config

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddFlags 

func AddFlags(flags *pflag.FlagSet)

AddFlags registers persistent flags.

Types

type Config 

type Config struct {
	// Enabled indicates if YARA watcher is enabled.
	Enabled bool `json:"yara.enabled" yaml:"yara.enabled"`
	// Rule contains rule-specific settings.
	Rule Rule `json:"yara.rule" yaml:"yara.rule" mapstructure:"rule"`
	// AlertVia defines which alert sender is used to emit the alert on rule matches.
	AlertVia string `json:"yara.alert-via" yaml:"yara.alert-via"`
	// AlertTemplate defines the template that is used to render the text of the alert.
	AlertTextTemplate string `json:"yara.alert-text-template" yaml:"yara.alert-text-template"`
	// AlertTitle represents the template for the alert title
	AlertTitleTemplate string `json:"yara.alert-title-template" yaml:"yara.alert-title-template"`
	// FastScanMode avoids multiple matches of the same string when not necessary.
	FastScanMode bool `json:"yara.fastscan" yaml:"yara.fastscan"`
	// ScanTimeout sets the timeout for the scanner. If the timeout is reached, the scan operation is cancelled.
	ScanTimeout time.Duration `json:"yara.scan-timeout" yaml:"yara.scan-timeout"`
	// SkipFiles indicates whether file scanning is disabled
	SkipFiles bool `json:"yara.skip-files" yaml:"yara.skip-files"`
	// ExcludedProcesses contains the list of the process' image names that shouldn't be scanned
	ExcludedProcesses []string `json:"yara.excluded-procs" yaml:"yara.excluded-procs"`
	// ExcludedProcesses contains the list of the file names that shouldn't be scanned
	ExcludedFiles []string `json:"yara.excluded-files" yaml:"yara.excluded-files"`
}

Config stores YARA watcher specific configuration.

func (*Config) InitFromViper 

func (c *Config) InitFromViper(v *viper.Viper)

InitFromViper initializes Yara config from Viper.

func (Config) ShouldSkipFile 

func (c Config) ShouldSkipFile(file string) bool

ShouldSkipFile determines whether the specified file name is rejected by the scanner.

func (Config) ShouldSkipProcess 

func (c Config) ShouldSkipProcess(ps string) bool

ShouldSkipProcess determines whether the specified process name is rejected by the scanner.

type Rule 

type Rule struct {
	// Paths defines the location of the yara rules
	Paths []RulePath `json:"yara.rule.paths" yaml:"yara.rule.paths" mapstructure:"paths"`
	// Strings contains the raw rule definitions
	Strings []RuleString `json:"yara.rule.strings" yaml:"yara.rule.strings" mapstructure:"strings"`
}

Rule contains rule-specific settings.

type RulePath 

type RulePath struct {
	Path      string `json:"path" yaml:"path" mapstructure:"path"`
	Namespace string `json:"namespace" yaml:"namespace" mapstructure:"namespace"`
}

RulePath contains the rule path information.

type RuleString 

type RuleString struct {
	String    string `json:"string" yaml:"string" mapstructure:"string"`
	Namespace string `json:"namespace" yaml:"namespace" mapstructure:"namespace"`
}

RuleString contains the in-place strings for the rule definition.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.