client

package

v1.8.0-beta.7 Latest Latest Go to latest Published: Jul 27, 2022 License: AGPL-3.0 Imports: 30 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/0xrawsec/whids

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ValidateRespStatus(resp *http.Response, status ...int) error
type FileUpload
type Forwarder
- func NewForwarder(ctx context.Context, c *config.Forwarder) (*Forwarder, error)
type ManagerClient
- func NewManagerClient(c *config.Client) (*ManagerClient, error)
type UploadShrinker
- func NewUploadShrinker(path, guid, ehash string) (it *UploadShrinker, err error)

Constants ¶

View Source

const (
	// UserAgent used by the client
	UserAgent = "Whids-API-Client/1.0"
	// Mega byte size
	Mega = 1 << 20
)

View Source

const (
	// DefaultLogfileSize default forwarder logfile size
	DefaultLogfileSize = logfile.MB * 5
	// DiskSpaceThreshold allow 1GB of queued events
	DiskSpaceThreshold = logfile.GB
	// MinRotationInterval is the minimum rotation interval allowed
	MinRotationInterval = time.Minute
)

Variables ¶

View Source

var (
	// Hostname the client is running on (initialized in init() function)
	Hostname string

	ErrServerUnauthenticated    = errors.New("server authentication failed")
	ErrUnexpectedResponseStatus = errors.New("unexpected response status code")
	ErrNoSysmonConfig           = errors.New("no sysmon config available in manager")
)

View Source

var (
	ErrNothingToDo = fmt.Errorf("nothing to do")
)

View Source

var (
	UploadShrinkerBufferSize = int64(3 * utils.Mega)
)

Functions ¶

func ValidateRespStatus ¶

func ValidateRespStatus(resp *http.Response, status ...int) error

Types ¶

type FileUpload ¶

type FileUpload struct {
	Name      string `json:"filename"`
	GUID      string `json:"guid"`
	EventHash string `json:"event-hash"`
	Content   []byte `json:"content"`
	Chunk     int    `json:"chunk"` // identify the chunk number
	Total     int    `json:"total"` // total number of chunks needed to reconstruct the file
}

FileUpload structure used to forward files from the client to the manager

func (*FileUpload) Dump ¶

func (f *FileUpload) Dump(root string) (err error)

Dump dumps the FileUpload into the given root directory dir

func (*FileUpload) Implode ¶

func (f *FileUpload) Implode() string

Implode returns the full path of the FileUpload

func (*FileUpload) Validate ¶

func (f *FileUpload) Validate() error

Validate that the file upload follows the expected format

type Forwarder ¶

type Forwarder struct {
	sync.Mutex
	sync.WaitGroup

	Client      *ManagerClient
	TimeTresh   time.Duration
	Sleep       time.Duration
	EventTresh  uint64
	Pipe        *bytes.Buffer
	EventsPiped uint64
	Local       bool
	// contains filtered or unexported fields
}

Forwarder structure definition

func NewForwarder ¶

func NewForwarder(ctx context.Context, c *config.Forwarder) (*Forwarder, error)

NewForwarder creates a new Forwarder structure Todo: needs update with client

func (*Forwarder) ArchiveLogs ¶

func (f *Forwarder) ArchiveLogs()

ArchiveLogs archives the old log files not compressed into compressed

func (*Forwarder) CleanOlderQueued ¶

func (f *Forwarder) CleanOlderQueued() error

CleanOlderQueued cleans up the older queue file

func (*Forwarder) Close ¶

func (f *Forwarder) Close()

Close closes the forwarder properly

func (*Forwarder) Collect ¶

func (f *Forwarder) Collect()

Collect sends the piped event to the remote server

func (*Forwarder) DiskSpaceQueue ¶

func (f *Forwarder) DiskSpaceQueue() int64

DiskSpaceQueue compute the disk space (in bytes) taken by queued events

func (*Forwarder) HasQueuedEvents ¶

func (f *Forwarder) HasQueuedEvents() bool

HasQueuedEvents checks whether some events are waiting to be sent

func (*Forwarder) LogfilePath ¶

func (f *Forwarder) LogfilePath() string

LogfilePath returns the path of the logfile if it exists else returns empty string

func (*Forwarder) PipeEvent ¶

func (f *Forwarder) PipeEvent(event interface{})

PipeEvent pipes an event to be sent through the forwarder

func (*Forwarder) ProcessQueue ¶

func (f *Forwarder) ProcessQueue()

ProcessQueue processes the events queued Todo: needs update with client

func (*Forwarder) Reset ¶

func (f *Forwarder) Reset()

Reset resets the forwarder

func (*Forwarder) Run ¶

func (f *Forwarder) Run()

Run starts the Forwarder worker function

func (*Forwarder) Save ¶

func (f *Forwarder) Save() (err error)

Save save the piped events to the disks

type ManagerClient ¶

type ManagerClient struct {
	Config *config.Client

	ManagerIP  net.IP
	HTTPClient http.Client
}

ManagerClient structure definition

func NewManagerClient ¶

func NewManagerClient(c *config.Client) (*ManagerClient, error)

NewManagerClient creates a new Client to interface with the manager

func (*ManagerClient) Close ¶

func (m *ManagerClient) Close()

Close closes idle connections from underlying transport

func (*ManagerClient) FetchCommand ¶

func (m *ManagerClient) FetchCommand() (*api.EndpointCommand, error)

func (*ManagerClient) GetIoCs ¶

func (m *ManagerClient) GetIoCs() ([]string, error)

GetIoCs get IoCs from manager

func (*ManagerClient) GetIoCsSha256 ¶

func (m *ManagerClient) GetIoCsSha256() (string, error)

GetIoCsSha256 retrieves a sha256 from the IoCs available in the manager

func (*ManagerClient) GetRules ¶

func (m *ManagerClient) GetRules() (string, error)

GetRules retrieve the latest batch of Gene rules available on the server

func (*ManagerClient) GetRulesSha256 ¶

func (m *ManagerClient) GetRulesSha256() (string, error)

GetRulesSha256 returns the sha256 string of the latest batch of rules available on the server

func (*ManagerClient) GetSysmonConfig ¶

func (m *ManagerClient) GetSysmonConfig(schemaVersion string) (c *sysmon.Config, err error)

func (*ManagerClient) GetSysmonConfigSha256 ¶

func (m *ManagerClient) GetSysmonConfigSha256(schemaVersion string) (sha256 string, err error)

func (*ManagerClient) GetTool ¶

func (m *ManagerClient) GetTool(hash string) (t *tools.Tool, err error)

func (*ManagerClient) IsFileAboveUploadLimit ¶

func (m *ManagerClient) IsFileAboveUploadLimit(path string) bool

func (*ManagerClient) IsServerAuthEnforced ¶

func (m *ManagerClient) IsServerAuthEnforced() bool

IsServerAuthEnforced returns true if server authentication is requested by the client

func (*ManagerClient) IsServerAuthenticated ¶

func (m *ManagerClient) IsServerAuthenticated() (auth bool, up bool)

IsServerAuthenticated returns true if the server is authenticated and thus can be trusted

func (*ManagerClient) IsServerUp ¶

func (m *ManagerClient) IsServerUp() bool

IsServerUp returns true if manager server is up

func (*ManagerClient) ListTools ¶

func (m *ManagerClient) ListTools() (t map[string]*tools.Tool, err error)

func (*ManagerClient) PostCommand ¶

func (m *ManagerClient) PostCommand(command *api.EndpointCommand) error

func (*ManagerClient) PostDump ¶

func (m *ManagerClient) PostDump(f *FileUpload) error

PostDump client helper to upload a file to the Manager

func (*ManagerClient) PostLogs ¶

func (m *ManagerClient) PostLogs(r io.Reader) error

PostLogs posts logs to be collected

func (*ManagerClient) PostSystemInfo ¶

func (m *ManagerClient) PostSystemInfo(info *sysinfo.SystemInfo) error

func (*ManagerClient) Prepare ¶

func (m *ManagerClient) Prepare(method, url string, body io.Reader) (*http.Request, error)

Prepare prepares a http.Request to be sent to the manager

func (*ManagerClient) PrepareGzip ¶

func (m *ManagerClient) PrepareGzip(method, url string, body io.Reader) (*http.Request, error)

PrepareGzip prepares a http.Request gzip encoded to be sent to the manager

type UploadShrinker ¶

type UploadShrinker struct {
	// contains filtered or unexported fields
}

func NewUploadShrinker ¶

func NewUploadShrinker(path, guid, ehash string) (it *UploadShrinker, err error)

NewUploadShrinker creates a new object to shrink files to be uploaded to the manager

func (*UploadShrinker) Close ¶

func (i *UploadShrinker) Close() error

Close closes the underlying file

func (*UploadShrinker) Done ¶

func (i *UploadShrinker) Done() bool

Done returns true when all files have been sent

func (*UploadShrinker) Err ¶

func (i *UploadShrinker) Err() error

Err report any error encountered while iterating over Next

func (*UploadShrinker) Next ¶

func (i *UploadShrinker) Next() *FileUpload

Next returns the next FileUpload or nil if finished

func (*UploadShrinker) Size ¶

func (i *UploadShrinker) Size() int64

Size returns the size of the file to be shrinked

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
config

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL