core

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LogAlert 

func LogAlert(filename string, alert Alert) error

LogAlert logs an alert to the specified file

func WriteToFile 

func WriteToFile(filename string, content string) error

WriteToFile is a utility function for writing content to files

Types

type Alert 

type Alert struct {
	ID          string                 `json:"id"`
	Timestamp   time.Time              `json:"timestamp"`
	Severity    string                 `json:"severity"`
	Title       string                 `json:"title"`
	Description string                 `json:"description"`
	RuleName    string                 `json:"rule_name"`
	Process     *ProcessInfo           `json:"process,omitempty"`
	Network     *NetworkInfo           `json:"network,omitempty"`
	File        *FileInfo              `json:"file,omitempty"`
	Metadata    map[string]interface{} `json:"metadata,omitempty"`
}

Alert represents a security alert

func (Alert) Format 

func (a Alert) Format() string

Format returns a formatted string representation of the alert

type BatchOperation 

type BatchOperation struct {
	Bucket string
	Key    []byte
	Value  []byte
	Done   chan error
}

BatchOperation represents a batched database operation

type CachedFileInfo 

type CachedFileInfo struct {
	Path     string
	Size     int64
	ModTime  time.Time
	LastSeen time.Time
	Hash     uint64
}

type CachedProcessInfo 

type CachedProcessInfo struct {
	PID        int32
	Name       string
	Status     string
	CPUPercent float64
	MemoryMB   float32
	CreateTime time.Time
	LastSeen   time.Time
	Hash       uint64 // for quick comparison
}

type ConnectionInfo 

type ConnectionInfo struct {
	LocalAddr  string
	LocalPort  uint32
	RemoteAddr string
	RemotePort uint32
	Status     string
	PID        int32
	LastSeen   time.Time
	Hash       uint64
}

type DBStats 

type DBStats struct {
	Reads        int64
	Writes       int64
	BatchWrites  int64
	Errors       int64
	AvgReadTime  time.Duration
	AvgWriteTime time.Duration
	CacheHits    int64
	CacheMisses  int64
}

DBStats tracks database performance metrics

type DiffRenderer 

type DiffRenderer struct {
	// contains filtered or unexported fields
}

DiffRenderer renders diff results in various formats

func NewDiffRenderer 

func NewDiffRenderer(format string) *DiffRenderer

NewDiffRenderer creates a new diff renderer

func (*DiffRenderer) Render 

func (dr *DiffRenderer) Render(result *DiffResult) (string, error)

Render renders the diff result in the specified format

type DiffResult 

type DiffResult struct {
	From              string        `json:"from"`
	To                string        `json:"to"`
	ProcessChanges    []ProcessDiff `json:"process_changes"`
	NetworkChanges    []NetworkDiff `json:"network_changes"`
	FilesystemChanges []FileDiff    `json:"filesystem_changes"`
	Summary           DiffSummary   `json:"summary"`
}

DiffResult contains the result of comparing two snapshots

type DiffSummary 

type DiffSummary struct {
	ProcessesAdded   int `json:"processes_added"`
	ProcessesRemoved int `json:"processes_removed"`
	ProcessesChanged int `json:"processes_changed"`
	NetworkAdded     int `json:"network_added"`
	NetworkRemoved   int `json:"network_removed"`
	FilesChanged     int `json:"files_changed"`
	TotalChanges     int `json:"total_changes"`
}

DiffSummary provides high-level diff statistics

type Differ 

type Differ struct{}

Differ compares system snapshots

func NewDiffer 

func NewDiffer() *Differ

NewDiffer creates a new snapshot differ

func (*Differ) CompareSnapshots 

func (d *Differ) CompareSnapshots(from, to string) (*DiffResult, error)

CompareSnapshots compares two system snapshots

type ELFFile 

type ELFFile struct {
	Path         string `json:"path"`
	Modification string `json:"modification"`
	Expected     string `json:"expected,omitempty"`
	Actual       string `json:"actual,omitempty"`
}

ELFFile represents a modified ELF binary

type EntropyFile 

type EntropyFile struct {
	Path    string  `json:"path"`
	Entropy float64 `json:"entropy"`
	Size    int64   `json:"size"`
}

EntropyFile represents a high-entropy binary file

type FIFOInjection 

type FIFOInjection struct {
	Path string `json:"path"`
	PID  int    `json:"pid"`
	Type string `json:"type"`
}

FIFOInjection represents a FIFO-based injection attack

type FastDB 

type FastDB struct {
	// contains filtered or unexported fields
}

FastDB provides high-performance database operations

func NewFastDB 

func NewFastDB(path string) (*FastDB, error)

NewFastDB creates a new high-performance database

func (*FastDB) BatchWrite 

func (fdb *FastDB) BatchWrite(bucket string, key, value []byte) error

BatchWrite queues a write operation for batching

func (*FastDB) Close 

func (fdb *FastDB) Close() error

Close closes the database and cleans up resources

func (*FastDB) Compact 

func (fdb *FastDB) Compact() error

Compact performs database compaction for optimal performance

func (*FastDB) FastBulkWrite 

func (fdb *FastDB) FastBulkWrite(bucket string, data map[string][]byte) error

FastBulkWrite performs bulk write operations with optimal batching

func (*FastDB) FastIterate 

func (fdb *FastDB) FastIterate(bucket string, fn func(key, value []byte) error) error

FastIterate performs high-speed iteration over a bucket

func (*FastDB) FastRead 

func (fdb *FastDB) FastRead(bucket string, key []byte) ([]byte, error)

FastRead performs a high-speed read operation

func (*FastDB) FastWrite 

func (fdb *FastDB) FastWrite(bucket string, key, value []byte) error

FastWrite performs a high-speed write operation

func (*FastDB) GetStats 

func (fdb *FastDB) GetStats() DBStats

GetStats returns database performance statistics

func (*FastDB) PreallocateBuckets 

func (fdb *FastDB) PreallocateBuckets(buckets []string) error

PreallocateBuckets preallocates commonly used buckets for performance

type FileDiff 

type FileDiff struct {
	Type   string    `json:"type"`
	Path   string    `json:"path"`
	Before *FileInfo `json:"before,omitempty"`
	After  *FileInfo `json:"after,omitempty"`
}

FileDiff represents changes in filesystem state

type FileInfo 

type FileInfo struct {
	Path      string    `json:"path"`
	Event     string    `json:"event"`
	PID       int       `json:"pid"`
	Process   string    `json:"process"`
	Timestamp time.Time `json:"timestamp"`
	Size      int64     `json:"size,omitempty"`
	Mode      string    `json:"mode,omitempty"`
	Entropy   float64   `json:"entropy,omitempty"`
}

FileInfo contains file system event information

type FilesystemMonitor 

type FilesystemMonitor struct {
	// contains filtered or unexported fields
}

FilesystemMonitor tracks filesystem changes with ULTRA-HIGH performance

func NewFilesystemMonitor 

func NewFilesystemMonitor(db *bbolt.DB) *FilesystemMonitor

NewFilesystemMonitor creates a new ULTRA-HIGH performance filesystem monitor

func (*FilesystemMonitor) GetStats 

func (fm *FilesystemMonitor) GetStats() map[string]interface{}

GetStats returns ULTRA-HIGH performance statistics

func (*FilesystemMonitor) Start 

func (fm *FilesystemMonitor) Start() error

Start begins filesystem monitoring with ULTRA-HIGH performance

func (*FilesystemMonitor) Stop 

func (fm *FilesystemMonitor) Stop()

Stop ends filesystem monitoring

type MountInfo 

type MountInfo struct {
	Device     string   `json:"device"`
	Path       string   `json:"path"`
	Type       string   `json:"type"`
	Options    []string `json:"options"`
	Suspicious bool     `json:"suspicious,omitempty"`
}

MountInfo contains filesystem mount information

type NetworkDiff 

type NetworkDiff struct {
	Type   string       `json:"type"`
	Before *NetworkInfo `json:"before,omitempty"`
	After  *NetworkInfo `json:"after,omitempty"`
}

NetworkDiff represents changes in network state

type NetworkInfo 

type NetworkInfo struct {
	Protocol    string `json:"protocol"`
	LocalAddr   string `json:"local_addr"`
	LocalPort   int    `json:"local_port"`
	RemoteAddr  string `json:"remote_addr"`
	RemotePort  int    `json:"remote_port"`
	State       string `json:"state"`
	PID         int    `json:"pid"`
	ProcessName string `json:"process_name"`
}

NetworkInfo contains network connection details

type NetworkMonitor 

type NetworkMonitor struct {
	// contains filtered or unexported fields
}

NetworkMonitor tracks network connections with ULTRA-HIGH performance

func NewNetworkMonitor 

func NewNetworkMonitor(db *bbolt.DB) *NetworkMonitor

NewNetworkMonitor creates a new ULTRA-HIGH performance network monitor

func (*NetworkMonitor) GetStats 

func (nm *NetworkMonitor) GetStats() map[string]interface{}

GetStats returns ULTRA-HIGH performance statistics

func (*NetworkMonitor) Start 

func (nm *NetworkMonitor) Start() error

Start begins network monitoring with ULTRA-HIGH performance

func (*NetworkMonitor) Stop 

func (nm *NetworkMonitor) Stop()

Stop ends network monitoring

type ProcessDiff 

type ProcessDiff struct {
	Type    string       `json:"type"` // "added", "removed", "modified"
	PID     int          `json:"pid"`
	Before  *ProcessInfo `json:"before,omitempty"`
	After   *ProcessInfo `json:"after,omitempty"`
	Changes []string     `json:"changes,omitempty"`
}

ProcessDiff represents changes in process state

type ProcessInfo 

type ProcessInfo struct {
	PID        int       `json:"pid"`
	PPID       int       `json:"ppid"`
	Name       string    `json:"name"`
	Cmdline    string    `json:"cmdline"`
	Status     string    `json:"status"`
	CreateTime time.Time `json:"create_time"`
	UID        int       `json:"uid,omitempty"`
	GID        int       `json:"gid,omitempty"`
	Memory     uint64    `json:"memory,omitempty"`
	CPU        float64   `json:"cpu,omitempty"`
	Threads    int       `json:"threads,omitempty"`
}

ProcessInfo contains detailed process information

type ProcessMonitor 

type ProcessMonitor struct {
	// contains filtered or unexported fields
}

ProcessMonitor tracks process lifecycle events with ULTRA-HIGH performance

func NewProcessMonitor 

func NewProcessMonitor(db *bbolt.DB, targetPID int) *ProcessMonitor

NewProcessMonitor creates a new ULTRA-HIGH performance process monitor

func (*ProcessMonitor) GetStats 

func (pm *ProcessMonitor) GetStats() map[string]interface{}

GetStats returns ULTRA-HIGH performance statistics

func (*ProcessMonitor) Start 

func (pm *ProcessMonitor) Start() error

Start begins process monitoring with ULTRA-HIGH performance

func (*ProcessMonitor) Stop 

func (pm *ProcessMonitor) Stop()

Stop ends process monitoring

type Recorder 

type Recorder struct {
	// contains filtered or unexported fields
}

Recorder captures system state snapshots

func NewRecorder 

func NewRecorder(filename string) *Recorder

NewRecorder creates a new system state recorder

func (*Recorder) Close 

func (r *Recorder) Close() error

Close closes the database connection

func (*Recorder) GetSummary 

func (r *Recorder) GetSummary() RecordingStats

GetSummary returns recording statistics

func (*Recorder) Initialize 

func (r *Recorder) Initialize() error

Initialize sets up the recorder database and monitors

func (*Recorder) Start 

func (r *Recorder) Start(targetPID int, ruleFiles []string) error

Start begins recording system state

func (*Recorder) Stop 

func (r *Recorder) Stop() error

Stop ends recording and finalizes the database

type RecordingStats 

type RecordingStats struct {
	ProcessCount   int       `json:"process_count"`
	NetworkEvents  int       `json:"network_events"`
	FileEvents     int       `json:"file_events"`
	RuleViolations int       `json:"rule_violations"`
	FileSizeMB     float64   `json:"file_size_mb"`
	StartTime      time.Time `json:"start_time"`
	EndTime        time.Time `json:"end_time"`
}

RecordingStats tracks recording metrics

type ReplayConfig 

type ReplayConfig struct {
	StartTime string
	EndTime   string
	Speed     float64
	Filter    string
}

ReplayConfig defines configuration for snapshot replay

type ReplayInfo 

type ReplayInfo struct {
	Duration   time.Duration `json:"duration"`
	EventCount int           `json:"event_count"`
	StartTime  time.Time     `json:"start_time"`
	EndTime    time.Time     `json:"end_time"`
}

ReplayInfo contains metadata about a recording

type ReplayPlayer 

type ReplayPlayer struct {
	// contains filtered or unexported fields
}

ReplayPlayer replays recorded system snapshots

func NewReplayPlayer 

func NewReplayPlayer(filename string) *ReplayPlayer

NewReplayPlayer creates a new replay player

func (*ReplayPlayer) GetInfo 

func (rp *ReplayPlayer) GetInfo() ReplayInfo

GetInfo returns information about the loaded recording

func (*ReplayPlayer) Load 

func (rp *ReplayPlayer) Load() error

Load loads the recording file

func (*ReplayPlayer) Play 

func (rp *ReplayPlayer) Play(config ReplayConfig) error

Play starts playback of the recording

type Rule 

type Rule struct {
	Name        string                 `yaml:"name"`
	Description string                 `yaml:"description"`
	Severity    string                 `yaml:"severity"`
	Type        string                 `yaml:"type"` // process, network, file
	Conditions  map[string]interface{} `yaml:"conditions"`
}

Rule represents a detection rule

type ScanResults 

type ScanResults struct {
	HighEntropyFiles []EntropyFile   `json:"high_entropy_files"`
	ModifiedELFs     []ELFFile       `json:"modified_elfs"`
	SuspiciousMounts []MountInfo     `json:"suspicious_mounts"`
	FIFOInjections   []FIFOInjection `json:"fifo_injections"`
	Timestamp        time.Time       `json:"timestamp"`
	ScanPath         string          `json:"scan_path"`
}

ScanResults contains security scan findings

type SystemSnapshot 

type SystemSnapshot struct {
	Timestamp time.Time     `json:"timestamp"`
	Label     string        `json:"label"`
	Processes []ProcessInfo `json:"processes"`
	Network   []NetworkInfo `json:"network"`
	Mounts    []MountInfo   `json:"mounts"`
}

SystemSnapshot represents a point-in-time system state

type TraceConfig 

type TraceConfig struct {
	PID        int
	ShowTree   bool
	SysCalls   bool
	MaxDepth   int
	FollowFork bool
}

TraceConfig defines configuration for process tracing

type Tracer 

type Tracer struct {
	// contains filtered or unexported fields
}

Tracer provides process and system call tracing capabilities

func NewTracer 

func NewTracer() *Tracer

NewTracer creates a new process tracer

func (*Tracer) Start 

func (t *Tracer) Start(config TraceConfig) error

Start begins tracing the specified process

func (*Tracer) Stop 

func (t *Tracer) Stop()

Stop ends the tracing session

type Watcher 

type Watcher struct {
	// contains filtered or unexported fields
}

Watcher monitors system activity and triggers rule-based alerts

func NewWatcher 

func NewWatcher() *Watcher

NewWatcher creates a new system watcher

func (*Watcher) LoadRules 

func (w *Watcher) LoadRules(filePaths []string) error

LoadRules loads detection rules from files

func (*Watcher) Start 

func (w *Watcher) Start(alerts chan<- Alert, interval string) error

Start begins real-time monitoring

func (*Watcher) Stop 

func (w *Watcher) Stop()

Stop ends monitoring

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.