sessiontracker

package

v1.0.0 Latest Latest Go to latest Published: Sep 25, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/metal-toolbox/audito-maldito

Links

Open Source Insights

README ¶

Session Tracking Using Audito Maldito

Auditor Interface

The Auditor interface can be implemented by adding AuditdEvent() method. The AuditdEvent() requires that the input event is validated, against the list of available event sessions.

type Auditor interface {
	AuditdEvent(event *aucoalesce.Event) error
}

Session Tracker

Session Tracker, sessionTracker is an implementation of the Auditor Interface. You may create a new seesion tracker object as

import "sessiontracker"

var tracker = sessiontracker.NewSessionTracker(o.EventW, logger)

It takes an auditevent.EventWriter and a zap.SugaredLogger object as parameters.

It contains active auditd sessions, a map of PIDs and remote user logins, and obviously an auditevent.EventWriter and a zap.SugaredLogger.

It has these methods

RemoteLogin It validates and sets a remote login input

Usage

import "github.com/metal-toolbox/audito-maldito/processors/auditd/sessiontracker"

func foo() {
    tracker := sessiontracker.NewSessionTracker(o.EventW, logger)
    err := tracker.RemoteLogin(common.RemoteUserLogin{
        Source:     nil,
        PID:        999,
        CredUserID: "foo",
    })
    if err != nil {
        return fmt.Errorf("failed to handle remote user login - %w", err)
    }
}

AuditdEvent It's the primary method of this type, i.e., sessionTracker. It triggers the audit of the input audit event. A session is bound to it, if it matches a session in the session cache. If a session is bound then it calls auditEventWithSession, else it calls auditEventWithoutSession

Usage
```
import "github.com/metal-toolbox/audito-maldito/processors/auditd/sessiontracker"

func foo() error {
    st := sessiontracker.NewSessionTracker(o.EventW, logger)
    ae := &aucoalesce.Event{
        Session:   sessionID
    }
    err := st.AuditdEvent(ae)
    return err
}
```

DeleteUsersWithoutLoginsBefore This method, as the name says, deletes the audit session before a given timestamp, if the user doesn't have a remote login.

Usage

import "github.com/metal-toolbox/audito-maldito/processors/auditd/sessiontracker"

func foo() error {
    st := sessiontracker.NewSessionTracker(o.EventW, logger)
    st.DeleteUsersWithoutLoginsBefore(time.Now())
}

DeleteRemoteUserLoginsBefore It iterates over remote user logins and checks if a login was before the timestamp, then it deletes that remote user login.

Usage

import "github.com/metal-toolbox/audito-maldito/processors/auditd/sessiontracker"

func foo() error {
    st := sessiontracker.NewSessionTracker(o.EventW, logger)

    var staleDataCleanupInterval = 1 * time.Minute
    aMinuteAgo := time.Now().Add(-staleDataCleanupInterval)

	st.DeleteRemoteUserLoginsBefore(aMinuteAgo)
}

Error Definitions

Error Types

SessionTrackerError

SesstionTrackerError tracks three different kinds of failures.

Remote Login Failure
Parse PID Failure
Audit Write Failure

Here is the struct for it

// SessionTrackerError is used to return errors pertaining to session audits
type SessionTrackerError struct {
    remoteLoginFail bool   // set when remote login cannot be validated
    parsePIDFail    bool   // set when PID of the session cannot be parsed
    auditWriteFail  bool   // set when the audit event fails to write to event writer
    message         string // the error message
    inner           error  // the error object
}

Usage

You may retun a session tracker error, SessionTrackerError, as below

return &SessionTrackerError{
    auditWriteFail: true,
    message: fmt.Sprintf(
        "failed to write cached events for user '%s' - %s",
        u.login.CredUserID, 
        err,
    ),
    inner: err,
}

Documentation ¶

Index ¶

func NewSessionTracker(eventWriter *auditevent.EventWriter, l *zap.SugaredLogger) *sessionTracker
type Auditor
type SessionTrackerError

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewSessionTracker ¶

func NewSessionTracker(eventWriter *auditevent.EventWriter, l *zap.SugaredLogger) *sessionTracker

NewSessionTracker returns a new instance of a sessionTracker.

Types ¶

type Auditor ¶

type Auditor interface {
	AuditdEvent(event *aucoalesce.Event) error
}

Auditor is the interface that wraps the AuditdEvent method. It allows the session tracker to audit events.

type SessionTrackerError ¶

type SessionTrackerError struct {
	// contains filtered or unexported fields
}

SessionTrackerError is used to return errors pertaining to session audits.

func (*SessionTrackerError) AuditEventWriteFailed ¶

func (o *SessionTrackerError) AuditEventWriteFailed() bool

AuditEventWriteFailed returns true when the audit event write fails.

func (*SessionTrackerError) Error ¶

func (o *SessionTrackerError) Error() string

Error returns the error message.

func (*SessionTrackerError) ParsePIDFailed ¶

func (o *SessionTrackerError) ParsePIDFailed() bool

ParsePIDFailed returns true if the PID of the session could not be parsed.

func (*SessionTrackerError) RemoteLoginFailed ¶

func (o *SessionTrackerError) RemoteLoginFailed() bool

RemoteLoginFailed returns true if the remote login validation has failed.

func (*SessionTrackerError) Unwrap ¶

func (o *SessionTrackerError) Unwrap() error

Unwrap unwraps the error content.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fakes

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL