config

package

v1.2.0 Latest Latest Go to latest Published: Apr 27, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rabbitstack/fibratus

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddFlags ¶

func AddFlags(flags *pflag.FlagSet)

AddFlags registers persistent flags.

Types ¶

type Config ¶

type Config struct {
	// Enabled indicates if YARA watcher is enabled.
	Enabled bool `json:"yara.enabled" yaml:"yara.enabled"`
	// Rule contains rule-specific settings.
	Rule Rule `json:"yara.rule" yaml:"yara.rule" mapstructure:"rule"`
	// AlertVia defines which alert sender is used to emit the alert on rule matches.
	AlertVia string `json:"yara.alert-via" yaml:"yara.alert-via"`
	// AlertTemplate defines the template that is used to render the text of the alert.
	AlertTextTemplate string `json:"yara.alert-text-template" yaml:"yara.alert-text-template"`
	// AlertTitle represents the template for the alert title
	AlertTitleTemplate string `json:"yara.alert-title-template" yaml:"yara.alert-title-template"`
	// FastScanMode avoids multiple matches of the same string when not necessary.
	FastScanMode bool `json:"yara.fastscan" yaml:"yara.fastscan"`
	// ScanTimeout sets the timeout for the scanner. If the timeout is reached, the scan operation is cancelled.
	ScanTimeout time.Duration `json:"yara.scan-timeout" yaml:"yara.scan-timeout"`
	// SkipFiles indicates whether file scanning is disabled
	SkipFiles bool `json:"yara.skip-files" yaml:"yara.skip-files"`
	// ExcludedProcesses contains the list of the process' image names that shouldn't be scanned
	ExcludedProcesses []string `json:"yara.excluded-procs" yaml:"yara.excluded-procs"`
	// ExcludedProcesses contains the list of the file names that shouldn't be scanned
	ExcludedFiles []string `json:"yara.excluded-files" yaml:"yara.excluded-files"`
}

Config stores YARA watcher specific configuration.

func (*Config) InitFromViper ¶

func (c *Config) InitFromViper(v *viper.Viper)

InitFromViper initializes Yara config from Viper.

func (Config) ShouldSkipFile ¶

func (c Config) ShouldSkipFile(file string) bool

ShouldSkipFile determines whether the specified file name is rejected by the scanner.

func (Config) ShouldSkipProcess ¶

func (c Config) ShouldSkipProcess(ps string) bool

ShouldSkipProcess determines whether the specified process name is rejected by the scanner.

type Rule ¶

type Rule struct {
	// Paths defines the location of the yara rules
	Paths []RulePath `json:"yara.rule.paths" yaml:"yara.rule.paths" mapstructure:"paths"`
	// Strings contains the raw rule definitions
	Strings []RuleString `json:"yara.rule.strings" yaml:"yara.rule.strings" mapstructure:"strings"`
}

Rule contains rule-specific settings.

type RulePath ¶

type RulePath struct {
	Path      string `json:"path" yaml:"path" mapstructure:"path"`
	Namespace string `json:"namespace" yaml:"namespace" mapstructure:"namespace"`
}

RulePath contains the rule path information.

type RuleString ¶

type RuleString struct {
	String    string `json:"string" yaml:"string" mapstructure:"string"`
	Namespace string `json:"namespace" yaml:"namespace" mapstructure:"namespace"`
}

RuleString contains the in-place strings for the rule definition.

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL