGreater AuditFilterOperator = ">" AuditFilterOperatorLessThan AuditFilterOperator = "<" AuditFilterOperatorGreaterOrEqual AuditFilterOperator = ">=" AuditFilterOperatorLessThanOrEqual AuditFilterOperator = "<=" AuditFilterOperatorBitMask AuditFilterOperator = "&" AuditFilterOperatorBitTest AuditFilterOperator = "&=" )
Values of AuditFilterOperator
func AuditFilterOperatorFromString ¶
func AuditFilterOperatorFromString(value string) (AuditFilterOperator, error)
AuditFilterOperatorFromString returns the AuditFilterOperator from a given string value.
func (AuditFilterOperator) Validate ¶
func (a AuditFilterOperator) Validate(attribute string) error
Validate validates the audit filter operator
type AuditFilterSpec ¶
type AuditFilterSpec struct { Kind AuditFilterKind `msgpack:"kind" json:"kind"` LHS AuditFilterType `msgpack:"lhs" json:"lhs"` Comparator AuditFilterOperator `msgpack:"comparator" json:"comparator"` RHS string `msgpack:"rhs" json:"rhs"` }
AuditFilterSpec defines a filter to apply to a syscall rule.
func (*AuditFilterSpec) String ¶
func (f *AuditFilterSpec) String() string
func (*AuditFilterSpec) Validate ¶
func (f *AuditFilterSpec) Validate() error
Validate validates and AuditFilterSpec
type AuditFilterType ¶
type AuditFilterType string
AuditFilterType are the valid IDs of the audit filters.
const ( AuditFilterTypeA0 AuditFilterType = "a0" AuditFilterTypeA1 AuditFilterType = "a1" AuditFilterTypeA2 AuditFilterType = "a2" AuditFilterTypeA3 AuditFilterType = "a3" AuditFilterTypeArch AuditFilterType = "arch" AuditFilterTypeDevMajor AuditFilterType = "devmajor" AuditFilterTypeDevMinor AuditFilterType = "devminor" AuditFilterTypeDir AuditFilterType = "dir" AuditFilterTypeEgid AuditFilterType = "egid" AuditFilterTypeEuid AuditFilterType = "euid" AuditFilterTypeExit AuditFilterType = "exit" AuditFilterTypeFiletype AuditFilterType = "filetye" AuditFilterTypeFsgid AuditFilterType = "fsgid" AuditFilterTypeFsuid AuditFilterType = "fsuid" AuditFilterTypeGid AuditFilterType = "gid" AuditFilterTypeInode AuditFilterType = "inode" AuditFilterTypeMsgtype AuditFilterType = "msgtype" AuditFilterTypeObjgid AuditFilterType = "obj_gid" AuditFilterTypeObjlevhigh AuditFilterType = "obj_lev_highj" AuditFilterTypeObjlevlow AuditFilterType = "obj_lev_low" AuditFilterTypeObjrole AuditFilterType = "obj_role" AuditFilterTypeObjtype AuditFilterType = "obj_type" AuditFilterTypeObjuid AuditFilterType = "obj_uid" AuditFilterTypeObjuser AuditFilterType = "obj_user" AuditFilterTypePath AuditFilterType = "path" AuditFilterTypePerm AuditFilterType = "perm" AuditFilterTypePers AuditFilterType = "pers" AuditFilterTypePid AuditFilterType = "pid" AuditFilterTypePpid AuditFilterType = "ppid" AuditFilterTypeSgid AuditFilterType = "sgid" AuditFilterTypeSubclr AuditFilterType = "subj_clr" AuditFilterTypeSubjrole AuditFilterType = "subj_role" AuditFilterTypeSubjtype AuditFilterType = "subj_type" AuditFilterTypeSubsen AuditFilterType = "subj_sen" AuditFilterTypeSubuser AuditFilterType = "subj_user" AuditFilterTypeSuccess AuditFilterType = "success" AuditFilterTypeSuid AuditFilterType = "suid" AuditFilterTypeUserid AuditFilterType = "uid" AuditFilterTypeAuid AuditFilterType = "auid" AuditFilterTypeKey AuditFilterType = "key" AuditFilterTypeExe AuditFilterType = "exe" )
Values of AuditFilterType.
func AuditFilterTypeFromString ¶
func AuditFilterTypeFromString(value string) (AuditFilterType, error)
AuditFilterTypeFromString returns the AuditFilterType from a given string value.
func (AuditFilterType) Validate ¶
func (a AuditFilterType) Validate(attribute string) error
Validate validates the AuditFilterType
type AuditProfileRule ¶
type AuditProfileRule struct { Type AuditProfileRuleType `msgpack:"type" json:"type"` Files *FileWatchRule `msgpack:"files,omitempty" json:"files,omitempty"` Syscalls *SyscallRule `msgpack:"syscalls,omitempty" json:"syscalls,omitempty"` }
AuditProfileRule is a generic audit rule
func (*AuditProfileRule) Validate ¶
func (a *AuditProfileRule) Validate() error
Validate validates an audit rule
type AuditProfileRuleList ¶
type AuditProfileRuleList []*AuditProfileRule
AuditProfileRuleList is a list of AuditProfileRules
func (AuditProfileRuleList) Validate ¶
func (a AuditProfileRuleList) Validate() error
Validate will validate all rules in the list
type AuditProfileRuleType ¶
type AuditProfileRuleType int
AuditProfileRuleType specifies the audit rule type.
const ( DeleteAllRuleType AuditProfileRuleType = iota + 1 // DeleteAllRule FileWatchRuleType // FileWatchRule AppendSyscallRuleType // SyscallRule PrependSyscallRuleType // SyscallRule )
The rule types supported by this package.
type AuditSystemCallType ¶
type AuditSystemCallType string
AuditSystemCallType is the type for the system calls.
const ( AuditSystemCallTypeREAD AuditSystemCallType = "read" AuditSystemCallTypeWRITE AuditSystemCallType = "write" AuditSystemCallTypeOPEN AuditSystemCallType = "open" AuditSystemCallTypeCLOSE AuditSystemCallType = "close" AuditSystemCallTypeSTAT AuditSystemCallType = "stat" AuditSystemCallTypeFSTAT AuditSystemCallType = "fstat" AuditSystemCallTypeLSTAT AuditSystemCallType = "lstat" AuditSystemCallTypePOLL AuditSystemCallType = "poll" AuditSystemCallTypeLSEEK AuditSystemCallType = "lseek" AuditSystemCallTypeMMAP AuditSystemCallType = "mmap" AuditSystemCallTypeMPROTECT AuditSystemCallType = "mprotect" AuditSystemCallTypeMUNMAP AuditSystemCallType = "munmap" AuditSystemCallTypeBRK AuditSystemCallType = "brk" AuditSystemCallTypeRTSIGACTION AuditSystemCallType = "rt_sigaction" AuditSystemCallTypeRTSIGPROCMASK AuditSystemCallType = "rt_sigprocmask" AuditSystemCallTypeRTSIGRETURN AuditSystemCallType = "rt_sigreturn" AuditSystemCallTypeIOCTL AuditSystemCallType = "ioctl" AuditSystemCallTypePREAD64 AuditSystemCallType = "pread64" AuditSystemCallTypePWRITE64 AuditSystemCallType = "pwrite64" AuditSystemCallTypeREADV AuditSystemCallType = "readv" AuditSystemCallTypeWRITEV AuditSystemCallType = "writev" AuditSystemCallTypeACCESS AuditSystemCallType = "access" AuditSystemCallTypePIPE AuditSystemCallType = "pipe" AuditSystemCallTypeSELECT AuditSystemCallType = "select" AuditSystemCallTypeSCHEDYIELD AuditSystemCallType = "sched_yield" AuditSystemCallTypeMREMAP AuditSystemCallType = "mremap" AuditSystemCallTypeMSYNC AuditSystemCallType = "msync" AuditSystemCallTypeMINCORE AuditSystemCallType = "mincore" AuditSystemCallTypeMADVISE AuditSystemCallType = "madvise" AuditSystemCallTypeSHMGET AuditSystemCallType = "shmget" AuditSystemCallTypeSHMAT AuditSystemCallType = "shmat" AuditSystemCallTypeSHMCTL AuditSystemCallType = "shmctl" AuditSystemCallTypeDUP AuditSystemCallType = "dup" AuditSystemCallTypeDUP2 AuditSystemCallType = "dup2" AuditSystemCallTypePAUSE AuditSystemCallType = "pause" AuditSystemCallTypeNANOSLEEP AuditSystemCallType = "nanosleep" AuditSystemCallTypeGETITIMER AuditSystemCallType = "getitimer" AuditSystemCallTypeALARM AuditSystemCallType = "alarm" AuditSystemCallTypeSETITIMER AuditSystemCallType = "setitimer" AuditSystemCallTypeGETPID AuditSystemCallType = "getpid" AuditSystemCallTypeSENDFILE AuditSystemCallType = "sendfile" AuditSystemCallTypeSOCKET AuditSystemCallType = "socket" AuditSystemCallTypeCONNECT AuditSystemCallType = "connect" AuditSystemCallTypeACCEPT AuditSystemCallType = "accept" AuditSystemCallTypeSENDTO AuditSystemCallType = "sendto" AuditSystemCallTypeRECVFROM AuditSystemCallType = "recvfrom" AuditSystemCallTypeSENDMSG AuditSystemCallType = "sendmsg" AuditSystemCallTypeRECVMSG AuditSystemCallType = "recvmsg" AuditSystemCallTypeSHUTDOWN AuditSystemCallType = "shutdown" AuditSystemCallTypeBIND AuditSystemCallType = "bind" AuditSystemCallTypeLISTEN AuditSystemCallType = "listen" AuditSystemCallTypeGETSOCKNAME AuditSystemCallType = "getsockname" AuditSystemCallTypeGETPEERNAME AuditSystemCallType = "getpeername" AuditSystemCallTypeSOCKETPAIR AuditSystemCallType = "socketpair" AuditSystemCallTypeSETSOCKOPT AuditSystemCallType = "setsockopt" AuditSystemCallTypeGETSOCKOPT AuditSystemCallType = "getsockopt" AuditSystemCallTypeCLONE AuditSystemCallType = "clone" AuditSystemCallTypeFORK AuditSystemCallType = "fork" AuditSystemCallTypeVFORK AuditSystemCallType = "vfork" AuditSystemCallTypeEXECVE AuditSystemCallType = "execve" AuditSystemCallTypeEXIT AuditSystemCallType = "exit" AuditSystemCallTypeWAIT4 AuditSystemCallType = "wait4" AuditSystemCallTypeKILL AuditSystemCallType = "kill" AuditSystemCallTypeUNAME AuditSystemCallType = "uname" AuditSystemCallTypeSEMGET AuditSystemCallType = "semget" AuditSystemCallTypeSEMOP AuditSystemCallType = "semop" AuditSystemCallTypeSEMCTL AuditSystemCallType = "semctl" AuditSystemCallTypeSHMDT AuditSystemCallType = "shmdt" AuditSystemCallTypeMSGGET AuditSystemCallType = "msgget" AuditSystemCallTypeMSGSND AuditSystemCallType = "msgsnd" AuditSystemCallTypeMSGRCV AuditSystemCallType = "msgrcv" AuditSystemCallTypeMSGCTL AuditSystemCallType = "msgctl" AuditSystemCallTypeFCNTL AuditSystemCallType = "fcntl" AuditSystemCallTypeFLOCK AuditSystemCallType = "flock" AuditSystemCallTypeFSYNC AuditSystemCallType = "fsync" AuditSystemCallTypeFDATASYNC AuditSystemCallType = "fdatasync" AuditSystemCallTypeTRUNCATE AuditSystemCallType = "truncate" AuditSystemCallTypeFTRUNCATE AuditSystemCallType = "ftruncate" AuditSystemCallTypeGETDENTS AuditSystemCallType = "getdents" AuditSystemCallTypeGETCWD AuditSystemCallType = "getcwd" AuditSystemCallTypeCHDIR AuditSystemCallType = "chdir" AuditSystemCallTypeFCHDIR AuditSystemCallType = "fchdir" AuditSystemCallTypeRENAME AuditSystemCallType = "rename" AuditSystemCallTypeMKDIR AuditSystemCallType = "mkdir" AuditSystemCallTypeRMDIR AuditSystemCallType = "rmdir" AuditSystemCallTypeCREAT AuditSystemCallType = "creat" AuditSystemCallTypeLINK AuditSystemCallType = "link" AuditSystemCallTypeUNLINK AuditSystemCallType = "unlink" AuditSystemCallTypeSYMLINK AuditSystemCallType = "symlink" AuditSystemCallTypeREADLINK AuditSystemCallType = "readlink" AuditSystemCallTypeCHMOD AuditSystemCallType = "chmod" AuditSystemCallTypeFCHMOD AuditSystemCallType = "fchmod" AuditSystemCallTypeCHOWN AuditSystemCallType = "chown" AuditSystemCallTypeFCHOWN AuditSystemCallType = "fchown" AuditSystemCallTypeLCHOWN AuditSystemCallType = "lchown" AuditSystemCallTypeUMASK AuditSystemCallType = "umask" AuditSystemCallTypeGETTIMEOFDAY AuditSystemCallType = "gettimeofday" AuditSystemCallTypeGETRLIMIT AuditSystemCallType = "getrlimit" AuditSystemCallTypeGETRUSAGE AuditSystemCallType = "getrusage" AuditSystemCallTypeSYSINFO AuditSystemCallType = "sysinfo" AuditSystemCallTypeTIMES AuditSystemCallType = "times" AuditSystemCallTypePTRACE AuditSystemCallType = "ptrace" AuditSystemCallTypeGETUID AuditSystemCallType = "getuid" AuditSystemCallTypeSYSLOG AuditSystemCallType = "syslog" AuditSystemCallTypeGETGID AuditSystemCallType = "getgid" AuditSystemCallTypeSETUID AuditSystemCallType = "setuid" AuditSystemCallTypeSETGID AuditSystemCallType = "setgid" AuditSystemCallTypeGETEUID AuditSystemCallType = "geteuid" AuditSystemCallTypeGETEGID AuditSystemCallType = "getegid" AuditSystemCallTypeSETPGID AuditSystemCallType = "setpgid" AuditSystemCallTypeGETPPID AuditSystemCallType = "getppid" AuditSystemCallTypeGETPGRP AuditSystemCallType = "getpgrp" AuditSystemCallTypeSETSID AuditSystemCallType = "setsid" AuditSystemCallTypeSETREUID AuditSystemCallType = "setreuid" AuditSystemCallTypeSETREGID AuditSystemCallType = "setregid" AuditSystemCallTypeGETGROUPS AuditSystemCallType = "getgroups" AuditSystemCallTypeSETGROUPS AuditSystemCallType = "setgroups" AuditSystemCallTypeSETRESUID AuditSystemCallType = "setresuid" AuditSystemCallTypeGETRESUID AuditSystemCallType = "getresuid" AuditSystemCallTypeSETRESGID AuditSystemCallType = "setresgid" AuditSystemCallTypeGETRESGID AuditSystemCallType = "getresgid" AuditSystemCallTypeGETPGID AuditSystemCallType = "getpgid" AuditSystemCallTypeSETFSUID AuditSystemCallType = "setfsuid" AuditSystemCallTypeSETFSGID AuditSystemCallType = "setfsgid" AuditSystemCallTypeGETSID AuditSystemCallType = "getsid" AuditSystemCallTypeCAPGET AuditSystemCallType = "capget" AuditSystemCallTypeCAPSET AuditSystemCallType = "capset" AuditSystemCallTypeRTSIGPENDING AuditSystemCallType = "rt_sigpending" AuditSystemCallTypeRTSIGTIMEDWAIT AuditSystemCallType = "rt_sigtimedwait" AuditSystemCallTypeRTSIGQUEUEINFO AuditSystemCallType = "rt_sigqueueinfo" AuditSystemCallTypeRTSIGSUSPEND AuditSystemCallType = "rt_sigsuspend" AuditSystemCallTypeSIGALTSTACK AuditSystemCallType = "sigaltstack" AuditSystemCallTypeUTIME AuditSystemCallType = "utime" AuditSystemCallTypeMKNOD AuditSystemCallType = "mknod" AuditSystemCallTypeUSELIB AuditSystemCallType = "uselib" AuditSystemCallTypePERSONALITY AuditSystemCallType = "personality" AuditSystemCallTypeUSTAT AuditSystemCallType = "ustat" AuditSystemCallTypeSTATFS AuditSystemCallType = "statfs" AuditSystemCallTypeFSTATFS AuditSystemCallType = "fstatfs" AuditSystemCallTypeSYSFS AuditSystemCallType = "sysfs" AuditSystemCallTypeGETPRIORITY AuditSystemCallType = "getpriority" AuditSystemCallTypeSETPRIORITY AuditSystemCallType = "setpriority" AuditSystemCallTypeSCHEDSETPARAM AuditSystemCallType = "sched_setparam" AuditSystemCallTypeSCHEDGETPARAM AuditSystemCallType = "sched_getparam" AuditSystemCallTypeSCHEDSETSCHEDULER AuditSystemCallType = "sched_setscheduler" AuditSystemCallTypeSCHEDGETSCHEDULER AuditSystemCallType = "sched_getscheduler" AuditSystemCallTypeSCHEDGETPRIORITYMAX AuditSystemCallType = "sched_get_priority_max" AuditSystemCallTypeSCHEDGETPRIORITYMIN AuditSystemCallType = "sched_get_priority_min" AuditSystemCallTypeSCHEDRRGETINTERVAL AuditSystemCallType = "sched_rr_get_interval" AuditSystemCallTypeMLOCK AuditSystemCallType = "mlock" AuditSystemCallTypeMUNLOCK AuditSystemCallType = "munlock" AuditSystemCallTypeMLOCKALL AuditSystemCallType = "mlockall" AuditSystemCallTypeMUNLOCKALL AuditSystemCallType = "munlockall" AuditSystemCallTypeVHANGUP AuditSystemCallType = "vhangup" AuditSystemCallTypeMODIFYLDT AuditSystemCallType = "modify_ldt" AuditSystemCallTypePIVOTROOT AuditSystemCallType = "pivot_root" AuditSystemCallTypeSYSCTL AuditSystemCallType = "_sysctl" AuditSystemCallTypePRCTL AuditSystemCallType = "prctl" AuditSystemCallTypeARCHPRCTL AuditSystemCallType = "arch_prctl" AuditSystemCallTypeADJTIMEX AuditSystemCallType = "adjtimex" AuditSystemCallTypeSETRLIMIT AuditSystemCallType = "setrlimit" AuditSystemCallTypeCHROOT AuditSystemCallType = "chroot" AuditSystemCallTypeSYNC AuditSystemCallType = "sync" AuditSystemCallTypeACCT AuditSystemCallType = "acct" AuditSystemCallTypeSETTIMEOFDAY AuditSystemCallType = "settimeofday" AuditSystemCallTypeMOUNT AuditSystemCallType = "mount" AuditSystemCallTypeUMOUNT2 AuditSystemCallType = "umount2" AuditSystemCallTypeSWAPON AuditSystemCallType = "swapon" AuditSystemCallTypeSWAPOFF AuditSystemCallType = "swapoff" AuditSystemCallTypeREBOOT AuditSystemCallType = "reboot" AuditSystemCallTypeSETHOSTNAME AuditSystemCallType = "sethostname" AuditSystemCallTypeSETDOMAINNAME AuditSystemCallType = "setdomainname" AuditSystemCallTypeIOPL AuditSystemCallType = "iopl" AuditSystemCallTypeIOPERM AuditSystemCallType = "ioperm" AuditSystemCallTypeCREATEMODULE AuditSystemCallType = "create_module" AuditSystemCallTypeINITMODULE AuditSystemCallType = "init_module" AuditSystemCallTypeDELETEMODULE AuditSystemCallType = "delete_module" AuditSystemCallTypeGETKERNELSYMS AuditSystemCallType = "get_kernel_syms" AuditSystemCallTypeQUERYMODULE AuditSystemCallType = "query_module" AuditSystemCallTypeQUOTACTL AuditSystemCallType = "quotactl" AuditSystemCallTypeNFSSERVCTL AuditSystemCallType = "nfsservctl" AuditSystemCallTypeGETPMSG AuditSystemCallType = "getpmsg" AuditSystemCallTypePUTPMSG AuditSystemCallType = "putpmsg" AuditSystemCallTypeAFSSYSCALL AuditSystemCallType = "afs_syscall" AuditSystemCallTypeTUXCALL AuditSystemCallType = "tuxcall" AuditSystemCallTypeSECURITY AuditSystemCallType = "security" AuditSystemCallTypeGETTID AuditSystemCallType = "gettid" AuditSystemCallTypeREADAHEAD AuditSystemCallType = "readahead" AuditSystemCallTypeSETXATTR AuditSystemCallType = "setxattr" AuditSystemCallTypeLSETXATTR AuditSystemCallType = "lsetxattr" AuditSystemCallTypeFSETXATTR AuditSystemCallType = "fsetxattr" AuditSystemCallTypeGETXATTR AuditSystemCallType = "getxattr" AuditSystemCallTypeLGETXATTR AuditSystemCallType = "lgetxattr" AuditSystemCallTypeFGETXATTR AuditSystemCallType = "fgetxattr" AuditSystemCallTypeLISTXATTR AuditSystemCallType = "listxattr" AuditSystemCallTypeLLISTXATTR AuditSystemCallType = "llistxattr" AuditSystemCallTypeFLISTXATTR AuditSystemCallType = "flistxattr" AuditSystemCallTypeREMOVEXATTR AuditSystemCallType = "removexattr" AuditSystemCallTypeLREMOVEXATTR AuditSystemCallType = "lremovexattr" AuditSystemCallTypeFREMOVEXATTR AuditSystemCallType = "fremovexattr" AuditSystemCallTypeTKILL AuditSystemCallType = "tkill" AuditSystemCallTypeTIME AuditSystemCallType = "time" AuditSystemCallTypeFUTEX AuditSystemCallType = "futex" AuditSystemCallTypeSCHEDSETAFFINITY AuditSystemCallType = "sched_setaffinity" AuditSystemCallTypeSCHEDGETAFFINITY AuditSystemCallType = "sched_getaffinity" AuditSystemCallTypeSETTHREADAREA AuditSystemCallType = "set_thread_area" AuditSystemCallTypeIOSETUP AuditSystemCallType = "io_setup" AuditSystemCallTypeIODESTROY AuditSystemCallType = "io_destroy" AuditSystemCallTypeIOGETEVENTS AuditSystemCallType = "io_getevents" AuditSystemCallTypeIOSUBMIT AuditSystemCallType = "io_submit" AuditSystemCallTypeIOCANCEL AuditSystemCallType = "io_cancel" AuditSystemCallTypeGETTHREADAREA AuditSystemCallType = "get_thread_area" AuditSystemCallTypeLOOKUPDCOOKIE AuditSystemCallType = "lookup_dcookie" AuditSystemCallTypeEPOLLCREATE AuditSystemCallType = "epoll_create" AuditSystemCallTypeEPOLLCTLOLD AuditSystemCallType = "epoll_ctl_old" AuditSystemCallTypeEPOLLWAITOLD AuditSystemCallType = "epoll_wait_old" AuditSystemCallTypeREMAPFILEPAGES AuditSystemCallType = "remap_file_pages" AuditSystemCallTypeGETDENTS64 AuditSystemCallType = "getdents64" AuditSystemCallTypeSETTIDADDRESS AuditSystemCallType = "set_tid_address" AuditSystemCallTypeRESTARTSYSCALL AuditSystemCallType = "restart_syscall" AuditSystemCallTypeSEMTIMEDOP AuditSystemCallType = "semtimedop" AuditSystemCallTypeFADVISE64 AuditSystemCallType = "fadvise64" AuditSystemCallTypeTIMERCREATE AuditSystemCallType = "timer_create" AuditSystemCallTypeTIMERSETTIME AuditSystemCallType = "timer_settime" AuditSystemCallTypeTIMERGETTIME AuditSystemCallType = "timer_gettime" AuditSystemCallTypeTIMERGETOVERRUN AuditSystemCallType = "timer_getoverrun" AuditSystemCallTypeTIMERDELETE AuditSystemCallType = "timer_delete" AuditSystemCallTypeCLOCKSETTIME AuditSystemCallType = "clock_settime" AuditSystemCallTypeCLOCKGETTIME AuditSystemCallType = "clock_gettime" AuditSystemCallTypeCLOCKGETRES AuditSystemCallType = "clock_getres" AuditSystemCallTypeCLOCKNANOSLEEP AuditSystemCallType = "clock_nanosleep" AuditSystemCallTypeEXITGROUP AuditSystemCallType = "exit_group" AuditSystemCallTypeEPOLLWAIT AuditSystemCallType = "epoll_wait" AuditSystemCallTypeEPOLLCTL AuditSystemCallType = "epoll_ctl" AuditSystemCallTypeTGKILL AuditSystemCallType = "tgkill" AuditSystemCallTypeUTIMES AuditSystemCallType = "utimes" AuditSystemCallTypeVSERVER AuditSystemCallType = "vserver" AuditSystemCallTypeMBIND AuditSystemCallType = "mbind" AuditSystemCallTypeSETMEMPOLICY AuditSystemCallType = "set_mempolicy" AuditSystemCallTypeGETMEMPOLICY AuditSystemCallType = "get_mempolicy" AuditSystemCallTypeMQOPEN AuditSystemCallType = "mq_open" AuditSystemCallTypeMQUNLINK AuditSystemCallType = "mq_unlink" AuditSystemCallTypeMQTIMEDSEND AuditSystemCallType = "mq_timedsend" AuditSystemCallTypeMQTIMEDRECEIVE AuditSystemCallType = "mq_timedreceive" AuditSystemCallTypeMQNOTIFY AuditSystemCallType = "mq_notify" AuditSystemCallTypeMQGETSETATTR AuditSystemCallType = "mq_getsetattr" AuditSystemCallTypeKEXECLOAD AuditSystemCallType = "kexec_load" AuditSystemCallTypeWAITID AuditSystemCallType = "waitid" AuditSystemCallTypeADDKEY AuditSystemCallType = "add_key" AuditSystemCallTypeREQUESTKEY AuditSystemCallType = "request_key" AuditSystemCallTypeKEYCTL AuditSystemCallType = "keyctl" AuditSystemCallTypeIOPRIOSET AuditSystemCallType = "ioprio_set" AuditSystemCallTypeIOPRIOGET AuditSystemCallType = "ioprio_get" AuditSystemCallTypeINOTIFYINIT AuditSystemCallType = "inotify_init" AuditSystemCallTypeINOTIFYADDWATCH AuditSystemCallType = "inotify_add_watch" AuditSystemCallTypeINOTIFYRMWATCH AuditSystemCallType = "inotify_rm_watch" AuditSystemCallTypeMIGRATEPAGES AuditSystemCallType = "migrate_pages" AuditSystemCallTypeOPENAT AuditSystemCallType = "openat" AuditSystemCallTypeMKDIRAT AuditSystemCallType = "mkdirat" AuditSystemCallTypeMKNODAT AuditSystemCallType = "mknodat" AuditSystemCallTypeFCHOWNAT AuditSystemCallType = "fchownat" AuditSystemCallTypeFUTIMESAT AuditSystemCallType = "futimesat" AuditSystemCallTypeNEWFSTATAT AuditSystemCallType = "newfstatat" AuditSystemCallTypeUNLINKAT AuditSystemCallType = "unlinkat" AuditSystemCallTypeRENAMEAT AuditSystemCallType = "renameat" AuditSystemCallTypeLINKAT AuditSystemCallType = "linkat" AuditSystemCallTypeSYMLINKAT AuditSystemCallType = "symlinkat" AuditSystemCallTypeREADLINKAT AuditSystemCallType = "readlinkat" AuditSystemCallTypeFCHMODAT AuditSystemCallType = "fchmodat" AuditSystemCallTypeFACCESSAT AuditSystemCallType = "faccessat" AuditSystemCallTypePSELECT6 AuditSystemCallType = "pselect6" AuditSystemCallTypePPOLL AuditSystemCallType = "ppoll" AuditSystemCallTypeUNSHARE AuditSystemCallType = "unshare" AuditSystemCallTypeSETROBUSTLIST AuditSystemCallType = "set_robust_list" AuditSystemCallTypeGETROBUSTLIST AuditSystemCallType = "get_robust_list" AuditSystemCallTypeSPLICE AuditSystemCallType = "splice" AuditSystemCallTypeTEE AuditSystemCallType = "tee" AuditSystemCallTypeSYNCFILERANGE AuditSystemCallType = "sync_file_range" AuditSystemCallTypeVMSPLICE AuditSystemCallType = "vmsplice" AuditSystemCallTypeMOVEPAGES AuditSystemCallType = "move_pages" AuditSystemCallTypeUTIMENSAT AuditSystemCallType = "utimensat" AuditSystemCallTypeEPOLLPWAIT AuditSystemCallType = "epoll_pwait" AuditSystemCallTypeSIGNALFD AuditSystemCallType = "signalfd" AuditSystemCallTypeTIMERFDCREATE AuditSystemCallType = "timerfd_create" AuditSystemCallTypeEVENTFD AuditSystemCallType = "eventfd" AuditSystemCallTypeFALLOCATE AuditSystemCallType = "fallocate" AuditSystemCallTypeTIMERFDSETTIME AuditSystemCallType = "timerfd_settime" AuditSystemCallTypeTIMERFDGETTIME AuditSystemCallType = "timerfd_gettime" AuditSystemCallTypeACCEPT4 AuditSystemCallType = "accept4" AuditSystemCallTypeSIGNALFD4 AuditSystemCallType = "signalfd4" AuditSystemCallTypeEVENTFD2 AuditSystemCallType = "eventfd2" AuditSystemCallTypeEPOLLCREATE1 AuditSystemCallType = "epoll_create1" AuditSystemCallTypeDUP3 AuditSystemCallType = "dup3" AuditSystemCallTypePIPE2 AuditSystemCallType = "pipe2" AuditSystemCallTypeINOTIFYINIT1 AuditSystemCallType = "inotify_init1" AuditSystemCallTypePREADV AuditSystemCallType = "preadv" AuditSystemCallTypePWRITEV AuditSystemCallType = "pwritev" AuditSystemCallTypeRTTGSIGQUEUEINFO AuditSystemCallType = "rt_tgsigqueueinfo" AuditSystemCallTypePERFEVENTOPEN AuditSystemCallType = "perf_event_open" AuditSystemCallTypeRECVMMSG AuditSystemCallType = "recvmmsg" AuditSystemCallTypeFANOTIFYINIT AuditSystemCallType = "fanotify_init" AuditSystemCallTypeFANOTIFYMARK AuditSystemCallType = "fanotify_mark" AuditSystemCallTypePRLIMIT64 AuditSystemCallType = "prlimit64" AuditSystemCallTypeNAMETOHANDLEAT AuditSystemCallType = "name_to_handle_at" AuditSystemCallTypeOPENBYHANDLEAT AuditSystemCallType = "open_by_handle_at" AuditSystemCallTypeCLOCKADJTIME AuditSystemCallType = "clock_adjtime" AuditSystemCallTypeSYNCFS AuditSystemCallType = "syncfs" AuditSystemCallTypeSENDMMSG AuditSystemCallType = "sendmmsg" AuditSystemCallTypeSETNS AuditSystemCallType = "setns" AuditSystemCallTypeGETCPU AuditSystemCallType = "getcpu" AuditSystemCallTypePROCESSVMREADV AuditSystemCallType = "process_vm_readv" AuditSystemCallTypePROCESSVMWRITEV AuditSystemCallType = "process_vm_writev" AuditSystemCallTypeKCMP AuditSystemCallType = "kcmp" AuditSystemCallTypeFINITMODULE AuditSystemCallType = "finit_module" AuditSystemCallTypeSTIME AuditSystemCallType = "stime" )
Values of AuditSystemCallType.
func AuditSystemCallTypeFromString ¶
func AuditSystemCallTypeFromString(value string) (AuditSystemCallType, error)
AuditSystemCallTypeFromString returns the AuditSystemCallType from a given string value.
func (AuditSystemCallType) Validate ¶
func (a AuditSystemCallType) Validate(attribute string) error
Validate validates the AuditSystemCallType
type CapabilitiesActionType ¶
type CapabilitiesActionType int
CapabilitiesActionType is add or drop
const ( CapabilitiesActionTypeAdd CapabilitiesActionType = iota CapabilitiesActionTypeDrop )
Values for CapabilitiesActionType
type CapabilitiesType ¶
type CapabilitiesType string
CapabilitiesType is the type of capabilities.
const ( CapabilitiesTypeAuditControl CapabilitiesType = "AUDIT_CONTROL" CapabilitiesTypeAuditRead CapabilitiesType = "AUDIT_READ" CapabilitiesTypeAuditWrite CapabilitiesType = "AUDIT_WRITE" CapabilitiesTypeBlockSuspend CapabilitiesType = "BLOCK_SUSPEND" CapabilitiesTypeChown CapabilitiesType = "CHOWN" CapabilitiesTypeDacOverride CapabilitiesType = "DAC_OVERRIDE" CapabilitiesTypeReadSearch CapabilitiesType = "DAC_READ_SEARCH" CapabilitiesTypeFowner CapabilitiesType = "FOWNER" CapabilitiesTypeFsetid CapabilitiesType = "FSETID" CapabilitiesTypeIPCLock CapabilitiesType = "IPC_LOCK" CapabilitiesTypeIPCOwner CapabilitiesType = "IPC_OWNER" CapabilitiesTypeKill CapabilitiesType = "KILL" CapabilitiesTypeLease CapabilitiesType = "LEASE" CapabilitiesTypeLinuxImmutable CapabilitiesType = "LINUX_IMMUTABLE" CapabilitiesTypeMacAdmin CapabilitiesType = "MAC_ADMIN" CapabilitiesTypeMacOverride CapabilitiesType = "MAC_OVERRIDE" CapabilitiesTypeMknod CapabilitiesType = "MKNOD" CapabilitiesTypeNetAdmin CapabilitiesType = "NET_ADMIN" CapabilitiesTypeNetBindService CapabilitiesType = "NET_BIND_SERVICE" CapabilitiesTypeNetBroadcast CapabilitiesType = "NET_BROADCAST" CapabilitiesTypeNetRaw CapabilitiesType = "NET_RAW" CapabilitiesTypeSetGid CapabilitiesType = "SETGID" CapabilitiesTypeSetFcap CapabilitiesType = "SETFCAP" CapabilitiesTypeSetPcap CapabilitiesType = "SETPCAP" CapabilitiesTypeSetUID CapabilitiesType = "SETUID" CapabilitiesTypeSysAdmin CapabilitiesType = "SYS_ADMIN" CapabilitiesTypeSysBoot CapabilitiesType = "SYS_BOOT" CapabilitiesTypeSysChroot CapabilitiesType = "SYS_CHROOT" CapabilitiesTypeSysModule CapabilitiesType = "SYS_MODULE" CapabilitiesTypeSysNice CapabilitiesType = "SYS_NICE" CapabilitiesTypeSysPacct CapabilitiesType = "SYS_PACCT" CapabilitiesTypeSysPtrace CapabilitiesType = "SYS_PTRACE" CapabilitiesTypeSysRawIO CapabilitiesType = "SYS_RAWIO" CapabilitiesTypeSysResource CapabilitiesType = "SYS_RESOURCE" CapabilitiesTypeSysTime CapabilitiesType = "SYS_TIME" CapabilitiesTypeSysTTYConfig CapabilitiesType = "SYS_TTY_CONFIG" CapabilitiesTypeCapSyslog CapabilitiesType = "SYSLOG" CapabilitiesTypeWakeAlarm CapabilitiesType = "WAKE_ALARM" )
Values of CapabilitiesType.
func (CapabilitiesType) Validate ¶
func (c CapabilitiesType) Validate() error
Validate validates the capabilities.
type CapabilitiesTypeMap ¶
type CapabilitiesTypeMap map[CapabilitiesType]CapabilitiesActionType
CapabilitiesTypeMap is a list of capabilities.
func (CapabilitiesTypeMap) Validate ¶
func (c CapabilitiesTypeMap) Validate() error
Validate validates a capabilities type list.
type FileWatchRule ¶
type FileWatchRule struct { Path string `msgpack:"path" bson:"path" json:"path"` Permissions []AuditFilePermissions `msgpack:"permissions" bson:"permissions" json:"permissions"` }
FileWatchRule is used to audit access to particular files or directories that you may be interested in.
func (*FileWatchRule) Validate ¶
func (r *FileWatchRule) Validate() error
Validate validates the filewathc rule.
type MidgardClaims ¶ added in v1.1.0
type MidgardClaims struct { Realm string `msgpack:"realm" json:"realm"` Quota int `msgpack:"quota,omitempty" json:"quota,omitempty"` Data map[string]string `msgpack:"data" json:"data"` Opaque map[string]string `msgpack:"opaque,omitempty" json:"opaque,omitempty"` Restrictions *MidgardClaimsRestrictions `msgpack:"restrictions,omitempty" json:"restrictions,omitempty"` jwt.StandardClaims }
MidgardClaims is a struct to represeting the data some a Midgard issued claims.
func NewMidgardClaims ¶ added in v1.1.0
func NewMidgardClaims() *MidgardClaims
NewMidgardClaims returns a new Claims.
type MidgardClaimsRestrictions ¶ added in v1.94.1
type MidgardClaimsRestrictions struct { Permissions []string `msgpack:"perms,omitempty" json:"perms,omitempty"` Namespace string `msgpack:"namespace,omitempty" json:"namespace,omitempty"` Networks []string `msgpack:"networks,omitempty" json:"networks,omitempty"` }
MidgardClaimsRestrictions represents permissions restrictions declared in the token.
type ServiceToken ¶ added in v1.20.0
type ServiceToken struct { User map[string]interface{} `json:"user,omitempty"` Service map[string]interface{} `json:"service,omitempty"` jwt.StandardClaims }
ServiceToken is a struct to represent the service tokens issued by the system.
type SyscallEnforcementAction ¶
type SyscallEnforcementAction int
SyscallEnforcementAction is the action type.
const ( SyscallEnforcementActionKill SyscallEnforcementAction = iota SyscallEnforcementActionErrno SyscallEnforcementActionTrap SyscallEnforcementActionAllow SyscallEnforcementActionTrace )
Values of SyscallEnforcementAction.
func (SyscallEnforcementAction) Validate ¶
func (s SyscallEnforcementAction) Validate() error
Validate validates a syslcall enforcement action.
type SyscallEnforcementOperator ¶
type SyscallEnforcementOperator int
SyscallEnforcementOperator is a comparison operator to be used when matching syscall arguments in Seccomp./
const ( SyscallEnforcementOperatorEqualTo SyscallEnforcementOperator = iota SyscallEnforcementOperatorNotEqualTo SyscallEnforcementOperatorGreaterThan SyscallEnforcementOperatorGreaterThanOrEqualTo SyscallEnforcementOperatorLessThan SyscallEnforcementOperatorLessThanOrEqualTo SyscallEnforcementOperatorMaskEqualTo )
Values of SyscallEnforcementOperator.
func (SyscallEnforcementOperator) Validate ¶
func (s SyscallEnforcementOperator) Validate() error
Validate validates the syscall enforcement operator
type SyscallEnforcementRule ¶
type SyscallEnforcementRule struct { DefaultAction SyscallEnforcementAction `msgpack:"action" json:"action"` Args []*SyscallEnforcermentArg `msgpack:"args" json:"args"` }
SyscallEnforcementRule is a rule to match a syscall in Seccomp.
func (*SyscallEnforcementRule) Validate ¶
func (s *SyscallEnforcementRule) Validate() error
Validate validates a syscall enforcement rule.
type SyscallEnforcementRulesMap ¶
type SyscallEnforcementRulesMap map[AuditSystemCallType]*SyscallEnforcementRule
SyscallEnforcementRulesMap is a list of SyscallEnforcementRule.
func (SyscallEnforcementRulesMap) Validate ¶
func (s SyscallEnforcementRulesMap) Validate() error
Validate validates a SyscallEnforcementRulesMap
type SyscallEnforcermentArg ¶
type SyscallEnforcermentArg struct { Index uint Value uint64 `msgpack:"value" json:"value"` ValueTwo uint64 `msgpack:"valueTwo" json:"valueTwo"` Op SyscallEnforcementOperator `msgpack:"op" json:"op"` Action SyscallEnforcementAction }
SyscallEnforcermentArg is a rule to match a specific syscall argument in Seccomp.
func (*SyscallEnforcermentArg) Validate ¶
func (s *SyscallEnforcermentArg) Validate() error
Validate validates the syscall enforcement arguments.
type SyscallRule ¶
type SyscallRule struct { List AuditFilterListType `msgpack:"list" json:"list"` Action AuditFilterActionType `msgpack:"action" json:"action"` Filters []AuditFilterSpec `msgpack:"filters" json:"filters"` Syscalls []AuditSystemCallType `msgpack:"syscalls" json:"syscalls"` }
SyscallRule is used to audit invocations of specific syscalls.
func (*SyscallRule) Validate ¶
func (r *SyscallRule) Validate() error
Validate validates the filewathc rule.