Documentation
¶
Index ¶
- Variables
- type AcquisitionSpec
- type DatasourceConfig
- type DetectConfig
- type DetectOptions
- type Executor
- type ExprEnvironment
- type ExprPath
- type ExprSystem
- type ExprSystemd
- type ExprVersion
- type ExprWindows
- type HubSpec
- type InstallRecommendation
- type OSExprPath
- type ProcessMap
- type ServicePlan
- type ServiceProfile
- type Setup
- type UnitConfig
- type UnitInfo
- type UnitMap
Constants ¶
This section is empty.
Variables ¶
var ( ErrEmptyDatasourceConfig = errors.New("datasource configuration is empty") ErrMissingSourceField = errors.New("source field is required") ErrMissingAcquisitionFilename = errors.New("a filename for the datasource configuration is required") ErrInvalidAcquisitionFilename = errors.New("acquisition filename must not contain slashes (/) or backslashes (\\)") )
var ErrSystemdPropertyNotFound = errors.New("systemd property not found")
Functions ¶
This section is empty.
Types ¶
type AcquisitionSpec ¶
type AcquisitionSpec struct {
Filename string
Datasource DatasourceConfig
}
AcquisitionSpec contains the datasource configuration to support a detected service. The configuration is copied as is, after some static validation depending on the datasource type.
func (*AcquisitionSpec) AddHeader ¶
func (a *AcquisitionSpec) AddHeader(content []byte) []byte
func (*AcquisitionSpec) Open ¶
func (a *AcquisitionSpec) Open(toDir string) (*os.File, error)
Open creates or truncates the acquisition file and returns it opened for writing.
func (*AcquisitionSpec) Path ¶
func (a *AcquisitionSpec) Path(toDir string) (string, error)
Path returns the path where the acquisition spec will be written. The "setup." prefix is added purely as visual hint and for grouping generated files in the directory listing.
func (*AcquisitionSpec) ToYAML ¶
func (a *AcquisitionSpec) ToYAML() ([]byte, error)
func (*AcquisitionSpec) Validate ¶
func (a *AcquisitionSpec) Validate() error
type DatasourceConfig ¶
func (DatasourceConfig) Validate ¶
func (d DatasourceConfig) Validate() error
Validate runs static checks on the configuration, but does not guarantee that the datasource will be initialized correctly at runtime (may require network connections, etc).
type DetectConfig ¶
type DetectConfig struct {
Detect map[string]ServiceProfile `yaml:"detect"`
}
DetectConfig contains a set of supported service profiles, loaded from detect.yaml.
func NewDetectConfig ¶
func NewDetectConfig(detectReader io.Reader) (*DetectConfig, error)
func (*DetectConfig) ListSupportedServices ¶
func (d *DetectConfig) ListSupportedServices() []string
ListSupportedServices returns a sorted list of the services recognized by the detectConfig.
type DetectOptions ¶
type DetectOptions struct {
SkipServices []string // slice of service specs that will be ignored. detection will happen anyway to spot possible errors.
WantServices []string // slice of service specs that will be forced.
SkipSystemd bool // ignore all systemd services. the others can still be detected by process name lookup or other mechanism.
}
DetectOptions contains additional options for the detection process.
type ExprEnvironment ¶
type ExprEnvironment struct {
Host host.InfoStat
Path ExprPath
Systemd *ExprSystemd
System *ExprSystem
Version ExprVersion
Windows *ExprWindows
Ctx context.Context //nolint:containedctx
}
ExprEnvironment is used to expose functions and values to the rule engine. It can cache the results of service detection commands, like systemctl etc.
type ExprSystem ¶
type ExprSystem struct {
// contains filtered or unexported fields
}
func NewExprSystem ¶
func NewExprSystem(runningProcesses ProcessMap) *ExprSystem
func (*ExprSystem) ProcessRunning ¶
ProcessRunning returns true if there is a running process with the given name.
type ExprSystemd ¶
type ExprSystemd struct {
// contains filtered or unexported fields
}
func NewExprSystemd ¶
func NewExprSystemd(installedUnits UnitMap, logger logrus.FieldLogger) *ExprSystemd
func (*ExprSystemd) UnitConfig ¶
UnitConfig returns the value of the specified key in the unit's configuration.
func (*ExprSystemd) UnitInstalled ¶
UnitInstalled returns true if the unit is installed, even if it is not enabled or running.
func (*ExprSystemd) UnitLogsToJournal ¶
UnitLogsToJournal returns true if the unit's logs are configured to go to the journal, either through standard output or standard error.
type ExprVersion ¶
type ExprVersion struct{}
type ExprWindows ¶
type ExprWindows struct{}
func NewExprWindows ¶
func NewExprWindows() (*ExprWindows, error)
func (*ExprWindows) ServiceEnabled ¶
func (e *ExprWindows) ServiceEnabled(serviceName string) (bool, error)
type HubSpec ¶
HubSpec is a map of hub_type -> slice of item names. Most of the times, the hub_type is "collection". All the items in the slice are installed with their dependencies and data files.
type InstallRecommendation ¶
type InstallRecommendation struct {
HubSpec HubSpec `yaml:"hub_spec,omitempty"`
AcquisitionSpec AcquisitionSpec `yaml:"acquisition_spec,omitempty"`
}
InstallRecommendation contains the items and acquisition configuration that should be installed to support a service.
type OSExprPath ¶
type OSExprPath struct{}
type ProcessMap ¶
type ProcessMap map[string]struct{}
func DetectProcesses ¶
func DetectProcesses(ctx context.Context, logger logrus.FieldLogger) (ProcessMap, error)
type ServicePlan ¶
type ServicePlan struct {
Name string `yaml:"detected_service"`
InstallRecommendation `yaml:",inline"`
}
ServicePlan describes the actions to perform for a detected service.
type ServiceProfile ¶
type ServiceProfile struct {
InstallRecommendation `yaml:",inline"`
// The conditions are evaluated in order, they must all be true for the service to be detected, and there is no short-circuiting.
When []string `yaml:"when"`
// contains filtered or unexported fields
}
ServiceProfile contains the rules to detect a running service and the suggested configuration to support it from CrowdSec. The same software can have multiple profiles, for example, a service running on a systemd unit and another one running as a simple process. They will be detected by different rules, will need the same hub items but possibly different acquisition configuration (journalctl vs log file).
func (*ServiceProfile) Compile ¶
func (s *ServiceProfile) Compile() error
func (*ServiceProfile) Evaluate ¶
func (s *ServiceProfile) Evaluate(env *ExprEnvironment, logger logrus.FieldLogger) (bool, error)
type Setup ¶
type Setup struct {
Plans []ServicePlan `yaml:"setup"`
}
Setup corresponds to the setup.yaml file. It is used as an intermediary step between "detect" and "install hub/acquisition".
func BuildSetup ¶
func BuildSetup(ctx context.Context, detectConfig *DetectConfig, opts DetectOptions, exprPath ExprPath, installedUnits UnitMap, runningProcesses ProcessMap, logger logrus.FieldLogger) (*Setup, error)
BuildSetup creates a Setup. The actual detection of services is done here.
func ParseSetupYAML ¶
ParseSetupYAML creates a Setup from setup.yaml, which can be user-provided or the result of a service detection.
func (*Setup) CollectAcquisitionSpecs ¶
func (s *Setup) CollectAcquisitionSpecs() []AcquisitionSpec
func (*Setup) CollectHubSpecs ¶
func (*Setup) DetectedServices ¶
type UnitInfo ¶
type UnitInfo struct {
Config UnitConfig
}
Source Files