Compare commits
4 Commits
v.0.5
...
65afab1eec
| Author | SHA1 | Date | |
|---|---|---|---|
| 65afab1eec | |||
| 9218ae6daa | |||
| dcecaf6c62 | |||
| 8d87cc12c4 |
325
libbsm.go
325
libbsm.go
@ -117,7 +117,8 @@ const (
|
|||||||
PRT_ONELINE = 1
|
PRT_ONELINE = 1
|
||||||
PRT_NORESOLVE_USER = 2
|
PRT_NORESOLVE_USER = 2
|
||||||
PRT_TIMESTAMP = 4
|
PRT_TIMESTAMP = 4
|
||||||
|
PRT_JSON = 8
|
||||||
|
PRT_JSON_PRETTY = 16
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -149,60 +150,60 @@ type Record interface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type Header32 struct {
|
type Header32 struct {
|
||||||
Size uint32 // Record byte count
|
Size uint32 `json:"size"` // Record byte count
|
||||||
Version uint8 // version # (uchar)
|
Version uint8 `json:"version"` // version # (uchar)
|
||||||
E_type uint16 // Event type
|
E_type uint16 `json:"event_type"` // Event type
|
||||||
E_mod uint16 // Event modifier
|
E_mod uint16 `json:"event_modifier"` // Event modifier
|
||||||
S uint32 // Seconds of time
|
S uint32 `json:"timestamp"` // Seconds of time
|
||||||
Msec uint32 // Milliseconds of time
|
Msec uint32 `json:"msec"` // Milliseconds of time
|
||||||
}
|
}
|
||||||
|
|
||||||
type Header32Ex struct {
|
type Header32Ex struct {
|
||||||
Size uint32 // Record byte count
|
Size uint32 `json:"size"` // Record byte count
|
||||||
Version uint8 // version # (uchar)
|
Version uint8 `json:"version"` // version # (uchar)
|
||||||
E_type uint16 // Event type
|
E_type uint16 `json:"event_type"` // Event type
|
||||||
E_mod uint16 // Event modifier
|
E_mod uint16 `json:"event_modifier"` // Event modifier
|
||||||
Ad_type uint32 // Address type/Length
|
Ad_type uint32 `json:"address_type"` // Address type/Length
|
||||||
Addr [4]uint32 // Ipv4 or IPv6
|
Addr [4]uint32 `json:"address"` // Ipv4 or IPv6
|
||||||
S uint32 // Seconds of time
|
S uint32 `json:"timestamp"` // Seconds of time
|
||||||
Msec uint32 // Milliseconds of time
|
Msec uint32 `json:"msec"` // Milliseconds of time
|
||||||
}
|
}
|
||||||
|
|
||||||
type Trailer struct {
|
type Trailer struct {
|
||||||
Magic uint16
|
Magic uint16 `json:"magic"`
|
||||||
Count uint32
|
Count uint32 `json:"size"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Arg32 struct {
|
type Arg32 struct {
|
||||||
No byte // Argument #
|
No byte `json:"count"` // Argument #
|
||||||
Val uint32 // Argument value
|
Val uint32 `json:"value"` // Argument value
|
||||||
Length uint16 // Text length
|
Length uint16 `json:"lentgh"` // Text length
|
||||||
Text []byte // Text
|
Text []byte `json:"text"` // Text
|
||||||
}
|
}
|
||||||
|
|
||||||
type Arg64 struct {
|
type Arg64 struct {
|
||||||
No byte // Argument #
|
No byte `json:"count"` // Argument #
|
||||||
Val uint64 // Argument value
|
Val uint64 `json:"value"` // Argument value
|
||||||
Length uint16 // Text length
|
Length uint16 `json:"lentgh"` // Text length
|
||||||
Text []byte // Text
|
Text []byte `json:"text"` // Text
|
||||||
}
|
}
|
||||||
|
|
||||||
type Attribute32 struct {
|
type Attribute32 struct {
|
||||||
Mode uint32 // file access mode
|
Mode uint32 `json:"mode"` // file access mode
|
||||||
Uid uint32 // Owner user ID
|
Uid uint32 `json:"user_id"` // Owner user ID
|
||||||
Gid uint32 // Owner group ID
|
Gid uint32 `json:"group_id"` // Owner group ID
|
||||||
Fsid uint32 // File system ID
|
Fsid uint32 `json:"filesystem_id"` // File system ID
|
||||||
Nid uint64 // Node ID
|
Nid uint64 `json:"node_id"` // Node ID
|
||||||
Dev uint32 // Device
|
Dev uint32 `json:"device"` // Device
|
||||||
}
|
}
|
||||||
|
|
||||||
type Attribute64 struct {
|
type Attribute64 struct {
|
||||||
Mode uint32 // file access mode
|
Mode uint32 `json:"mode"` // file access mode
|
||||||
Uid uint32 // Owner user ID
|
Uid uint32 `json:"user_id"` // Owner user ID
|
||||||
Gid uint32 // Owner group ID
|
Gid uint32 `json:"group_id"` // Owner group ID
|
||||||
Fsid uint32 // File system ID
|
Fsid uint32 `json:"filesystem_id"` // File system ID
|
||||||
Nid uint64 // Node ID
|
Nid uint64 `json:"node_id"` // Node ID
|
||||||
Dev uint64 // Device
|
Dev uint64 `json:"device"` // Device
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -210,114 +211,114 @@ type Attribute64 struct {
|
|||||||
* text count null-terminated string(s)
|
* text count null-terminated string(s)
|
||||||
*/
|
*/
|
||||||
type ExecArg struct {
|
type ExecArg struct {
|
||||||
Count uint32
|
Count uint32 `json:"count"`
|
||||||
//Text [AUDIT_MAX_ARGS][]byte
|
//Text [AUDIT_MAX_ARGS][]byte
|
||||||
Text [][]byte
|
Text [][]byte `json:"text"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Path struct {
|
type Path struct {
|
||||||
Length uint16 // path length
|
Length uint16 `json:"length"` // path length
|
||||||
Path []byte
|
Path []byte `json:"path"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Return32 struct {
|
type Return32 struct {
|
||||||
Status byte // Error status
|
Status byte `json:"status"` // Error status
|
||||||
Ret uint32 // Return code
|
Ret uint32 `json:"code"` // Return code
|
||||||
}
|
}
|
||||||
|
|
||||||
type Return64 struct {
|
type Return64 struct {
|
||||||
Status byte // Error status
|
Status byte `json:"status"` // Error status
|
||||||
Ret uint64 // Return code
|
Ret uint64 `json:"code"` // Return code
|
||||||
}
|
}
|
||||||
|
|
||||||
type Subject32 struct {
|
type Subject32 struct {
|
||||||
Auid uint32 // Audit ID
|
Auid uint32 `json:"audit_id"` // Audit ID
|
||||||
Euid uint32 // Effective user ID
|
Euid uint32 `json:"effective_user_id"` // Effective user ID
|
||||||
Egid uint32 // Effective Group ID
|
Egid uint32 `json:"effective_group_id"` // Effective Group ID
|
||||||
Ruid uint32 // Real User ID
|
Ruid uint32 `json:"real_user_id"` // Real User ID
|
||||||
Rgid uint32 // Real Group ID
|
Rgid uint32 `json:"real_group_id"` // Real Group ID
|
||||||
Pid uint32 // Process ID
|
Pid uint32 `json:"process_id"` // Process ID
|
||||||
Sid uint32 // Session ID
|
Sid uint32 `json:"session_id"` // Session ID
|
||||||
Tid Tid32
|
Tid Tid32 `json:"terminal_id"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Process32 Subject32
|
type Process32 Subject32
|
||||||
|
|
||||||
type Subject32Ex struct {
|
type Subject32Ex struct {
|
||||||
Auid uint32 // Audit ID
|
Auid uint32 `json:"audit_id"` // Audit ID
|
||||||
Euid uint32 // Effective user ID
|
Euid uint32 `json:"effective_user_id"` // Effective user ID
|
||||||
Egid uint32 // Effective Group ID
|
Egid uint32 `json:"effective_group_id"` // Effective Group ID
|
||||||
Ruid uint32 // Real User ID
|
Ruid uint32 `json:"real_user_id"` // Real User ID
|
||||||
Rgid uint32 // Real Group ID
|
Rgid uint32 `json:"real_group_id"` // Real Group ID
|
||||||
Pid uint32 // Process ID
|
Pid uint32 `json:"process_id"` // Process ID
|
||||||
Sid uint32 // Session ID
|
Sid uint32 `json:"session_id"` // Session ID
|
||||||
Tid Tid32Ex
|
Tid Tid32Ex `json:"terminal_id_ex"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Process32Ex Subject32Ex
|
type Process32Ex Subject32Ex
|
||||||
|
|
||||||
type Tid32 struct {
|
type Tid32 struct {
|
||||||
Port uint32
|
Port uint32 `json:"port"`
|
||||||
IpVers uint32 // 0x10 = IPv6
|
IpVers uint32 `json:"ip_version"` // 0x10 = IPv6
|
||||||
Addr uint32
|
Addr uint32 `json:"ip"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Tid32Ex struct {
|
type Tid32Ex struct {
|
||||||
Port uint32
|
Port uint32 `json:"port"`
|
||||||
Ttype uint32
|
Ttype uint32 `json:"terminal_type"`
|
||||||
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
|
IpVers uint32 `json:"ip_version"` // 0x10 = IPv6, 0x04 = IPv4
|
||||||
Addr4 uint32 // 4 bytes long if IpVers == 0x04
|
Addr4 uint32 `json:"ip4"` // 4 bytes long if IpVers == 0x04
|
||||||
Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10
|
Addr6 [4]uint32 `json:"ip6"` // 4x4 bytes long if IpVers == 0x10
|
||||||
}
|
}
|
||||||
|
|
||||||
type Subject64 struct {
|
type Subject64 struct {
|
||||||
Auid uint32 // Audit ID
|
Auid uint32 `json:"audit_id"` // Audit ID
|
||||||
Euid uint32 // Effective user ID
|
Euid uint32 `json:"effective_user_id"` // Effective user ID
|
||||||
Egid uint32 // Effective Group ID
|
Egid uint32 `json:"effective_group_id"` // Effective Group ID
|
||||||
Ruid uint32 // Real User ID
|
Ruid uint32 `json:"real_user_id"` // Real User ID
|
||||||
Rgid uint32 // Real Group ID
|
Rgid uint32 `json:"real_group_id"` // Real Group ID
|
||||||
Pid uint32 // Process ID
|
Pid uint32 `json:"process_id"` // Process ID
|
||||||
Sid uint32 // Session ID
|
Sid uint32 `json:"session_id"` // Session ID
|
||||||
Tid Tid64
|
Tid Tid64 `json:"terminal_id"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Process64 Subject64
|
type Process64 Subject64
|
||||||
|
|
||||||
type Subject64Ex struct {
|
type Subject64Ex struct {
|
||||||
Auid uint32 // Audit ID
|
Auid uint32 `json:"audit_id"` // Audit ID
|
||||||
Euid uint32 // Effective user ID
|
Euid uint32 `json:"effective_user_id"` // Effective user ID
|
||||||
Egid uint32 // Effective Group ID
|
Egid uint32 `json:"effective_group_id"` // Effective Group ID
|
||||||
Ruid uint32 // Real User ID
|
Ruid uint32 `json:"real_user_id"` // Real User ID
|
||||||
Rgid uint32 // Real Group ID
|
Rgid uint32 `json:"real_group_id"` // Real Group ID
|
||||||
Pid uint32 // Process ID
|
Pid uint32 `json:"process_id"` // Process ID
|
||||||
Sid uint32 // Session ID
|
Sid uint32 `json:"session_id"` // Session ID
|
||||||
Tid Tid64Ex
|
Tid Tid64Ex `json:"terminal_id_ex"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Process64Ex Subject64Ex
|
type Process64Ex Subject64Ex
|
||||||
|
|
||||||
type Tid64 struct {
|
type Tid64 struct {
|
||||||
Port uint64
|
Port uint64 `json:"port"`
|
||||||
IpVers uint32
|
IpVers uint32 `json:"ip_version"`
|
||||||
Addr uint32
|
Addr uint32 `json:"ip"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Tid64Ex struct {
|
type Tid64Ex struct {
|
||||||
Port uint64
|
Port uint64 `json:"port"`
|
||||||
Ttype uint32
|
Ttype uint32 `json:"terminal_type"`
|
||||||
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
|
IpVers uint32 `json:"ip_version"` // 0x10 = IPv6, 0x04 = IPv4
|
||||||
Addr4 uint32
|
Addr4 uint32 `json:"ip4"`
|
||||||
Addr6 [4]uint32
|
Addr6 [4]uint32 `json:"ip6"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Exit struct {
|
type Exit struct {
|
||||||
Status uint32
|
Status uint32 `json:"status"`
|
||||||
Ret uint32
|
Ret uint32 `json:"code"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Text struct {
|
type Text struct {
|
||||||
Length uint16
|
Length uint16 `json:"length"`
|
||||||
Text []byte
|
Text []byte `json:"text"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -534,6 +535,44 @@ func (h *Header32) Print(file *os.File, delimiter string, flags int) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (h *Header32) PrintJson(file *os.File, flags int) {
|
||||||
|
var timeval string
|
||||||
|
if PRT_TIMESTAMP == flags & PRT_TIMESTAMP {
|
||||||
|
timeval = strconv.Itoa(int(h.S))
|
||||||
|
} else {
|
||||||
|
t := time.Unix((int64)(h.S), 0)
|
||||||
|
timeval = t.Format(time.UnixDate)
|
||||||
|
}
|
||||||
|
// We dont care for error
|
||||||
|
evdesc, _ := getEventName(h.E_type)
|
||||||
|
/*fmt.Fprintf(file, "header%s%d%s%d%s%s%s%v%s%s%s%d", delimiter, h.Size, delimiter, h.Version, delimiter,
|
||||||
|
//h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec)
|
||||||
|
evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec)*/
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
type Header32 struct {
|
||||||
|
Size uint32 `json:"size"` // Record byte count
|
||||||
|
Version uint8 `json:"version"` // version # (uchar)
|
||||||
|
E_type uint16 `json:"event_type"` // Event type
|
||||||
|
E_mod uint16 `json:"event_modifier"` // Event modifier
|
||||||
|
S uint32 `json:"timestamp"` // Seconds of time
|
||||||
|
Msec uint32 `json:"msec"` // Milliseconds of time
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
|
// 1. convert to json
|
||||||
|
json := fmt.Sprintf("\"size\":%d,\"version\":%d,\"event_type\":\"%s\",event_modifier\":\"%s\",\"timestamp\":%d,\"msec\":%d,",
|
||||||
|
h.Size, h.Version, evdesc, h.E_mod, h.S, h.Msec)
|
||||||
|
// 2. Prettify if flag is set
|
||||||
|
|
||||||
|
if flags == (flags & PRT_JSON_PRETTY) {
|
||||||
|
fmt.Fprintf(file, "NOT IMPLEMENTED\n")
|
||||||
|
} else {
|
||||||
|
fmt.Fprintf(file, "%s", json)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func NewExecArg(e ExecArg) *ExecArg {
|
func NewExecArg(e ExecArg) *ExecArg {
|
||||||
return &ExecArg{
|
return &ExecArg{
|
||||||
Count: e.Count,
|
Count: e.Count,
|
||||||
@ -650,16 +689,16 @@ func (a *Attribute32) LoadFromBinary(rdr *bufio.Reader) error {
|
|||||||
func (a *Attribute32) Print(file *os.File, delimiter string, flags int) {
|
func (a *Attribute32) Print(file *os.File, delimiter string, flags int) {
|
||||||
var user string
|
var user string
|
||||||
var group string
|
var group string
|
||||||
// TODO : resolve Uid and Gid (also support domain accounts)
|
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
user = string(a.Uid)
|
user = strconv.Itoa(int(a.Uid))
|
||||||
group = string(a.Gid)
|
group = strconv.Itoa(int(a.Gid))
|
||||||
} else {
|
} else {
|
||||||
user, _ = getUserName(a.Uid)
|
user, _ = getUserName(a.Uid)
|
||||||
group, _ = getGroupName(a.Gid)
|
group, _ = getGroupName(a.Gid)
|
||||||
}
|
}
|
||||||
|
|
||||||
fmt.Fprintf(file, "attribute%s%o%s%v%s%v%s%v%s%v%s%v", delimiter, a.Mode, delimiter, user, delimiter,
|
fmt.Fprintf(file, "attribute%s%o%s%s%s%s%s%v%s%v%s%v", delimiter, a.Mode, delimiter, user, delimiter,
|
||||||
group, delimiter, a.Fsid, delimiter, a.Nid, delimiter, a.Dev)
|
group, delimiter, a.Fsid, delimiter, a.Nid, delimiter, a.Dev)
|
||||||
|
|
||||||
if 0 == (flags & PRT_ONELINE) {
|
if 0 == (flags & PRT_ONELINE) {
|
||||||
@ -711,8 +750,8 @@ func (a *Attribute64) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var group string
|
var group string
|
||||||
// TODO : resolve Uid and Gid (also support domain accounts)
|
// TODO : resolve Uid and Gid (also support domain accounts)
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
user = string(a.Uid)
|
user = strconv.Itoa(int(a.Uid))
|
||||||
group = string(a.Gid)
|
group = strconv.Itoa(int(a.Gid))
|
||||||
} else {
|
} else {
|
||||||
user, _ = getUserName(a.Uid)
|
user, _ = getUserName(a.Uid)
|
||||||
group, _ = getGroupName(a.Gid)
|
group, _ = getGroupName(a.Gid)
|
||||||
@ -775,11 +814,11 @@ func (s *Subject32) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var ruser string
|
var ruser string
|
||||||
var rgroup string
|
var rgroup string
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
auser = string(s.Auid)
|
auser = strconv.Itoa(int(s.Auid))
|
||||||
euser = string(s.Euid)
|
euser = strconv.Itoa(int(s.Euid))
|
||||||
egroup = string(s.Egid)
|
egroup = strconv.Itoa(int(s.Egid))
|
||||||
ruser = string(s.Ruid)
|
ruser = strconv.Itoa(int(s.Ruid))
|
||||||
rgroup = string(s.Rgid)
|
rgroup = strconv.Itoa(int(s.Rgid))
|
||||||
} else {
|
} else {
|
||||||
auser, _ = getUserName(s.Auid)
|
auser, _ = getUserName(s.Auid)
|
||||||
euser, _ = getUserName(s.Euid)
|
euser, _ = getUserName(s.Euid)
|
||||||
@ -846,11 +885,11 @@ func (p *Process32) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var ruser string
|
var ruser string
|
||||||
var rgroup string
|
var rgroup string
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
auser = string(p.Auid)
|
auser = strconv.Itoa(int(p.Auid))
|
||||||
euser = string(p.Euid)
|
euser = strconv.Itoa(int(p.Euid))
|
||||||
egroup = string(p.Egid)
|
egroup = strconv.Itoa(int(p.Egid))
|
||||||
ruser = string(p.Ruid)
|
ruser = strconv.Itoa(int(p.Ruid))
|
||||||
rgroup = string(p.Rgid)
|
rgroup = strconv.Itoa(int(p.Rgid))
|
||||||
} else {
|
} else {
|
||||||
auser, _ = getUserName(p.Auid)
|
auser, _ = getUserName(p.Auid)
|
||||||
euser, _ = getUserName(p.Euid)
|
euser, _ = getUserName(p.Euid)
|
||||||
@ -933,11 +972,11 @@ func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var rgroup string
|
var rgroup string
|
||||||
var ip string
|
var ip string
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
auser = string(s.Auid)
|
auser = strconv.Itoa(int(s.Auid))
|
||||||
euser = string(s.Euid)
|
euser = strconv.Itoa(int(s.Euid))
|
||||||
egroup = string(s.Egid)
|
egroup = strconv.Itoa(int(s.Egid))
|
||||||
ruser = string(s.Ruid)
|
ruser = strconv.Itoa(int(s.Ruid))
|
||||||
rgroup = string(s.Rgid)
|
rgroup = strconv.Itoa(int(s.Rgid))
|
||||||
} else {
|
} else {
|
||||||
auser, _ = getUserName(s.Auid)
|
auser, _ = getUserName(s.Auid)
|
||||||
euser, _ = getUserName(s.Euid)
|
euser, _ = getUserName(s.Euid)
|
||||||
@ -1026,11 +1065,11 @@ func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var rgroup string
|
var rgroup string
|
||||||
var ip string
|
var ip string
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
auser = string(p.Auid)
|
auser = strconv.Itoa(int(p.Auid))
|
||||||
euser = string(p.Euid)
|
euser = strconv.Itoa(int(p.Euid))
|
||||||
egroup = string(p.Egid)
|
egroup = strconv.Itoa(int(p.Egid))
|
||||||
ruser = string(p.Ruid)
|
ruser = strconv.Itoa(int(p.Ruid))
|
||||||
rgroup = string(p.Rgid)
|
rgroup = strconv.Itoa(int(p.Rgid))
|
||||||
} else {
|
} else {
|
||||||
auser, _ = getUserName(p.Auid)
|
auser, _ = getUserName(p.Auid)
|
||||||
euser, _ = getUserName(p.Euid)
|
euser, _ = getUserName(p.Euid)
|
||||||
@ -1105,11 +1144,11 @@ func (s *Subject64) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var ruser string
|
var ruser string
|
||||||
var rgroup string
|
var rgroup string
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
auser = string(s.Auid)
|
auser = strconv.Itoa(int(s.Auid))
|
||||||
euser = string(s.Euid)
|
euser = strconv.Itoa(int(s.Euid))
|
||||||
egroup = string(s.Egid)
|
egroup = strconv.Itoa(int(s.Egid))
|
||||||
ruser = string(s.Ruid)
|
ruser = strconv.Itoa(int(s.Ruid))
|
||||||
rgroup = string(s.Rgid)
|
rgroup = strconv.Itoa(int(s.Rgid))
|
||||||
} else {
|
} else {
|
||||||
auser, _ = getUserName(s.Auid)
|
auser, _ = getUserName(s.Auid)
|
||||||
euser, _ = getUserName(s.Euid)
|
euser, _ = getUserName(s.Euid)
|
||||||
@ -1176,11 +1215,11 @@ func (p *Process64) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var ruser string
|
var ruser string
|
||||||
var rgroup string
|
var rgroup string
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
auser = string(p.Auid)
|
auser = strconv.Itoa(int(p.Auid))
|
||||||
euser = string(p.Euid)
|
euser = strconv.Itoa(int(p.Euid))
|
||||||
egroup = string(p.Egid)
|
egroup = strconv.Itoa(int(p.Egid))
|
||||||
ruser = string(p.Ruid)
|
ruser = strconv.Itoa(int(p.Ruid))
|
||||||
rgroup = string(p.Rgid)
|
rgroup = strconv.Itoa(int(p.Rgid))
|
||||||
} else {
|
} else {
|
||||||
auser, _ = getUserName(p.Auid)
|
auser, _ = getUserName(p.Auid)
|
||||||
euser, _ = getUserName(p.Euid)
|
euser, _ = getUserName(p.Euid)
|
||||||
@ -1262,11 +1301,11 @@ func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var rgroup string
|
var rgroup string
|
||||||
var ip string
|
var ip string
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
auser = string(s.Auid)
|
auser = strconv.Itoa(int(s.Auid))
|
||||||
euser = string(s.Euid)
|
euser = strconv.Itoa(int(s.Euid))
|
||||||
egroup = string(s.Egid)
|
egroup = strconv.Itoa(int(s.Egid))
|
||||||
ruser = string(s.Ruid)
|
ruser = strconv.Itoa(int(s.Ruid))
|
||||||
rgroup = string(s.Rgid)
|
rgroup = strconv.Itoa(int(s.Rgid))
|
||||||
} else {
|
} else {
|
||||||
auser, _ = getUserName(s.Auid)
|
auser, _ = getUserName(s.Auid)
|
||||||
euser, _ = getUserName(s.Euid)
|
euser, _ = getUserName(s.Euid)
|
||||||
@ -1355,11 +1394,11 @@ func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) {
|
|||||||
var rgroup string
|
var rgroup string
|
||||||
var ip string
|
var ip string
|
||||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||||
auser = string(p.Auid)
|
auser = strconv.Itoa(int(p.Auid))
|
||||||
euser = string(p.Euid)
|
euser = strconv.Itoa(int(p.Euid))
|
||||||
egroup = string(p.Egid)
|
egroup = strconv.Itoa(int(p.Egid))
|
||||||
ruser = string(p.Ruid)
|
ruser = strconv.Itoa(int(p.Ruid))
|
||||||
rgroup = string(p.Rgid)
|
rgroup = strconv.Itoa(int(p.Rgid))
|
||||||
} else {
|
} else {
|
||||||
auser, _ = getUserName(p.Auid)
|
auser, _ = getUserName(p.Auid)
|
||||||
euser, _ = getUserName(p.Euid)
|
euser, _ = getUserName(p.Euid)
|
||||||
|
|||||||
Reference in New Issue
Block a user