security

package
v0.35.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2026 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

Package security provides comprehensive audit logging for security events

Package security provides security event correlation and analysis

Package security provides cryptographic operations for Prism profiles

Package security provides a stub Windows machine GUID for non-Windows platforms.

Package security provides device fingerprinting for secure device binding

Package security provides secure storage and verification for Prism profiles.

Package security provides keychain information and diagnostics

Package security provides Linux Secret Service integration using D-Bus

Package security provides macOS stub implementations for non-macOS platforms

Package security provides Windows stub implementations for non-Windows platforms

Package security provides security monitoring dashboard and alerting

Package security provides secure registry communication with request signing and certificate pinning

Package security provides tamper detection and file integrity monitoring

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidCiphertext = &EncryptionError{Operation: "decrypt", Err: fmt.Errorf("invalid ciphertext")}
	ErrKeyDerivation     = &EncryptionError{Operation: "key_derivation", Err: fmt.Errorf("key derivation failed")}
)

Common encryption errors

View Source 
var (
	ErrFingerprintMismatch   = &DeviceFingerprintError{Operation: "validation", Err: fmt.Errorf("device fingerprint mismatch")}
	ErrFingerprintGeneration = &DeviceFingerprintError{Operation: "generation", Err: fmt.Errorf("fingerprint generation failed")}
)

Common fingerprinting errors

View Source 
var (
	ErrKeychainUnsupported = errors.New("keychain not supported on this platform")
	ErrKeychainNotFound    = errors.New("keychain entry not found")
	ErrKeychainAccess      = errors.New("access to keychain denied")
)

Common errors

View Source 
var (
	ErrFileNotProtected   = &TamperDetectionError{Operation: "protection_check", Err: fmt.Errorf("file not under protection")}
	ErrIntegrityViolation = &TamperDetectionError{Operation: "integrity_check", Err: fmt.Errorf("file integrity violation")}
)

Common tamper detection errors

Functions

func PeriodicIntegrityCheck 

func PeriodicIntegrityCheck(protection *TamperProtection)

PeriodicIntegrityCheck performs regular integrity validation

func StoreDeviceBinding 

func StoreDeviceBinding(binding *DeviceBinding, profileName string) (string, error)

StoreDeviceBinding stores a device binding in the keychain

func UpdateLastValidated 

func UpdateLastValidated(bindingRef string) error

UpdateLastValidated updates the last validated timestamp of a binding

func ValidateDeviceBinding 

func ValidateDeviceBinding(bindingRef string) (bool, error)

ValidateDeviceBinding performs strict device binding validation

func ValidateKeychainProvider 

func ValidateKeychainProvider() error

ValidateKeychainProvider performs comprehensive validation of the keychain provider

func ValidateSystemIntegrity 

func ValidateSystemIntegrity() error

ValidateSystemIntegrity performs a comprehensive integrity check

Types

type AlertHandler 

type AlertHandler interface {
	SendAlert(alert SecurityAlert) error
}

AlertHandler defines interface for handling security alerts

type AlertSeverity 

type AlertSeverity string

AlertSeverity defines alert severity levels 

const (
	AlertSeverityLow      AlertSeverity = "LOW"
	AlertSeverityMedium   AlertSeverity = "MEDIUM"
	AlertSeverityHigh     AlertSeverity = "HIGH"
	AlertSeverityCritical AlertSeverity = "CRITICAL"
)

type AlertThresholds 

type AlertThresholds struct {
	FailedAttemptsPerHour   int           `json:"failed_attempts_per_hour"`
	TamperAttemptsThreshold int           `json:"tamper_attempts_threshold"`
	MaxFailedDeviceBinding  int           `json:"max_failed_device_binding"`
	AlertWindow             time.Duration `json:"alert_window"`
	CriticalEventImmediate  bool          `json:"critical_event_immediate"`
}

AlertThresholds defines thresholds for security alerts

type AttackPattern 

type AttackPattern struct {
	Name            string                 `json:"name"`
	Description     string                 `json:"description"`
	EventSequence   []string               `json:"event_sequence"`
	TimeWindow      time.Duration          `json:"time_window"`
	RiskScore       int                    `json:"risk_score"`
	Indicators      []string               `json:"indicators"`
	Countermeasures []string               `json:"countermeasures"`
	Metadata        map[string]interface{} `json:"metadata"`
}

AttackPattern represents a known attack pattern for detection

type BaselineMetrics 

type BaselineMetrics struct {
	StartTime            time.Time      `json:"start_time"`
	TotalEvents          int            `json:"total_events"`
	AverageEventsPerHour float64        `json:"average_events_per_hour"`
	CommonEventTypes     map[string]int `json:"common_event_types"`
	PeakActivityHours    []int          `json:"peak_activity_hours"`
	TypicalFailureRate   float64        `json:"typical_failure_rate"`
	NormalDeviceCount    int            `json:"normal_device_count"`
	LastUpdated          time.Time      `json:"last_updated"`
}

BaselineMetrics tracks normal system behavior

type BindingMaterial 

type BindingMaterial struct {
	DeviceID        string    `json:"device_id"`
	ProfileID       string    `json:"profile_id"`
	InvitationToken string    `json:"invitation_token"`
	Created         time.Time `json:"created"`
	LastValidated   time.Time `json:"last_validated"`
}

BindingMaterial represents the secure data stored in keychain

type CertificatePinner 

type CertificatePinner struct {
	// contains filtered or unexported fields
}

CertificatePinner implements certificate pinning for registry connections

func NewCertificatePinner 

func NewCertificatePinner() (*CertificatePinner, error)

NewCertificatePinner creates a new certificate pinner with default pinned certificates

func (*CertificatePinner) VerifyPeerCertificate 

func (p *CertificatePinner) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

VerifyPeerCertificate implements certificate pinning

type ConsoleAlertHandler 

type ConsoleAlertHandler struct{}

ConsoleAlertHandler provides console-based alert handling

func (*ConsoleAlertHandler) SendAlert 

func (h *ConsoleAlertHandler) SendAlert(alert SecurityAlert) error

type CorrelationRule 

type CorrelationRule struct {
	ID          string                 `json:"id"`
	Name        string                 `json:"name"`
	Description string                 `json:"description"`
	EventTypes  []string               `json:"event_types"`
	TimeWindow  time.Duration          `json:"time_window"`
	Threshold   int                    `json:"threshold"`
	Severity    AlertSeverity          `json:"severity"`
	Conditions  map[string]interface{} `json:"conditions"`
	Actions     []string               `json:"actions"`
}

CorrelationRule defines rules for correlating security events

type CorrelationRuleEngine 

type CorrelationRuleEngine struct {
	// contains filtered or unexported fields
}

CorrelationRuleEngine manages correlation rules and pattern detection

type CryptoProvider 

type CryptoProvider struct {
	// contains filtered or unexported fields
}

CryptoProvider handles encryption and decryption operations

func NewCryptoProvider 

func NewCryptoProvider() (*CryptoProvider, error)

NewCryptoProvider creates a new crypto provider with device-specific key derivation

func (*CryptoProvider) Decrypt 

func (c *CryptoProvider) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt decrypts data using AES-256-GCM

func (*CryptoProvider) Encrypt 

func (c *CryptoProvider) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts data using AES-256-GCM with random nonce

type DeviceBinding 

type DeviceBinding struct {
	DeviceID          string             `json:"device_id"`
	ProfileID         string             `json:"profile_id"`
	InvitationToken   string             `json:"invitation_token,omitempty"`
	Created           time.Time          `json:"created"`
	LastValidated     time.Time          `json:"last_validated"`
	DeviceFingerprint *DeviceFingerprint `json:"device_fingerprint"`

	// Legacy fields (deprecated but kept for compatibility)
	DeviceName   string   `json:"device_name,omitempty"`
	MacAddresses []string `json:"mac_addresses,omitempty"`
	UserName     string   `json:"user_name,omitempty"`
}

DeviceBinding represents the binding between a profile and a device

func CreateDeviceBinding 

func CreateDeviceBinding(profileID, invitationToken string) (*DeviceBinding, error)

CreateDeviceBinding generates a new device binding with robust fingerprinting

func RetrieveDeviceBinding 

func RetrieveDeviceBinding(bindingRef string) (*DeviceBinding, error)

RetrieveDeviceBinding retrieves a device binding from the keychain

type DeviceBindingViolation 

type DeviceBindingViolation struct {
	ProfileID      string
	ExpectedDevice string
	CurrentDevice  string
	RiskLevel      RiskLevel
	ViolationType  ViolationType
}

DeviceBindingViolation represents a device binding security violation

func (*DeviceBindingViolation) Error 

func (e *DeviceBindingViolation) Error() string

type DeviceFingerprint 

type DeviceFingerprint struct {
	// System identifiers
	Hostname     string `json:"hostname"`
	SystemUUID   string `json:"system_uuid,omitempty"`
	MachineID    string `json:"machine_id,omitempty"`
	OSVersion    string `json:"os_version"`
	Architecture string `json:"architecture"`

	// Network identifiers
	MACAddresses []string `json:"mac_addresses"`
	PrimaryMAC   string   `json:"primary_mac"`

	// User context
	UserID   string `json:"user_id"`
	Username string `json:"username"`
	HomeDir  string `json:"home_dir"`

	// Temporal context
	Created     time.Time `json:"created"`
	InstallTime time.Time `json:"install_time"`

	// Computed fingerprint hash
	Hash string `json:"hash"`
}

DeviceFingerprint represents a comprehensive device identifier

func GenerateDeviceFingerprint 

func GenerateDeviceFingerprint() (*DeviceFingerprint, error)

GenerateDeviceFingerprint creates a comprehensive device fingerprint

func (*DeviceFingerprint) GetRiskLevel 

func (fp *DeviceFingerprint) GetRiskLevel(other *DeviceFingerprint) RiskLevel

GetRiskLevel assesses the risk level of fingerprint differences

func (*DeviceFingerprint) HasMatchingMAC 

func (fp *DeviceFingerprint) HasMatchingMAC(other *DeviceFingerprint) bool

HasMatchingMAC checks if fingerprints have at least one matching MAC address

func (*DeviceFingerprint) Matches 

func (fp *DeviceFingerprint) Matches(other *DeviceFingerprint) bool

Matches compares two device fingerprints for equality

func (*DeviceFingerprint) String 

func (fp *DeviceFingerprint) String() string

String returns a human-readable representation of the fingerprint

type DeviceFingerprintError 

type DeviceFingerprintError struct {
	Operation string
	Err       error
}

DeviceFingerprintError represents fingerprinting-related errors

func (*DeviceFingerprintError) Error 

func (e *DeviceFingerprintError) Error() string

func (*DeviceFingerprintError) Unwrap 

func (e *DeviceFingerprintError) Unwrap() error

type DeviceProfile 

type DeviceProfile struct {
	DeviceID           string         `json:"device_id"`
	FirstSeen          time.Time      `json:"first_seen"`
	LastSeen           time.Time      `json:"last_seen"`
	NormalOperations   map[string]int `json:"normal_operations"`
	TypicalHours       []int          `json:"typical_hours"`
	AverageFrequency   float64        `json:"average_frequency"`
	SuspiciousActivity bool           `json:"suspicious_activity"`
	TrustScore         int            `json:"trust_score"` // 0-100
}

DeviceProfile tracks normal behavior patterns for devices

type EncryptionError 

type EncryptionError struct {
	Operation string
	Err       error
}

EncryptionError represents encryption-related errors

func (*EncryptionError) Error 

func (e *EncryptionError) Error() string

func (*EncryptionError) Unwrap 

func (e *EncryptionError) Unwrap() error

type FileMetadata 

type FileMetadata struct {
	Path        string    `json:"path"`
	Checksum    string    `json:"checksum"`
	Size        int64     `json:"size"`
	ModTime     time.Time `json:"mod_time"`
	Protected   bool      `json:"protected"`
	CreatedAt   time.Time `json:"created_at"`
	LastChecked time.Time `json:"last_checked"`
}

FileMetadata stores file integrity information

type FileSecureStorage 

type FileSecureStorage struct {
	// contains filtered or unexported fields
}

FileSecureStorage is a fallback implementation using encrypted files

func NewFileSecureStorage 

func NewFileSecureStorage() (*FileSecureStorage, error)

NewFileSecureStorage creates a new file-based secure storage provider

func (*FileSecureStorage) Delete 

func (f *FileSecureStorage) Delete(key string) error

Delete implements KeychainProvider.Delete for file-based storage

func (*FileSecureStorage) Exists 

func (f *FileSecureStorage) Exists(key string) bool

Exists implements KeychainProvider.Exists for file-based storage

func (*FileSecureStorage) Retrieve 

func (f *FileSecureStorage) Retrieve(key string) ([]byte, error)

Retrieve implements KeychainProvider.Retrieve for file-based storage

func (*FileSecureStorage) Store 

func (f *FileSecureStorage) Store(key string, data []byte) error

Store implements KeychainProvider.Store for file-based storage

type KeychainDiagnostics 

type KeychainDiagnostics struct {
	Platform        string        `json:"platform"`
	Info            *KeychainInfo `json:"info,omitempty"`
	Issues          []string      `json:"issues"`
	Warnings        []string      `json:"warnings"`
	Recommendations []string      `json:"recommendations"`
}

KeychainDiagnostics provides diagnostic information about keychain status

func DiagnoseKeychainIssues 

func DiagnoseKeychainIssues() *KeychainDiagnostics

DiagnoseKeychainIssues provides diagnostic information for keychain problems

type KeychainInfo 

type KeychainInfo struct {
	Provider       string                 `json:"provider"`
	Platform       string                 `json:"platform"`
	Native         bool                   `json:"native"`
	Available      bool                   `json:"available"`
	SecurityLevel  string                 `json:"security_level"`
	Details        map[string]interface{} `json:"details"`
	FallbackReason string                 `json:"fallback_reason,omitempty"`
}

KeychainInfo provides information about the keychain provider in use

func GetKeychainInfo 

func GetKeychainInfo() (*KeychainInfo, error)

GetKeychainInfo returns detailed information about the current keychain provider

type KeychainProvider 

type KeychainProvider interface {
	// Store saves data in the secure storage
	Store(key string, data []byte) error

	// Retrieve gets data from the secure storage
	Retrieve(key string) ([]byte, error)

	// Exists checks if a key exists in the secure storage
	Exists(key string) bool

	// Delete removes data from the secure storage
	Delete(key string) error
}

KeychainProvider defines the interface for secure storage systems

func NewKeychainProvider 

func NewKeychainProvider() (KeychainProvider, error)

NewKeychainProvider returns the global keychain provider instance Initializes on first call, then returns cached instance

func NewLinuxSecretService 

func NewLinuxSecretService() (KeychainProvider, error)

NewLinuxSecretService creates a new Linux Secret Service provider (deprecated - use NewKeychainProvider)

func NewMacOSKeychain 

func NewMacOSKeychain() (KeychainProvider, error)

NewMacOSKeychain creates a new macOS keychain provider (deprecated - use NewKeychainProvider)

func NewWindowsCredentialManager 

func NewWindowsCredentialManager() (KeychainProvider, error)

NewWindowsCredentialManager creates a new Windows credential manager provider (deprecated - use NewKeychainProvider)

type LinuxSecretService 

type LinuxSecretService struct {
}

LinuxSecretService implements KeychainProvider for Linux

type LinuxSecretServiceNative 

type LinuxSecretServiceNative struct {
	// contains filtered or unexported fields
}

LinuxSecretServiceNative implements native Linux Secret Service storage

func NewLinuxSecretServiceNative 

func NewLinuxSecretServiceNative() (*LinuxSecretServiceNative, error)

NewLinuxSecretServiceNative creates a new native Linux Secret Service provider

func (*LinuxSecretServiceNative) Close 

func (l *LinuxSecretServiceNative) Close() error

Close closes the D-Bus connection

func (*LinuxSecretServiceNative) Delete 

func (l *LinuxSecretServiceNative) Delete(key string) error

Delete implements KeychainProvider.Delete for Linux using Secret Service

func (*LinuxSecretServiceNative) Exists 

func (l *LinuxSecretServiceNative) Exists(key string) bool

Exists implements KeychainProvider.Exists for Linux using Secret Service

func (*LinuxSecretServiceNative) GetKeychainInfo 

func (l *LinuxSecretServiceNative) GetKeychainInfo() map[string]interface{}

GetKeychainInfo returns information about the Linux Secret Service integration

func (*LinuxSecretServiceNative) Retrieve 

func (l *LinuxSecretServiceNative) Retrieve(key string) ([]byte, error)

Retrieve implements KeychainProvider.Retrieve for Linux using Secret Service

func (*LinuxSecretServiceNative) Store 

func (l *LinuxSecretServiceNative) Store(key string, data []byte) error

Store implements KeychainProvider.Store for Linux using Secret Service

type MacOSKeychain 

type MacOSKeychain struct {
}

MacOSKeychain implements KeychainProvider for macOS

type MacOSKeychainNative 

type MacOSKeychainNative struct{}

MacOSKeychainNative stub for non-macOS platforms

func NewMacOSKeychainNative 

func NewMacOSKeychainNative() (*MacOSKeychainNative, error)

NewMacOSKeychainNative is not available on non-macOS platforms

func (*MacOSKeychainNative) Close 

func (k *MacOSKeychainNative) Close() error

Close is a stub method

func (*MacOSKeychainNative) Delete 

func (k *MacOSKeychainNative) Delete(key string) error

Delete implements KeychainProvider.Delete (stub)

func (*MacOSKeychainNative) Exists 

func (k *MacOSKeychainNative) Exists(key string) bool

Exists implements KeychainProvider.Exists (stub)

func (*MacOSKeychainNative) Retrieve 

func (k *MacOSKeychainNative) Retrieve(key string) ([]byte, error)

Retrieve implements KeychainProvider.Retrieve (stub)

func (*MacOSKeychainNative) Store 

func (k *MacOSKeychainNative) Store(key string, data []byte) error

Store implements KeychainProvider.Store (stub)

type RegistrationPayload 

type RegistrationPayload struct {
	InvitationToken   string                 `json:"invitation_token"`
	DeviceID          string                 `json:"device_id"`
	Timestamp         time.Time              `json:"timestamp"`
	DeviceFingerprint map[string]interface{} `json:"device_fingerprint"`
}

type RegistryClient 

type RegistryClient struct {
	// contains filtered or unexported fields
}

RegistryClient handles communication with the invitation registry

func NewRegistryClient 

func NewRegistryClient(config S3RegistryConfig) (*RegistryClient, error)

NewRegistryClient creates a new registry client

func (*RegistryClient) GetInvitationDevices 

func (c *RegistryClient) GetInvitationDevices(invitationToken string) ([]map[string]interface{}, error)

GetInvitationDevices gets the list of devices registered for an invitation

func (*RegistryClient) RegisterDevice 

func (c *RegistryClient) RegisterDevice(invitationToken, deviceID string) error

RegisterDevice registers a device with the registry

func (*RegistryClient) RevokeDevice 

func (c *RegistryClient) RevokeDevice(invitationToken, deviceID string) error

RevokeDevice revokes a device from the registry

func (*RegistryClient) RevokeInvitation 

func (c *RegistryClient) RevokeInvitation(invitationToken string) error

RevokeInvitation revokes an entire invitation

func (*RegistryClient) ValidateDevice 

func (c *RegistryClient) ValidateDevice(invitationToken, deviceID string) (bool, error)

ValidateDevice checks if a device is registered

type RequestSigner 

type RequestSigner struct {
	// contains filtered or unexported fields
}

RequestSigner handles HMAC-SHA256 request signing

func NewRequestSigner 

func NewRequestSigner() (*RequestSigner, error)

NewRequestSigner creates a new request signer with a secure key

func (*RequestSigner) SignPayload 

func (s *RequestSigner) SignPayload(payload interface{}) (*SignedPayload, error)

SignPayload creates an HMAC-SHA256 signature for a payload

type ResponseValidator 

type ResponseValidator struct {
	// contains filtered or unexported fields
}

ResponseValidator validates response signatures and integrity

func NewResponseValidator 

func NewResponseValidator(secretKey []byte) (*ResponseValidator, error)

NewResponseValidator creates a new response validator

func (*ResponseValidator) ValidateResponse 

func (v *ResponseValidator) ValidateResponse(resp *http.Response) error

ValidateResponse validates the integrity and authenticity of a response

type RiskLevel 

type RiskLevel int

RiskLevel represents the security risk level 

const (
	RiskLevelLow RiskLevel = iota
	RiskLevelMedium
	RiskLevelHigh
	RiskLevelCritical
)

func (RiskLevel) String 

func (r RiskLevel) String() string

type S3RegistryConfig 

type S3RegistryConfig struct {
	BucketName string
	Region     string
	LocalCache string
	Enabled    bool
}

S3RegistryConfig contains configuration for the S3 registry

type Secret 

type Secret struct {
	Session     dbus.ObjectPath
	Parameters  []byte
	Value       []byte
	ContentType string
}

Secret represents a secret value in the Secret Service

type SecureRegistryClient 

type SecureRegistryClient struct {
	// contains filtered or unexported fields
}

SecureRegistryClient provides secure communication with the invitation registry

func NewSecureRegistryClient 

func NewSecureRegistryClient(config S3RegistryConfig) (*SecureRegistryClient, error)

NewSecureRegistryClient creates a new secure registry client with enhanced security

func (*SecureRegistryClient) RegisterDevice 

func (c *SecureRegistryClient) RegisterDevice(invitationToken, deviceID string) error

RegisterDevice securely registers a device with the registry

type SecurityAlert 

type SecurityAlert struct {
	ID          string                 `json:"id"`
	Timestamp   time.Time              `json:"timestamp"`
	Severity    AlertSeverity          `json:"severity"`
	AlertType   string                 `json:"alert_type"`
	Title       string                 `json:"title"`
	Description string                 `json:"description"`
	DeviceID    string                 `json:"device_id,omitempty"`
	EventCount  int                    `json:"event_count"`
	Details     map[string]interface{} `json:"details"`
	Actions     []string               `json:"recommended_actions"`
}

SecurityAlert represents a security alert

type SecurityAuditLogger 

type SecurityAuditLogger struct {
	// contains filtered or unexported fields
}

SecurityAuditLogger provides comprehensive audit logging for security events

func NewSecurityAuditLogger 

func NewSecurityAuditLogger() (*SecurityAuditLogger, error)

NewSecurityAuditLogger creates a new security audit logger

func (*SecurityAuditLogger) Close 

func (a *SecurityAuditLogger) Close() error

Close closes the audit logger and flushes any remaining events

func (*SecurityAuditLogger) GetAuditLogPath 

func (a *SecurityAuditLogger) GetAuditLogPath() string

GetAuditLogPath returns the path to the current audit log file

func (*SecurityAuditLogger) LogAccessAttempt 

func (a *SecurityAuditLogger) LogAccessAttempt(deviceID string, success bool, reason string, details map[string]interface{})

LogAccessAttempt logs access attempt events

func (*SecurityAuditLogger) LogDeviceRegistration 

func (a *SecurityAuditLogger) LogDeviceRegistration(deviceID, invitationToken string, success bool, errorCode string, details map[string]interface{})

LogDeviceRegistration logs device registration events

func (*SecurityAuditLogger) LogKeychainOperation 

func (a *SecurityAuditLogger) LogKeychainOperation(operation, key string, success bool, provider string, errorCode string)

LogKeychainOperation logs keychain-related security events

func (*SecurityAuditLogger) LogRegistryOperation 

func (a *SecurityAuditLogger) LogRegistryOperation(operation, endpoint string, success bool, statusCode int, errorCode string)

LogRegistryOperation logs registry communication events

func (*SecurityAuditLogger) LogSecurityEvent 

func (a *SecurityAuditLogger) LogSecurityEvent(event SecurityEvent)

LogSecurityEvent logs a security event with comprehensive context

func (*SecurityAuditLogger) LogTamperAttempt 

func (a *SecurityAuditLogger) LogTamperAttempt(deviceID, filePath, expectedHash, actualHash string)

LogTamperAttempt logs tamper detection events

func (*SecurityAuditLogger) RotateLog 

func (a *SecurityAuditLogger) RotateLog() error

RotateLog rotates the audit log to a new file

type SecurityCorrelation 

type SecurityCorrelation struct {
	ID              string                 `json:"id"`
	Timestamp       time.Time              `json:"timestamp"`
	CorrelationType string                 `json:"correlation_type"`
	Events          []SecurityEvent        `json:"events"`
	Pattern         string                 `json:"pattern"`
	RiskScore       int                    `json:"risk_score"`
	Confidence      float64                `json:"confidence"`
	Description     string                 `json:"description"`
	Recommendations []string               `json:"recommendations"`
	Metadata        map[string]interface{} `json:"metadata"`
}

SecurityCorrelation represents a correlation between multiple security events

type SecurityCorrelationEngine 

type SecurityCorrelationEngine struct {
	// contains filtered or unexported fields
}

SecurityCorrelationEngine provides advanced security event analysis and correlation

func NewSecurityCorrelationEngine 

func NewSecurityCorrelationEngine() (*SecurityCorrelationEngine, error)

NewSecurityCorrelationEngine creates a new correlation engine

func (*SecurityCorrelationEngine) AnalyzeSecurityEvents 

func (e *SecurityCorrelationEngine) AnalyzeSecurityEvents() ([]SecurityCorrelation, error)

AnalyzeSecurityEvents performs comprehensive analysis and correlation of security events

func (*SecurityCorrelationEngine) Close 

func (e *SecurityCorrelationEngine) Close() error

Close closes the correlation engine and associated resources

type SecurityDashboard 

type SecurityDashboard struct {
	Status          string             `json:"status"`
	ThreatLevel     string             `json:"threat_level"`
	SecurityScore   int                `json:"security_score"`
	ActiveAlerts    []SecurityAlert    `json:"active_alerts"`
	Metrics         *SecurityMetrics   `json:"metrics"`
	Recommendations []string           `json:"recommendations"`
	LastUpdate      time.Time          `json:"last_update"`
	SystemHealth    SystemHealthStatus `json:"system_health"`
}

SecurityDashboard provides consolidated security status

type SecurityEvent 

type SecurityEvent struct {
	Timestamp time.Time              `json:"timestamp"`
	EventType string                 `json:"event_type"`
	DeviceID  string                 `json:"device_id,omitempty"`
	Success   bool                   `json:"success"`
	ErrorCode string                 `json:"error_code,omitempty"`
	Details   map[string]interface{} `json:"details,omitempty"`
	Severity  string                 `json:"severity"`
	Source    string                 `json:"source"`
	UserAgent string                 `json:"user_agent,omitempty"`
	RemoteIP  string                 `json:"remote_ip,omitempty"`
}

SecurityEvent represents a security-related event to be logged

type SecurityMetrics 

type SecurityMetrics struct {
	TotalEvents           int             `json:"total_events"`
	FailedAttempts        int             `json:"failed_attempts"`
	SuccessfulOperations  int             `json:"successful_operations"`
	TamperAttempts        int             `json:"tamper_attempts"`
	DeviceRegistrations   int             `json:"device_registrations"`
	AlertsGenerated       int             `json:"alerts_generated"`
	EventTypeBreakdown    map[string]int  `json:"event_type_breakdown"`
	DeviceActivity        map[string]int  `json:"device_activity"`
	HourlyActivity        map[int]int     `json:"hourly_activity"`
	LastUpdated           time.Time       `json:"last_updated"`
	SecurityScore         int             `json:"security_score"`
	ThreatLevel           string          `json:"threat_level"`
	RecentCriticalEvents  []SecurityEvent `json:"recent_critical_events"`
	KeychainProviderStats map[string]int  `json:"keychain_provider_stats"`
}

SecurityMetrics tracks security-related metrics

type SecurityMonitor 

type SecurityMonitor struct {
	// contains filtered or unexported fields
}

SecurityMonitor provides real-time security monitoring and alerting

func NewSecurityMonitor 

func NewSecurityMonitor() (*SecurityMonitor, error)

NewSecurityMonitor creates a new security monitor

func (*SecurityMonitor) GetSecurityDashboard 

func (m *SecurityMonitor) GetSecurityDashboard() (*SecurityDashboard, error)

GetSecurityDashboard returns comprehensive security status

func (*SecurityMonitor) MonitorSecurityEvents 

func (m *SecurityMonitor) MonitorSecurityEvents() error

MonitorSecurityEvents processes security events and generates alerts

type SignedPayload 

type SignedPayload struct {
	Payload   json.RawMessage `json:"payload"`
	Timestamp int64           `json:"timestamp"`
	Signature string          `json:"signature"`
}

type SystemHealthStatus 

type SystemHealthStatus struct {
	KeychainStatus   string    `json:"keychain_status"`
	EncryptionStatus string    `json:"encryption_status"`
	FileIntegrity    string    `json:"file_integrity"`
	DeviceBinding    string    `json:"device_binding"`
	AuditLogging     string    `json:"audit_logging"`
	LastHealthCheck  time.Time `json:"last_health_check"`
}

SystemHealthStatus provides system security health information

type TamperDetectionError 

type TamperDetectionError struct {
	FilePath         string
	Operation        string
	ExpectedChecksum string
	ActualChecksum   string
	Err              error
}

TamperDetectionError represents tamper detection related errors

func (*TamperDetectionError) Error 

func (e *TamperDetectionError) Error() string

func (*TamperDetectionError) Unwrap 

func (e *TamperDetectionError) Unwrap() error

type TamperProtection 

type TamperProtection struct {
	// contains filtered or unexported fields
}

TamperProtection provides file integrity monitoring and tamper detection

func InitializeSecuritySystem 

func InitializeSecuritySystem() (*TamperProtection, error)

InitializeSecuritySystem sets up tamper protection for all security files

func NewTamperProtection 

func NewTamperProtection() *TamperProtection

NewTamperProtection creates a new tamper protection instance

func ProtectSecurityFiles 

func ProtectSecurityFiles() (*TamperProtection, error)

ProtectSecurityFiles applies tamper protection to critical security files

func (*TamperProtection) GetProtectedFiles 

func (t *TamperProtection) GetProtectedFiles() []*FileMetadata

GetProtectedFiles returns a list of all files under protection

func (*TamperProtection) ProtectFile 

func (t *TamperProtection) ProtectFile(filePath string) error

ProtectFile adds a file to tamper detection monitoring

func (*TamperProtection) RemoveProtection 

func (t *TamperProtection) RemoveProtection(filePath string) error

RemoveProtection removes a file from tamper detection monitoring

func (*TamperProtection) UpdateProtection 

func (t *TamperProtection) UpdateProtection(filePath string) error

UpdateProtection recalculates protection metadata for a file

func (*TamperProtection) ValidateAllFiles 

func (t *TamperProtection) ValidateAllFiles() []error

ValidateAllFiles checks integrity of all protected files

func (*TamperProtection) ValidateIntegrity 

func (t *TamperProtection) ValidateIntegrity(filePath string) error

ValidateIntegrity checks if a protected file has been tampered with

type ThreatIntelligence 

type ThreatIntelligence struct {
	KnownAttackVectors    []string            `json:"known_attack_vectors"`
	CompromisedIndicators []string            `json:"compromised_indicators"`
	ThreatActorTTPs       map[string][]string `json:"threat_actor_ttps"`
	IOCs                  []string            `json:"iocs"` // Indicators of Compromise
}

ThreatIntelligence provides context for security correlations

type ViolationType 

type ViolationType string

ViolationType categorizes the type of binding violation 

const (
	ViolationTypeHostname    ViolationType = "hostname_mismatch"
	ViolationTypeUser        ViolationType = "user_mismatch"
	ViolationTypeMAC         ViolationType = "mac_address_mismatch"
	ViolationTypeSystemID    ViolationType = "system_id_mismatch"
	ViolationTypeProfileCopy ViolationType = "profile_copy_detected"
	ViolationTypeUnknown     ViolationType = "unknown"
)

func (ViolationType) String 

func (v ViolationType) String() string

type WindowsCredentialManager 

type WindowsCredentialManager struct {
}

WindowsCredentialManager implements KeychainProvider for Windows

type WindowsCredentialManagerNative 

type WindowsCredentialManagerNative struct{}

WindowsCredentialManagerNative stub for non-Windows platforms

func NewWindowsCredentialManagerNative 

func NewWindowsCredentialManagerNative() (*WindowsCredentialManagerNative, error)

NewWindowsCredentialManagerNative is not available on non-Windows platforms

func (*WindowsCredentialManagerNative) Close 

func (w *WindowsCredentialManagerNative) Close() error

Close is a stub method

func (*WindowsCredentialManagerNative) Delete 

func (w *WindowsCredentialManagerNative) Delete(key string) error

Delete implements KeychainProvider.Delete (stub)

func (*WindowsCredentialManagerNative) Exists 

func (w *WindowsCredentialManagerNative) Exists(key string) bool

Exists implements KeychainProvider.Exists (stub)

func (*WindowsCredentialManagerNative) GetKeychainInfo 

func (w *WindowsCredentialManagerNative) GetKeychainInfo() map[string]interface{}

GetKeychainInfo returns information about the Windows Credential Manager integration (stub)

func (*WindowsCredentialManagerNative) Retrieve 

func (w *WindowsCredentialManagerNative) Retrieve(key string) ([]byte, error)

Retrieve implements KeychainProvider.Retrieve (stub)

func (*WindowsCredentialManagerNative) Store 

func (w *WindowsCredentialManagerNative) Store(key string, data []byte) error

Store implements KeychainProvider.Store (stub)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.