api

package
v1.8.0-beta.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 10, 2021 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// UserAgent used by the client
	UserAgent = "Whids-API-Client/1.0"
	// Mega byte size
	Mega = 1 << 20
)
View Source 
const (
	// DefaultLogfileSize default forwarder logfile size
	DefaultLogfileSize = logfile.MB * 5
	// DiskSpaceThreshold allow 1GB of queued events
	DiskSpaceThreshold = logfile.GB
	// MinRotationInterval is the minimum rotation interval allowed
	MinRotationInterval = time.Minute
)
View Source 
const (
	AuthKeyHeader = "X-Api-Key"

	// Endpoint related
	EndpointUUIDHeader     = "X-Endpoint-Uuid"
	EndpointIPHeader       = "X-Endpoint-IP"
	EndpointHostnameHeader = "X-Endpoint-Hostname"
)
View Source 
const (
	// DefaultLogPerm default logfile permission for Manager
	DefaultLogPerm = 0600
	// DefaultManagerLogSize  default size for Manager's logfiles
	DefaultManagerLogSize = utils.Mega * 100
	// DefaultKeySize default size for API key generation
	DefaultKeySize = 64
	// EptAPIDefaultPort default port used by manager's endpoint API
	EptAPIDefaultPort = 1519
	// AdmAPIDefaultPort default port used by manager's admin API
	AdmAPIDefaultPort = 1520
	// DefaultMaxUploadSize default maximum upload size
	DefaultMaxUploadSize = 100 * utils.Mega
	// IoCContainerName default container name to store manager's IoCs
	IoCContainerName = "edr_iocs"
)
View Source 
const (

	// EptAPIServerKeyPath API route used to get server key
	EptAPIServerKeyPath = "/key"
	// EptAPIRulesPath API route used to get Gene rules available in server
	EptAPIRulesPath = "/rules"
	// EptAPIRulesSha256Path API route used to retrieve sha256 of latest batch of Gene rules
	EptAPIRulesSha256Path = "/rules/sha256"

	// EptAPIIoCsPath API route used to serve IOC container
	EptAPIIoCsPath = "/iocs"
	// EptAPIIoCsSha256Path API route used to serve sha256 of IOC container
	EptAPIIoCsSha256Path = "/iocs/sha256"

	// EptAPIPostLogsPath API route used to post logs
	EptAPIPostLogsPath = "/logs"
	// EptAPIPostDumpPath API route used to dump things
	EptAPIPostDumpPath = "/upload/dumps"

	// EptAPICommandPath used to GET commands and POST results
	EptAPICommandPath = "/commands"
)

Routes used by Clients

View Source 
const (
	AdmAPIUsers    = "/users"
	AdmAPIUserByID = AdmAPIUsers + "/{uuuid:" + uuidRe + "}"

	AdmAPIStatsPath         = "/stats"
	AdmAPIIocsPath          = "/iocs"
	AdmAPIRulesPath         = "/rules"
	AdmAPIRulesReloadPath   = "/rules/reload"
	AdmAPIRulesSavePath     = "/rules/save"
	AdmAPIEndpointsPath     = "/endpoints"
	AdmAPIEndpointsByIDPath = AdmAPIEndpointsPath + "/{euuid:" + uuidRe + "}"
	// Command related
	AdmAPICommandSuffix            = "/command"
	AdmAPIEndpointCommandPath      = AdmAPIEndpointsByIDPath + AdmAPICommandSuffix
	AdmAPIEndpointCommandFieldPath = AdmAPIEndpointCommandPath + "/{field}"
	// Logs related
	AdmAPILogsSuffix             = "/logs"
	AdmAPIEndpointLogsPath       = AdmAPIEndpointsByIDPath + AdmAPILogsSuffix
	AdmAPIDetectionSuffix        = "/detections"
	AdmAPIEndpointDetectionsPath = AdmAPIEndpointsByIDPath + AdmAPIDetectionSuffix
	// Reports related
	AdmAPIReportSuffix              = "/report"
	AdmAPIEndpointsReportsPath      = AdmAPIEndpointsPath + "/reports"
	AdmAPIEndpointReportPath        = AdmAPIEndpointsByIDPath + AdmAPIReportSuffix
	AdmAPIArchiveSuffix             = "/archive"
	AdmAPIEndpointReportArchivePath = AdmAPIEndpointReportPath + AdmAPIArchiveSuffix
	// Dumps related
	AdmAPIArticfactsSuffix       = "/artifacts"
	AdmAPIEndpointsArtifactsPath = AdmAPIEndpointsPath + AdmAPIArticfactsSuffix
	AdmAPIEndpointArtifacts      = AdmAPIEndpointsByIDPath + AdmAPIArticfactsSuffix
	AdmAPIEndpointArtifact       = AdmAPIEndpointArtifacts + "/{pguid:" + uuidRe + "}/{ehash:[[:xdigit:]]+}/{fname:.*}"

	//Websockets
	AdmAPIStreamEvents     = "/stream/events"
	AdmAPIStreamDetections = "/stream/detections"
)

Routes used for Admin API

View Source 
const (
	MaxLimitLogAPI = 10000
)

Variables

View Source 
var (
	ErrNothingToDo = fmt.Errorf("nothing to do")
)
View Source 
var (
	// ErrUnkEndpoint error to return when endpoint is unknown
	ErrUnkEndpoint = fmt.Errorf("unknown endpoint")
)
View Source 
var (
	// Hostname the client is running on (initialized in init() function)
	Hostname string
)
View Source 
var OpenAPIDefinition = `` /* 81347-byte string literal not displayed */
View Source 
var (
	UploadShrinkerBufferSize = int64(3 * utils.Mega)
)

Functions

func IPFromRequest 

func IPFromRequest(req *http.Request) (net.IP, error)

IPFromRequest extracts the user IP address from req, if present. source: https://blog.golang.org/context/userip/userip.go

func KeyGen 

func KeyGen(size int) string

KeyGen is an API key generator, supposed to generate an [[:alnum:]] key

func UUIDGen 

func UUIDGen() uuid.UUID

UUIDGen generates a random UUID

Types

type AdminAPIConfig 

type AdminAPIConfig struct {
	Host string `toml:"host" comment:"Hostname or IP address where the API should listen to"`
	Port int    `toml:"port" comment:"Port used by the API"`
}

AdminAPIConfig configuration for Administrative API

type AdminAPIResponse 

type AdminAPIResponse struct {
	Data    interface{} `json:"data"`
	Message string      `json:"message"`
	Error   string      `json:"error"`
}

AdminAPIResponse standard structure to encode any response from the AdminAPI

func NewAdminAPIRespError 

func NewAdminAPIRespError(err error) *AdminAPIResponse

NewAdminAPIRespError creates a new response from an error

func NewAdminAPIRespErrorString 

func NewAdminAPIRespErrorString(err string) *AdminAPIResponse

NewAdminAPIRespErrorString creates a new error response from an error

func NewAdminAPIResponse 

func NewAdminAPIResponse(data interface{}) *AdminAPIResponse

NewAdminAPIResponse creates a new response from data

func (*AdminAPIResponse) ToJSON 

func (r *AdminAPIResponse) ToJSON() []byte

ToJSON serializes the response to JSON

func (*AdminAPIResponse) UnmarshalData 

func (r *AdminAPIResponse) UnmarshalData(i interface{}) error

UnmarshalData unmarshals the Data field of the response to an interface

type AdminAPIUser 

type AdminAPIUser struct {
	sod.Item
	Uuid        string `json:"uuid" sod:"unique"`
	Identifier  string `json:"identifier" sod:"unique"`
	Key         string `json:"key,omitempty" sod:"unique"`
	Group       string `json:"group" sod:"index"`
	Description string `json:"description"`
}

AdminAPIUser structure definition

type ArchivedReport 

type ArchivedReport struct {
	sod.Item
	reducer.ReducedStats
	ArchivedTimestamp time.Time `json:"archived-time"`
}

type ClientConfig 

type ClientConfig struct {
	Proto             string `toml:"proto" comment:"Protocol to use to connect to manager (http or https)"`
	Host              string `toml:"host" comment:"Hostname or IP of the manager"`
	Port              int    `toml:"port" comment:"Port at which endpoint API is running on manager server"`
	UUID              string `toml:"endpoint-uuid" comment:"Endpoint UUID configured on manager used to authenticate this endpoint"`
	Key               string `toml:"endpoint-key" comment:"Endpoint key configured on manager used to authenticate this endpoint"`
	ServerKey         string `` /* 203-byte string literal not displayed */
	ServerFingerprint string `toml:"server-fingerprint" comment:"Configure manager certificate pinning\n Put here the manager's certificate fingerprint"`
	Unsafe            bool   `toml:"unsafe" comment:"Allow unsafe HTTPS connection"`
	MaxUploadSize     int64  `toml:"max-upload-size" comment:"Maximum allowed upload size"`
	// contains filtered or unexported fields
}

ClientConfig structure definition

func (*ClientConfig) DialContext 

func (cc *ClientConfig) DialContext(ctx context.Context, network, addr string) (con net.Conn, err error)

func (*ClientConfig) DialTLSContext 

func (cc *ClientConfig) DialTLSContext(ctx context.Context, network, addr string) (net.Conn, error)

func (*ClientConfig) ManagerIP 

func (cc *ClientConfig) ManagerIP() net.IP

ManagerIP returns the IP address of the manager if any, returns nil otherwise

func (*ClientConfig) Transport 

func (cc *ClientConfig) Transport() http.RoundTripper

Transport creates an approriate HTTP transport from a configuration Cert pinning inspired by: https://medium.com/@zmanian/server-public-key-pinning-in-go-7a57bbe39438

type Command 

type Command struct {
	UUID string   `json:"uuid"`
	Name string   `json:"name"`
	Args []string `json:"args"`
	// used to drop files on the endpoint
	Drop []*EndpointFile `json:"drop"`
	// used to fetch files from the endpoint
	Fetch      map[string]*EndpointFile `json:"fetch"`
	Json       interface{}              `json:"json"`
	Stdout     []byte                   `json:"stdout"`
	Stderr     []byte                   `json:"stderr"`
	Error      string                   `json:"error"`
	Sent       bool                     `json:"sent"`
	Background bool                     `json:"background"`
	Completed  bool                     `json:"completed"`
	ExpectJSON bool                     `json:"expect-json"`
	Timeout    time.Duration            `json:"timeout"`
	SentTime   time.Time                `json:"sent-time"`
	// contains filtered or unexported fields
}

Command structure representing a command sent to an endpoint

func NewCommand 

func NewCommand() *Command

NewCommand creates a new Command to run on an endpoint

func (*Command) AddDropFile 

func (c *Command) AddDropFile(filename, filepath string) error

AddDropFile adds a file to drop on the endpoint. Argument filepath is the path of the file on the local filesystem

func (*Command) AddDropFileFromPath 

func (c *Command) AddDropFileFromPath(path string) error

AddDropFileFromPath adds a file to drop on the endpoint. It is a wrapper around AddDropFile

func (*Command) AddFetchFile 

func (c *Command) AddFetchFile(filepath string)

AddFetchFile adds a file to fetch from the endpoint.

func (*Command) BuildCmd 

func (c *Command) BuildCmd() (*exec.Cmd, error)

BuildCmd builds up an exec.Cmd from Command

func (*Command) Complete 

func (c *Command) Complete(other *Command) error

Complete updates a command from another

func (*Command) FromExecCmd 

func (c *Command) FromExecCmd(cmd *exec.Cmd)

func (*Command) Run 

func (c *Command) Run() (err error)

Run runs the command according to the specified settings it aims at being used on the endpoint

func (*Command) SetCommandLine 

func (c *Command) SetCommandLine(cl string) error

SetCommandLine sets the command line to execute on the endpoint

func (Command) String 

func (c Command) String() string

func (*Command) Strip 

func (c *Command) Strip()

Strip reduces the command to the strict necessary fields to make the return trip from the endpoint to the manager

func (*Command) Unrunnable 

func (c *Command) Unrunnable()

type CommandAPI 

type CommandAPI struct {
	CommandLine string        `json:"command-line"`
	FetchFiles  []string      `json:"fetch-files"`
	DropFiles   []string      `json:"drop-files"`
	Timeout     time.Duration `json:"timeout"`
}

CommandAPI structure used by Admin API clients to POST commands

func (*CommandAPI) ToCommand 

func (c *CommandAPI) ToCommand() (*Command, error)

ToCommand converts a CommandAPI to a Command

type DumpFile 

type DumpFile struct {
	Name      string    `json:"name"`
	Size      int64     `json:"size"`
	Timestamp time.Time `json:"timestamp"`
}

type Endpoint 

type Endpoint struct {
	sod.Item
	Uuid           string    `json:"uuid" sod:"unique"`
	Hostname       string    `json:"hostname"`
	IP             string    `json:"ip"`
	Group          string    `json:"group"`
	Criticality    int       `json:"criticality"`
	Key            string    `json:"key,omitempty"`
	Command        *Command  `json:"command,omitempty"`
	Score          float64   `json:"score"`
	Status         string    `json:"status"`
	LastDetection  time.Time `json:"last-detection"`
	LastConnection time.Time `json:"last-connection"`
}

Endpoint structure used to track and interact with endpoints

func NewEndpoint 

func NewEndpoint(uuid, key string) *Endpoint

NewEndpoint returns a new Endpoint structure

func (*Endpoint) Copy 

func (e *Endpoint) Copy() *Endpoint

Copy returns a pointer to a new copy of the Endpoint

func (*Endpoint) UpdateLastConnection 

func (e *Endpoint) UpdateLastConnection()

UpdateLastConnection updates the LastConnection member of Endpoint structure

type EndpointAPIConfig 

type EndpointAPIConfig struct {
	Host      string `toml:"host" comment:"Hostname or IP where the API should listen to"`
	Port      int    `toml:"port" comment:"Port used by the API"`
	ServerKey string `` /* 162-byte string literal not displayed */
}

EndpointAPIConfig structure holding configuration for the API used by endpoints

type EndpointDumps 

type EndpointDumps struct {
	Created      time.Time  `json:"creation"`
	Modification time.Time  `json:"modification"`
	ProcessGUID  string     `json:"process-guid"`
	EventHash    string     `json:"event-hash"`
	BaseURL      string     `json:"base-url"`
	Files        []DumpFile `json:"files"`
}

type EndpointFile 

type EndpointFile struct {
	UUID  string `json:"uuid"`
	Name  string `json:"name"`
	Data  []byte `json:"data"`
	Error string `json:"error"`
}

EndpointFile describes a File to drop or fetch from the endpoint

type Endpoints 

type Endpoints struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Endpoints structure used to manage endpoints This struct looks over complicated for what it does but it is because it was more complex before and got simplified (too lazy to change it...)

func NewEndpoints 

func NewEndpoints() Endpoints

NewEndpoints creates a new Endpoints structure

func (*Endpoints) Add 

func (es *Endpoints) Add(e *Endpoint)

Add adds an Endpoint to the Endpoints

func (*Endpoints) DelByUUID 

func (es *Endpoints) DelByUUID(uuid string)

DelByUUID deletes an Endpoint by its UUID

func (*Endpoints) Endpoints 

func (es *Endpoints) Endpoints() []*Endpoint

Endpoints returns a list of references to copies of the endpoints

func (*Endpoints) GetByUUID 

func (es *Endpoints) GetByUUID(uuid string) (*Endpoint, bool)

GetByUUID returns a reference to the copy of an Endpoint by its UUID

func (*Endpoints) GetMutByUUID 

func (es *Endpoints) GetMutByUUID(uuid string) (*Endpoint, bool)

GetMutByUUID returns reference to an Endpoint

func (*Endpoints) HasByUUID 

func (es *Endpoints) HasByUUID(uuid string) bool

func (*Endpoints) Len 

func (es *Endpoints) Len() int

Len returns the number of endpoints

func (*Endpoints) MutEndpoints 

func (es *Endpoints) MutEndpoints() []*Endpoint

MutEndpoints returns a list of references of the endpoints

type EventStreamer 

type EventStreamer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func NewEventStreamer 

func NewEventStreamer() *EventStreamer

func (*EventStreamer) NewStream 

func (s *EventStreamer) NewStream() *LogStream

func (*EventStreamer) Queue 

func (s *EventStreamer) Queue(e *event.EdrEvent)

type FileUpload 

type FileUpload struct {
	Name      string `json:"filename"`
	GUID      string `json:"guid"`
	EventHash string `json:"event-hash"`
	Content   []byte `json:"content"`
	Chunk     int    `json:"chunk"` // identify the chunk number
	Total     int    `json:"total"` // total number of chunks needed to reconstruct the file
}

FileUpload structure used to forward files from the client to the manager

func (*FileUpload) Dump 

func (f *FileUpload) Dump(root string) (err error)

Dump dumps the FileUpload into the given root directory dir

func (*FileUpload) Implode 

func (f *FileUpload) Implode() string

Implode returns the full path of the FileUpload

func (*FileUpload) Validate 

func (f *FileUpload) Validate() error

Validate that the file upload follows the expected format

type Forwarder 

type Forwarder struct {
	sync.Mutex

	Client      *ManagerClient
	TimeTresh   time.Duration
	EventTresh  uint64
	Pipe        *bytes.Buffer
	EventsPiped uint64
	Local       bool
	// contains filtered or unexported fields
}

Forwarder structure definition

func NewForwarder 

func NewForwarder(c *ForwarderConfig) (*Forwarder, error)

NewForwarder creates a new Forwarder structure Todo: needs update with client

func (*Forwarder) ArchiveLogs 

func (f *Forwarder) ArchiveLogs()

ArchiveLogs archives the old log files not compressed into compressed

func (*Forwarder) CleanOlderQueued 

func (f *Forwarder) CleanOlderQueued() error

CleanOlderQueued cleans up the older queue file

func (*Forwarder) Close 

func (f *Forwarder) Close()

Close closes the forwarder properly

func (*Forwarder) Collect 

func (f *Forwarder) Collect()

Collect sends the piped event to the remote server Todo: needs update with client

func (*Forwarder) DiskSpaceQueue 

func (f *Forwarder) DiskSpaceQueue() int64

DiskSpaceQueue compute the disk space (in bytes) taken by queued events

func (*Forwarder) HasQueuedEvents 

func (f *Forwarder) HasQueuedEvents() bool

HasQueuedEvents checks whether some events are waiting to be sent

func (*Forwarder) LogfilePath 

func (f *Forwarder) LogfilePath() string

LogfilePath returns the path of the logfile if it exists else returns empty string

func (*Forwarder) PipeEvent 

func (f *Forwarder) PipeEvent(event interface{})

PipeEvent pipes an event to be sent through the forwarder

func (*Forwarder) ProcessQueue 

func (f *Forwarder) ProcessQueue()

ProcessQueue processes the events queued Todo: needs update with client

func (*Forwarder) Reset 

func (f *Forwarder) Reset()

Reset resets the forwarder

func (*Forwarder) Run 

func (f *Forwarder) Run()

Run starts the Forwarder worker function

func (*Forwarder) Save 

func (f *Forwarder) Save() (err error)

Save save the piped events to the disks

type ForwarderConfig 

type ForwarderConfig struct {
	Local   bool          `` /* 127-byte string literal not displayed */
	Client  ClientConfig  `toml:"manager" comment:"Configure connection to the manager"`
	Logging LoggingConfig `toml:"logging" comment:"Forwarder's logging configuration"`
}

ForwarderConfig structure definition

type LogStream 

type LogStream struct {
	S chan *event.EdrEvent
	// contains filtered or unexported fields
}

func (*LogStream) Close 

func (s *LogStream) Close()

func (*LogStream) Queue 

func (s *LogStream) Queue(e *event.EdrEvent) bool

func (*LogStream) Stream 

func (s *LogStream) Stream()

type LoggingConfig 

type LoggingConfig struct {
	Dir              string        `toml:"dir" comment:"Directory used to store logs"`
	RotationInterval time.Duration `toml:"rotation-interval" comment:"Logfile rotation interval"`
}

LoggingConfig structure to encode Logging configuration of the forwarder

type Manager 

type Manager struct {
	sync.RWMutex

	/* Public */
	Config *ManagerConfig
	// contains filtered or unexported fields
}

Manager structure definition

func NewManager 

func NewManager(c *ManagerConfig) (*Manager, error)

NewManager creates a new WHIDS manager with a logfile as parameter

func (*Manager) AddCommand 

func (m *Manager) AddCommand(uuid string, c *Command) error

AddCommand sets a command to be executed on endpoint specified by UUID

func (*Manager) AddEndpoint 

func (m *Manager) AddEndpoint(uuid, key string)

AddEndpoint adds new endpoint to the manager

func (*Manager) Collect 

func (m *Manager) Collect(wt http.ResponseWriter, rq *http.Request)

Collect HTTP handler

func (*Manager) Command 

func (m *Manager) Command(wt http.ResponseWriter, rq *http.Request)

Command HTTP handler

func (*Manager) CreateNewAdminAPIUser 

func (m *Manager) CreateNewAdminAPIUser(user *AdminAPIUser) (err error)

CreateNewAdminAPIUser creates a new user in the user able to access admin API in database.

func (*Manager) GetCommand 

func (m *Manager) GetCommand(uuid string) (*Command, error)

GetCommand gets the command set for an endpoint specified by UUID

func (*Manager) IoCs 

func (m *Manager) IoCs(wt http.ResponseWriter, rq *http.Request)

func (*Manager) IoCsSha256 

func (m *Manager) IoCsSha256(wt http.ResponseWriter, rq *http.Request)

func (*Manager) IsDone 

func (m *Manager) IsDone() bool

IsDone returns true when manager is done

func (*Manager) LoadGeneEngine 

func (m *Manager) LoadGeneEngine() error

LoadGeneEngine make the manager update the gene rules it has to serve

func (*Manager) Rules 

func (m *Manager) Rules(wt http.ResponseWriter, rq *http.Request)

Rules HTTP handler used to serve the rules

func (*Manager) RulesSha256 

func (m *Manager) RulesSha256(wt http.ResponseWriter, rq *http.Request)

RulesSha256 returns the sha256 of the latest set of rules loaded into the manager

func (*Manager) Run 

func (m *Manager) Run()

Run starts a new thread spinning the receiver

func (*Manager) ServerKey 

func (m *Manager) ServerKey(wt http.ResponseWriter, rq *http.Request)

ServerKey HTTP handler used to authenticate server on client side

func (*Manager) Shutdown 

func (m *Manager) Shutdown() (lastErr error)

Shutdown the Manager

func (*Manager) UpdateReducer 

func (m *Manager) UpdateReducer(identifier string, e *event.EdrEvent)

UpdateReducer updates the reducer member of the Manager

func (*Manager) UploadDump 

func (m *Manager) UploadDump(wt http.ResponseWriter, rq *http.Request)

UploadDump HTTP handler used to upload dump files from client to manager

func (*Manager) Wait 

func (m *Manager) Wait()

Wait the Manager to Shutdown

type ManagerClient 

type ManagerClient struct {
	ManagerIP  net.IP
	HTTPClient http.Client
	// contains filtered or unexported fields
}

ManagerClient structure definition

func NewManagerClient 

func NewManagerClient(c *ClientConfig) (*ManagerClient, error)

NewManagerClient creates a new Client to interface with the manager

func (*ManagerClient) Close 

func (m *ManagerClient) Close()

Close closes idle connections from underlying transport

func (*ManagerClient) FetchCommand 

func (m *ManagerClient) FetchCommand() (*Command, error)

func (*ManagerClient) GetIoCs 

func (m *ManagerClient) GetIoCs() ([]string, error)

GetIoCs get IoCs from manager

func (*ManagerClient) GetIoCsSha256 

func (m *ManagerClient) GetIoCsSha256() (string, error)

GetIoCsSha256 retrieves a sha256 from the IoCs available in the manager

func (*ManagerClient) GetRules 

func (m *ManagerClient) GetRules() (string, error)

GetRules retrieve the latest batch of Gene rules available on the server

func (*ManagerClient) GetRulesSha256 

func (m *ManagerClient) GetRulesSha256() (string, error)

GetRulesSha256 returns the sha256 string of the latest batch of rules available on the server

func (*ManagerClient) IsFileAboveUploadLimit 

func (m *ManagerClient) IsFileAboveUploadLimit(path string) bool

func (*ManagerClient) IsServerAuthEnforced 

func (m *ManagerClient) IsServerAuthEnforced() bool

IsServerAuthEnforced returns true if server authentication is requested by the client

func (*ManagerClient) IsServerAuthenticated 

func (m *ManagerClient) IsServerAuthenticated() (auth bool, up bool)

IsServerAuthenticated returns true if the server is authenticated and thus can be trusted

func (*ManagerClient) IsServerUp 

func (m *ManagerClient) IsServerUp() bool

IsServerUp returns true if manager server is up

func (*ManagerClient) PostCommand 

func (m *ManagerClient) PostCommand(command *Command) error

func (*ManagerClient) PostDump 

func (m *ManagerClient) PostDump(f *FileUpload) error

PostDump client helper to upload a file to the Manager

func (*ManagerClient) PostLogs 

func (m *ManagerClient) PostLogs(r io.Reader) error

PostLogs posts logs to be collected

func (*ManagerClient) Prepare 

func (m *ManagerClient) Prepare(method, url string, body io.Reader) (*http.Request, error)

Prepare prepares a http.Request to be sent to the manager

func (*ManagerClient) PrepareGzip 

func (m *ManagerClient) PrepareGzip(method, url string, body io.Reader) (*http.Request, error)

PrepareGzip prepares a http.Request gzip encoded to be sent to the manager

type ManagerConfig 

type ManagerConfig struct {
	// TOML strings need to be first otherwise issue parsing back config
	Database    string            `toml:"db" comment:"Path to store database"`
	RulesDir    string            `toml:"rules-dir" comment:"Gene rule directory\n See: https://github.com/0xrawsec/gene-rules"`
	DumpDir     string            `toml:"dump-dir" comment:"Directory where to dump artifacts collected on hosts"`
	AdminAPI    AdminAPIConfig    `toml:"admin-api" comment:"Settings to configure administrative API (not supposed to be reachable by endpoints)"`
	EndpointAPI EndpointAPIConfig `toml:"endpoint-api" comment:"Settings to configure API used by endpoints"`
	Logging     ManagerLogConfig  `toml:"logging" comment:"Logging settings"`
	TLS         TLSConfig         `toml:"tls" comment:"TLS settings. Leave empty, not to use TLS"`
	// contains filtered or unexported fields
}

ManagerConfig defines manager's configuration structure

func LoadManagerConfig 

func LoadManagerConfig(path string) (*ManagerConfig, error)

LoadManagerConfig loads the manager configuration from a file

func (*ManagerConfig) AdminAPIUrl 

func (mc *ManagerConfig) AdminAPIUrl() string

EndpointAPIUrl returns the URL of the Admin API

func (*ManagerConfig) EndpointAPIUrl 

func (mc *ManagerConfig) EndpointAPIUrl() string

EndpointAPIUrl returns the URL of the Endpoint API

func (*ManagerConfig) Save 

func (mc *ManagerConfig) Save() error

Save saves the configuration to a path specified by the path member of the structure

func (*ManagerConfig) SetPath 

func (mc *ManagerConfig) SetPath(path string)

SetPath exposes the path member for changes

type ManagerLogConfig 

type ManagerLogConfig struct {
	Root        string `toml:"root" comment:"Root directory where logfiles are stored"`
	LogBasename string `toml:"logfile" comment:"Logfile name (relative to root) used to store logs"`
	VerboseHTTP bool   `toml:"verbose-http" comment:"Enables verbose HTTP logs\n When disabled beaconing requests are filtered out"`
}

ManagerLogConfig structure to hold manager's logging configuration

type TLSConfig 

type TLSConfig struct {
	Cert string `toml:"cert" comment:"Path to the certificate file to use for TLS connections"`
	Key  string `toml:"key" comment:"Path to the key to use for TLS connection"`
}

TLSConfig structure definition

func (*TLSConfig) Empty 

func (t *TLSConfig) Empty() bool

Empty returns true if current TLSConfig is empty else false

func (*TLSConfig) Verify 

func (t *TLSConfig) Verify() error

Verify checks whether the files holding cert and key exist

type UploadShrinker 

type UploadShrinker struct {
	// contains filtered or unexported fields
}

func NewUploadShrinker 

func NewUploadShrinker(path, guid, ehash string) (it *UploadShrinker, err error)

NewUploadShrinker creates a new object to shrink files to be uploaded to the manager

func (*UploadShrinker) Close 

func (i *UploadShrinker) Close() error

Close closes the underlying file

func (*UploadShrinker) Done 

func (i *UploadShrinker) Done() bool

Done returns true when all files have been sent

func (*UploadShrinker) Err 

func (i *UploadShrinker) Err() error

Err report any error encountered while iterating over Next

func (*UploadShrinker) Next 

func (i *UploadShrinker) Next() *FileUpload

Next returns the next FileUpload or nil if finished

func (*UploadShrinker) Size 

func (i *UploadShrinker) Size() int64

Size returns the size of the file to be shrinked

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.