Documentation
¶
Index ¶
- Variables
- type AcquisitionSpec
- type DatasourceConfig
- type DetectConfig
- type DetectOptions
- type Executor
- type ExprEnvironment
- type ExprOS
- type ExprPath
- type ExprSystem
- type ExprSystemd
- type ExprWindows
- type HubSpec
- type InstallRecommendation
- type OSExprPath
- type ProcessMap
- type ServicePlan
- type ServiceProfile
- type Setup
- type UnitMap
Constants ¶
This section is empty.
Variables ¶
var ( ErrEmptyDatasourceConfig = errors.New("datasource configuration is empty") ErrMissingAcquisitionFilename = errors.New("a filename for the datasource configuration is mandatory") )
Functions ¶
This section is empty.
Types ¶
type AcquisitionSpec ¶
type AcquisitionSpec struct {
Filename string
Datasource DatasourceConfig
}
AcquisitionSpec contains the datasource configuration to support a detected service. The configuration is copied as is, after some static validation depending on the datasource type.
func (*AcquisitionSpec) AddHeader ¶
func (a *AcquisitionSpec) AddHeader(content []byte) []byte
func (*AcquisitionSpec) Open ¶
func (a *AcquisitionSpec) Open(toDir string) (*os.File, error)
Open creates or truncates the acquisition file and returns it opened for writing. If interactive is true, it will prompt the user to confirm overwriting an existing file.
func (*AcquisitionSpec) Path ¶
func (a *AcquisitionSpec) Path(toDir string) (string, error)
Path returns the path where the acquisition spec will be written. The "setup." prefix is added purely as visual hint and for grouping generated files in the directory listing.
func (*AcquisitionSpec) ToYAML ¶
func (a *AcquisitionSpec) ToYAML() ([]byte, error)
func (*AcquisitionSpec) Validate ¶
func (a *AcquisitionSpec) Validate() error
type DatasourceConfig ¶
func (DatasourceConfig) Validate ¶
func (d DatasourceConfig) Validate() error
Validate runs static checks on the configuration, but does not guarantee that the datasource will be initialized correctly at runtime (some require network connections, etc).
type DetectConfig ¶
type DetectConfig struct {
Detect map[string]ServiceProfile `yaml:"detect"`
}
DetectConfig contains a set of supported service profiles, loaded from detect.yaml.
func NewDetectConfig ¶
func NewDetectConfig(detectReader io.Reader) (*DetectConfig, error)
func (*DetectConfig) ListSupportedServices ¶
func (d *DetectConfig) ListSupportedServices() []string
ListSupportedServices returns a sorted list of the services recognized by the detectConfig.
type DetectOptions ¶
type DetectOptions struct {
ForcedUnits []string // slice of unit names that we want to force-detect.
ForcedProcesses []string // slice of process names that we want to force-detect.
ForcedOS ExprOS // override OS identification, useful for unsupported platforms or to generate setup.yaml for another machine.
SkipServices []string // slice of service specs that will be ignored. detection will happen anyway to spot possible errors.
SkipSystemd bool // ignore all systemd services. the others can still be detected by process name lookup or other mechanism.
}
DetectOptions contains additional options for the detection process.
type ExprEnvironment ¶
type ExprEnvironment struct {
OS ExprOS
Path ExprPath
Systemd *ExprSystemd
System *ExprSystem
Windows *ExprWindows
Ctx context.Context //nolint:containedctx
}
ExprEnvironment is used to expose functions and values to the rule engine. It can cache the results of service detection commands, like systemctl etc.
type ExprOS ¶
ExprOS contains the detected (or forced) OS fields available to the rule engine.
func (ExprOS) VersionCheck ¶
VersionCheck returns true if the version of the OS matches the given constraint.
type ExprSystem ¶
type ExprSystem struct {
// contains filtered or unexported fields
}
func NewExprSystem ¶
func NewExprSystem(runningProcesses ProcessMap, forcedProcesses []string) *ExprSystem
func (*ExprSystem) ProcessRunning ¶
ProcessRunning returns true if there is a running process with the given name.
type ExprSystemd ¶
type ExprSystemd struct {
// contains filtered or unexported fields
}
func NewExprSystemd ¶
func NewExprSystemd(installedUnits UnitMap, forcedUnits []string) *ExprSystemd
func (*ExprSystemd) UnitEnabled ¶
UnitEnabled returns true if the unit exists and is enabled in the systemctl output.
type ExprWindows ¶
type ExprWindows struct{}
func NewExprWindows ¶
func NewExprWindows() (*ExprWindows, error)
func (*ExprWindows) ServiceEnabled ¶
func (e *ExprWindows) ServiceEnabled(serviceName string) (bool, error)
type HubSpec ¶
HubSpec is a map of hub_type -> slice of item names. Most of the times, the hub_type is "collection". All the items in the slice are installed with their dependencies and data files.
type InstallRecommendation ¶
type InstallRecommendation struct {
HubSpec HubSpec `yaml:"hub_spec,omitempty"`
AcquisitionSpec AcquisitionSpec `yaml:"acquisition_spec,omitempty"`
}
InstallRecommendation contains the items and acquisition configuration that should be installed to support a service.
type OSExprPath ¶
type OSExprPath struct{}
type ProcessMap ¶
type ProcessMap map[string]struct{}
func DetectProcesses ¶
func DetectProcesses(ctx context.Context, additionalProcesses []string, logger logrus.FieldLogger) (ProcessMap, error)
type ServicePlan ¶
type ServicePlan struct {
Name string `yaml:"detected_service"`
InstallRecommendation `yaml:",inline"`
}
ServicePlan describes the actions to perform for a detected service.
type ServiceProfile ¶
type ServiceProfile struct {
// The conditions are evaluated in order, they must all be true for the service to be detected, and there is no short-circuiting.
When []string `yaml:"when"`
InstallRecommendation `yaml:",inline"`
// contains filtered or unexported fields
}
ServiceProfile contains the rules to detect a running service and the suggested configuration to support it from CrowdSec. The same software can have multiple profiles, for example, a service running on a systemd unit and another one running as a simple process. They will be detected by different rules, will need the same hub items but possibly different acquisition configuration (journalctl vs log file).
func (*ServiceProfile) Compile ¶
func (s *ServiceProfile) Compile() error
func (*ServiceProfile) Evaluate ¶
func (s *ServiceProfile) Evaluate(env *ExprEnvironment, logger logrus.FieldLogger) (bool, error)
type Setup ¶
type Setup struct {
Plans []ServicePlan `yaml:"setup"`
}
Setup corresponds to the setup.yaml file. It is used as an intermediary step between "detect" and "install hub/acquisition".
func BuildSetup ¶
func BuildSetup(ctx context.Context, detectConfig *DetectConfig, opts DetectOptions, exprPath ExprPath, installedUnits UnitMap, runningProcesses ProcessMap, logger logrus.FieldLogger) (*Setup, error)
BuildSetup creates a Setup. The actual detection of services is done here.
func ParseSetupYAML ¶
ParseSetupYAML creates a Setup from setup.yaml, which can be user-provided or the result of a service detection.
func (*Setup) CollectAcquisitionSpecs ¶
func (s *Setup) CollectAcquisitionSpecs() []AcquisitionSpec
func (*Setup) CollectHubSpecs ¶
func (*Setup) DetectedServices ¶
type UnitMap ¶
type UnitMap map[string]struct{}
func DetectSystemdUnits ¶
func DetectSystemdUnits(ctx context.Context, executor Executor, additionalUnits []string) (UnitMap, error)
DetectSystemdUnits returns all enabled systemd units. It needs to parse the table because -o json does not work everywhere. The additionalUnits parameter will force the function to return these as well, even if they are not detected.
Source Files