rule

package

v0.0.0-...-2ec37ed Latest Latest Go to latest Published: Feb 11, 2024 License: GPL-3.0 Imports: 21 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/evilsocket/opensnitch

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Action
type Duration
type Loader
- func NewLoader(liveReload bool) (*Loader, error)
type Operand
type Operator
- func NewOperator(t Type, s Sensitive, o Operand, data string, list []Operator) (*Operator, error)
type Rule
- func Create(name, description string, enabled, precedence, nolog bool, action Action, ...) *Rule
- func Deserialize(reply *protocol.Rule) (*Rule, error)
type Sensitive
type Type

Constants ¶

View Source

const (
	Simple  = Type("simple")
	Regexp  = Type("regexp")
	Complex = Type("complex") // for future use
	List    = Type("list")
	Network = Type("network")
	Lists   = Type("lists")
)

Available types

View Source

const (
	OpTrue                = Operand("true")
	OpProcessID           = Operand("process.id")
	OpProcessPath         = Operand("process.path")
	OpProcessCmd          = Operand("process.command")
	OpProcessEnvPrefix    = Operand("process.env.")
	OpProcessEnvPrefixLen = 12
	OpProcessHashMD5      = Operand("process.hash.md5")
	OpProcessHashSHA1     = Operand("process.hash.sha1")
	OpUserID              = Operand("user.id")
	OpSrcIP               = Operand("source.ip")
	OpSrcPort             = Operand("source.port")
	OpDstIP               = Operand("dest.ip")
	OpDstHost             = Operand("dest.host")
	OpDstPort             = Operand("dest.port")
	OpDstNetwork          = Operand("dest.network")
	OpSrcNetwork          = Operand("source.network")
	OpProto               = Operand("protocol")
	OpIfaceIn             = Operand("iface.in")
	OpIfaceOut            = Operand("iface.out")
	OpList                = Operand("list")
	OpDomainsLists        = Operand("lists.domains")
	OpDomainsRegexpLists  = Operand("lists.domains_regexp")
	OpIPLists             = Operand("lists.ips")
	OpNetLists            = Operand("lists.nets")
)

Available operands

View Source

const (
	Allow  = Action("allow")
	Deny   = Action("deny")
	Reject = Action("reject")
)

Actions of rules

View Source

const (
	Once    = Duration("once")
	Restart = Duration("until restart")
	Always  = Duration("always")
)

daemon possible durations

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action string

Action of a rule

type Duration ¶

type Duration string

Duration of a rule

type Loader ¶

type Loader struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Loader is the object that holds the rules loaded from disk, as well as the rules watcher.

func NewLoader ¶

func NewLoader(liveReload bool) (*Loader, error)

NewLoader loads rules from disk, and watches for changes made to the rules files on disk.

func (*Loader) Add ¶

func (l *Loader) Add(rule *Rule, saveToDisk bool) error

Add adds a rule to the list of rules, and optionally saves it to disk.

func (*Loader) Delete ¶

func (l *Loader) Delete(ruleName string) error

Delete deletes a rule from the list by name. If the duration is Always (i.e: saved on disk), it'll attempt to delete it from disk.

func (*Loader) EnableChecksums ¶

func (l *Loader) EnableChecksums(enable bool)

EnableChecksums enables checksums field for rules globally.

func (*Loader) FindFirstMatch ¶

func (l *Loader) FindFirstMatch(con *conman.Connection) (match *Rule)

FindFirstMatch will try match the connection against the existing rule set.

func (*Loader) GetAll ¶

func (l *Loader) GetAll() map[string]*Rule

GetAll returns the loaded rules.

func (*Loader) HasChecksums ¶

func (l *Loader) HasChecksums(op Operand)

HasChecksums checks if the rule will check for binary checksum matches

func (*Loader) Load ¶

func (l *Loader) Load(path string) error

Load loads rules files from disk.

func (*Loader) NumRules ¶

func (l *Loader) NumRules() int

NumRules returns he number of loaded rules.

func (*Loader) Replace ¶

func (l *Loader) Replace(rule *Rule, saveToDisk bool) error

Replace adds a rule to the list of rules, and optionally saves it to disk.

func (*Loader) Save ¶

func (l *Loader) Save(rule *Rule, path string) error

Save a rule to disk.

type Operand ¶

type Operand string

Operand is what we check on a connection.

type Operator ¶

type Operator struct {
	Operand   Operand    `json:"operand"`
	Data      string     `json:"data"`
	Type      Type       `json:"type"`
	List      []Operator `json:"list"`
	Sensitive Sensitive  `json:"sensitive"`

	sync.RWMutex
	// contains filtered or unexported fields
}

Operator represents what we want to filter of a connection, and how.

func NewOperator ¶

func NewOperator(t Type, s Sensitive, o Operand, data string, list []Operator) (*Operator, error)

NewOperator returns a new operator object

func (*Operator) ClearLists ¶

func (o *Operator) ClearLists()

ClearLists deletes all the entries of a list

func (*Operator) Compile ¶

func (o *Operator) Compile() error

Compile translates the operator type field to its callback counterpart

func (*Operator) Match ¶

func (o *Operator) Match(con *conman.Connection, hasChecksums bool) bool

Match tries to match parts of a connection with the given operator.

func (*Operator) StopMonitoringLists ¶

func (o *Operator) StopMonitoringLists()

StopMonitoringLists stops the monitoring lists goroutine.

func (*Operator) String ¶

func (o *Operator) String() string

type Rule ¶

type Rule struct {
	Created     time.Time `json:"created"`
	Updated     time.Time `json:"updated"`
	Name        string    `json:"name"`
	Description string    `json:"description"`
	Action      Action    `json:"action"`
	Duration    Duration  `json:"duration"`
	Operator    Operator  `json:"operator"`
	Enabled     bool      `json:"enabled"`
	Precedence  bool      `json:"precedence"`
	Nolog       bool      `json:"nolog"`
}

Rule represents an action on a connection. The fields match the ones saved as json to disk. If a .json rule file is modified on disk, it's reloaded automatically.

func Create ¶

func Create(name, description string, enabled, precedence, nolog bool, action Action, duration Duration, op *Operator) *Rule

Create creates a new rule object with the specified parameters.

func Deserialize ¶

func Deserialize(reply *protocol.Rule) (*Rule, error)

Deserialize translates back the rule received to a Rule object

func (*Rule) Match ¶

func (r *Rule) Match(con *conman.Connection, hasChecksums bool) bool

Match performs on a connection the checks a Rule has, to determine if it must be allowed or denied.

func (*Rule) Serialize ¶

func (r *Rule) Serialize() *protocol.Rule

Serialize translates a Rule to the protocol object

func (*Rule) String ¶

func (r *Rule) String() string

type Sensitive ¶

type Sensitive bool

Sensitive defines if a rule is case-sensitive or not. By default no.

type Type ¶

type Type string

Type is the type of rule. Every type has its own way of checking the user data against connections.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL