audit

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2026 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	StatusPass = "pass"
	StatusFail = "fail"
	StatusWarn = "warn"
	StatusSkip = "skip"
)

状态常量

Variables

This section is empty.

Functions

func IsLocalIP 

func IsLocalIP(ip string) bool

IsLocalIP 判断是否是本地 IP

func RunAudit 

func RunAudit() (*protocol.VPSAuditResult, error)

RunAudit 使用默认配置执行资产收集(保持向后兼容)

func RunAuditWithConfig 

func RunAuditWithConfig(config *Config) (*protocol.VPSAuditResult, error)

RunAuditWithConfig 使用自定义配置执行资产收集

func SetLogger 

func SetLogger(logger Logger)

SetLogger 设置全局日志器

Types

type Auditor 

type Auditor struct {
	// contains filtered or unexported fields
}

Auditor VPS 资产收集器(Agent端只负责信息收集)

func NewAuditor 

func NewAuditor(config *Config) *Auditor

NewAuditor 创建审计器

func (*Auditor) RunAudit 

func (a *Auditor) RunAudit() (*protocol.VPSAuditResult, error)

RunAudit 执行 VPS 资产收集(Agent端只收集信息,不做安全判断)

type BatchProcessor 

type BatchProcessor struct {
	// contains filtered or unexported fields
}

BatchProcessor 批处理器

func NewBatchProcessor 

func NewBatchProcessor(batchSize int) *BatchProcessor

NewBatchProcessor 创建批处理器

func (*BatchProcessor) Process 

func (bp *BatchProcessor) Process(items []string, handler func(batch []string) error) error

Process 批量处理

type CheckWeight 

type CheckWeight struct {
	Category  string
	FailScore int
	WarnScore int
}

CheckWeight 检查项权重

type CommandExecutor 

type CommandExecutor struct {
	// contains filtered or unexported fields
}

CommandExecutor 命令执行器

func NewCommandExecutor 

func NewCommandExecutor(timeout time.Duration) *CommandExecutor

NewCommandExecutor 创建命令执行器

func (*CommandExecutor) Execute 

func (ce *CommandExecutor) Execute(name string, args ...string) (string, error)

Execute 执行命令

type Config 

type Config struct {
	// 进程相关
	ProcessConfig ProcessConfig

	// SSH 相关
	SSHConfig SSHConfig

	// 网络相关
	NetworkConfig NetworkConfig

	// 文件相关
	FileConfig FileConfig

	// 定时任务相关
	CronConfig CronConfig

	// 登录相关
	LoginConfig LoginConfig

	// 风险评分配置
	ScoringConfig ScoringConfig

	// 性能相关
	PerformanceConfig PerformanceConfig
}

Config 审计配置

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig 返回默认配置

type CronConfig 

type CronConfig struct {
	// 系统 cron 路径
	SystemCronPaths []string
}

CronConfig 定时任务配置

type EvidenceCollector 

type EvidenceCollector struct {
	// contains filtered or unexported fields
}

EvidenceCollector 证据收集器

func NewEvidenceCollector 

func NewEvidenceCollector() *EvidenceCollector

NewEvidenceCollector 创建证据收集器

func (*EvidenceCollector) CollectFileEvidence 

func (ec *EvidenceCollector) CollectFileEvidence(filePath string, riskLevel string) *protocol.Evidence

CollectFileEvidence 收集文件证据

func (*EvidenceCollector) CollectProcessEvidence 

func (ec *EvidenceCollector) CollectProcessEvidence(p *process.Process, riskLevel string) *protocol.Evidence

CollectProcessEvidence 收集进程证据

type FileAssetsCollector 

type FileAssetsCollector struct {
	// contains filtered or unexported fields
}

FileAssetsCollector 文件资产收集器

func NewFileAssetsCollector 

func NewFileAssetsCollector(config *Config, executor *CommandExecutor) *FileAssetsCollector

NewFileAssetsCollector 创建文件资产收集器

func (*FileAssetsCollector) Collect 

func (fac *FileAssetsCollector) Collect() *protocol.FileAssets

Collect 收集文件资产

type FileConfig 

type FileConfig struct {
	// 临时目录列表
	TempDirs []string

	// 可疑路径列表
	SuspiciousPaths []string

	// 关键系统二进制文件
	CriticalBinaries []string

	// 不可变文件检查列表
	ImmutableCheckFiles []string

	// 最近可执行文件阈值 (小时)
	RecentExecutableHours int

	// 大型可执行文件阈值 (MB)
	LargeExecutableMB int64
}

FileConfig 文件检查配置

type FileHashCache 

type FileHashCache struct {
	// contains filtered or unexported fields
}

FileHashCache 文件哈希缓存

func NewFileHashCache 

func NewFileHashCache() *FileHashCache

NewFileHashCache 创建文件哈希缓存

func (*FileHashCache) GetSHA256 

func (fhc *FileHashCache) GetSHA256(filePath string) string

GetSHA256 获取文件 SHA256 哈希(带缓存)

type KernelAssetsCollector 

type KernelAssetsCollector struct {
	// contains filtered or unexported fields
}

KernelAssetsCollector 内核资产收集器

func NewKernelAssetsCollector 

func NewKernelAssetsCollector(config *Config, executor *CommandExecutor) *KernelAssetsCollector

NewKernelAssetsCollector 创建内核资产收集器

func (*KernelAssetsCollector) Collect 

func (kac *KernelAssetsCollector) Collect() *protocol.KernelAssets

Collect 收集内核资产

type Logger 

type Logger interface {
	Debug(format string, args ...interface{})
	Info(format string, args ...interface{})
	Warn(format string, args ...interface{})
	Error(format string, args ...interface{})
}

Logger 日志接口

type LoginAssetsCollector 

type LoginAssetsCollector struct {
	// contains filtered or unexported fields
}

LoginAssetsCollector 登录日志收集器

func NewLoginAssetsCollector 

func NewLoginAssetsCollector(config *Config, executor *CommandExecutor) *LoginAssetsCollector

NewLoginAssetsCollector 创建登录日志收集器

func (*LoginAssetsCollector) Collect 

func (lac *LoginAssetsCollector) Collect() *protocol.LoginAssets

Collect 收集登录日志

type LoginConfig 

type LoginConfig struct {
	// 最近登录记录数量
	RecentLoginCount int

	// 失败登录记录数量
	FailedLoginCount int

	// 高频 IP 阈值
	HighFrequencyIPThreshold int

	// 同一 IP 登录阈值
	SameIPLoginThreshold int

	// Root 不同 IP 阈值
	RootDifferentIPThreshold int
}

LoginConfig 登录历史配置

type NetworkAssetsCollector 

type NetworkAssetsCollector struct {
	// contains filtered or unexported fields
}

NetworkAssetsCollector 网络资产收集器

func NewNetworkAssetsCollector 

func NewNetworkAssetsCollector(config *Config, cache *ProcessCache, executor *CommandExecutor) *NetworkAssetsCollector

NewNetworkAssetsCollector 创建网络资产收集器

func (*NetworkAssetsCollector) Collect 

func (nac *NetworkAssetsCollector) Collect() *protocol.NetworkAssets

Collect 收集网络资产

type NetworkConfig 

type NetworkConfig struct {
	// 可疑端口映射
	SuspiciousPorts map[uint32]string

	// 挖矿池端口
	MinerPorts []uint32

	// 挖矿池域名关键词
	MinerPoolKeywords []string
}

NetworkConfig 网络检查配置

type PerformanceConfig 

type PerformanceConfig struct {
	// 进程缓存时间
	ProcessCacheDuration time.Duration

	// 命令执行超时时间
	CommandTimeout time.Duration

	// authorized_keys 读取限制 (KB)
	AuthKeysReadLimitKB int64

	// 文件完整性检查批量大小
	IntegrityCheckBatchSize int
}

PerformanceConfig 性能配置

type ProcessAssetsCollector 

type ProcessAssetsCollector struct {
	// contains filtered or unexported fields
}

ProcessAssetsCollector 进程资产收集器

func NewProcessAssetsCollector 

func NewProcessAssetsCollector(config *Config, cache *ProcessCache) *ProcessAssetsCollector

NewProcessAssetsCollector 创建进程资产收集器

func (*ProcessAssetsCollector) Collect 

func (pac *ProcessAssetsCollector) Collect() *protocol.ProcessAssets

Collect 收集进程资产

type ProcessCache 

type ProcessCache struct {
	// contains filtered or unexported fields
}

ProcessCache 进程缓存

func NewProcessCache 

func NewProcessCache(ttl time.Duration) *ProcessCache

NewProcessCache 创建进程缓存

func (*ProcessCache) Clear 

func (pc *ProcessCache) Clear()

Clear 清除缓存

func (*ProcessCache) Get 

func (pc *ProcessCache) Get() ([]*process.Process, error)

Get 获取进程列表(带缓存)

type ProcessConfig 

type ProcessConfig struct {
	// 挖矿关键词
	MinerKeywords []string

	// 高 CPU 阈值 (百分比)
	HighCPUThreshold float64

	// 高 CPU 白名单
	HighCPUWhitelist []string

	// Deleted 进程白名单
	DeletedWhitelist []string

	// 最近启动时间阈值 (小时)
	RecentStartupHours int
}

ProcessConfig 进程检查配置

type RetryExecutor 

type RetryExecutor struct {
	// contains filtered or unexported fields
}

RetryExecutor 重试执行器

func NewRetryExecutor 

func NewRetryExecutor(maxRetries int, delay time.Duration) *RetryExecutor

NewRetryExecutor 创建重试执行器

func (*RetryExecutor) Execute 

func (re *RetryExecutor) Execute(fn func() error) error

Execute 执行函数(带重试)

type SSHConfig 

type SSHConfig struct {
	// SSH 二进制文件路径
	BinaryPaths []string

	// SSH 配置文件路径
	ConfigPaths []string

	// 最近修改时间阈值 (天)
	RecentModifyDays int

	// authorized_keys 最大文件大小 (字节)
	MaxAuthorizedKeysSize int64

	// authorized_keys 最近修改时间阈值 (天)
	AuthKeysRecentModifyDays int

	// 最大公钥数量
	MaxKeysCount int
}

SSHConfig SSH 检查配置

type ScoringConfig 

type ScoringConfig struct {
	// 各检查项的权重
	Weights map[string]CheckWeight

	// 威胁等级阈值
	CriticalThreshold int
	HighThreshold     int
	MediumThreshold   int

	// 最大建议数量
	MaxRecommendations int
}

ScoringConfig 风险评分配置

type StringUtils 

type StringUtils struct{}

StringUtils 字符串工具

func (*StringUtils) ContainsAny 

func (su *StringUtils) ContainsAny(s string, keywords []string) bool

ContainsAny 检查字符串是否包含任意关键词

func (*StringUtils) Truncate 

func (su *StringUtils) Truncate(s string, maxLen int) string

TruncateString 截断字符串

type SystemInfoCollector 

type SystemInfoCollector struct {
	// contains filtered or unexported fields
}

SystemInfoCollector 系统信息收集器

func NewSystemInfoCollector 

func NewSystemInfoCollector(executor *CommandExecutor) *SystemInfoCollector

NewSystemInfoCollector 创建系统信息收集器

func (*SystemInfoCollector) Collect 

func (sic *SystemInfoCollector) Collect() (*protocol.SystemInfo, error)

Collect 收集系统信息

type UserAssetsCollector 

type UserAssetsCollector struct {
	// contains filtered or unexported fields
}

UserAssetsCollector 用户资产收集器

func NewUserAssetsCollector 

func NewUserAssetsCollector(config *Config, executor *CommandExecutor) *UserAssetsCollector

NewUserAssetsCollector 创建用户资产收集器

func (*UserAssetsCollector) Collect 

func (uac *UserAssetsCollector) Collect() *protocol.UserAssets

Collect 收集用户资产

type WarningCollector 

type WarningCollector struct {
	// contains filtered or unexported fields
}

WarningCollector 警告收集器

func NewWarningCollector 

func NewWarningCollector() *WarningCollector

NewWarningCollector 创建警告收集器

func (*WarningCollector) Add 

func (wc *WarningCollector) Add(warning string)

Add 添加警告

func (*WarningCollector) GetAll 

func (wc *WarningCollector) GetAll() []string

GetAll 获取所有警告

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.