Compare commits
3 Commits
v.0.5
...
9218ae6daa
| Author | SHA1 | Date | |
|---|---|---|---|
| 9218ae6daa | |||
| dcecaf6c62 | |||
| 8d87cc12c4 |
97
libbsm.go
97
libbsm.go
@ -117,7 +117,6 @@ const (
|
||||
PRT_ONELINE = 1
|
||||
PRT_NORESOLVE_USER = 2
|
||||
PRT_TIMESTAMP = 4
|
||||
|
||||
)
|
||||
|
||||
var (
|
||||
@ -143,7 +142,7 @@ type event struct {
|
||||
// Abstraction of a record
|
||||
type Record interface {
|
||||
GetType() uint8
|
||||
// Length()
|
||||
//Length()
|
||||
LoadFromBinary(rdr *bufio.Reader) error
|
||||
Print(*os.File, string, int)
|
||||
}
|
||||
@ -211,7 +210,7 @@ type Attribute64 struct {
|
||||
*/
|
||||
type ExecArg struct {
|
||||
Count uint32
|
||||
//Text [AUDIT_MAX_ARGS][]byte
|
||||
//Text [AUDIT_MAX_ARGS][]byte
|
||||
Text [][]byte
|
||||
}
|
||||
|
||||
@ -650,16 +649,16 @@ func (a *Attribute32) LoadFromBinary(rdr *bufio.Reader) error {
|
||||
func (a *Attribute32) Print(file *os.File, delimiter string, flags int) {
|
||||
var user string
|
||||
var group string
|
||||
// TODO : resolve Uid and Gid (also support domain accounts)
|
||||
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
user = string(a.Uid)
|
||||
group = string(a.Gid)
|
||||
user = strconv.Itoa(int(a.Uid))
|
||||
group = strconv.Itoa(int(a.Gid))
|
||||
} else {
|
||||
user, _ = getUserName(a.Uid)
|
||||
group, _ = getGroupName(a.Gid)
|
||||
}
|
||||
|
||||
fmt.Fprintf(file, "attribute%s%o%s%v%s%v%s%v%s%v%s%v", delimiter, a.Mode, delimiter, user, delimiter,
|
||||
fmt.Fprintf(file, "attribute%s%o%s%s%s%s%s%v%s%v%s%v", delimiter, a.Mode, delimiter, user, delimiter,
|
||||
group, delimiter, a.Fsid, delimiter, a.Nid, delimiter, a.Dev)
|
||||
|
||||
if 0 == (flags & PRT_ONELINE) {
|
||||
@ -711,8 +710,8 @@ func (a *Attribute64) Print(file *os.File, delimiter string, flags int) {
|
||||
var group string
|
||||
// TODO : resolve Uid and Gid (also support domain accounts)
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
user = string(a.Uid)
|
||||
group = string(a.Gid)
|
||||
user = strconv.Itoa(int(a.Uid))
|
||||
group = strconv.Itoa(int(a.Gid))
|
||||
} else {
|
||||
user, _ = getUserName(a.Uid)
|
||||
group, _ = getGroupName(a.Gid)
|
||||
@ -775,11 +774,11 @@ func (s *Subject32) Print(file *os.File, delimiter string, flags int) {
|
||||
var ruser string
|
||||
var rgroup string
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
auser = string(s.Auid)
|
||||
euser = string(s.Euid)
|
||||
egroup = string(s.Egid)
|
||||
ruser = string(s.Ruid)
|
||||
rgroup = string(s.Rgid)
|
||||
auser = strconv.Itoa(int(s.Auid))
|
||||
euser = strconv.Itoa(int(s.Euid))
|
||||
egroup = strconv.Itoa(int(s.Egid))
|
||||
ruser = strconv.Itoa(int(s.Ruid))
|
||||
rgroup = strconv.Itoa(int(s.Rgid))
|
||||
} else {
|
||||
auser, _ = getUserName(s.Auid)
|
||||
euser, _ = getUserName(s.Euid)
|
||||
@ -846,11 +845,11 @@ func (p *Process32) Print(file *os.File, delimiter string, flags int) {
|
||||
var ruser string
|
||||
var rgroup string
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
auser = string(p.Auid)
|
||||
euser = string(p.Euid)
|
||||
egroup = string(p.Egid)
|
||||
ruser = string(p.Ruid)
|
||||
rgroup = string(p.Rgid)
|
||||
auser = strconv.Itoa(int(p.Auid))
|
||||
euser = strconv.Itoa(int(p.Euid))
|
||||
egroup = strconv.Itoa(int(p.Egid))
|
||||
ruser = strconv.Itoa(int(p.Ruid))
|
||||
rgroup = strconv.Itoa(int(p.Rgid))
|
||||
} else {
|
||||
auser, _ = getUserName(p.Auid)
|
||||
euser, _ = getUserName(p.Euid)
|
||||
@ -933,11 +932,11 @@ func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) {
|
||||
var rgroup string
|
||||
var ip string
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
auser = string(s.Auid)
|
||||
euser = string(s.Euid)
|
||||
egroup = string(s.Egid)
|
||||
ruser = string(s.Ruid)
|
||||
rgroup = string(s.Rgid)
|
||||
auser = strconv.Itoa(int(s.Auid))
|
||||
euser = strconv.Itoa(int(s.Euid))
|
||||
egroup = strconv.Itoa(int(s.Egid))
|
||||
ruser = strconv.Itoa(int(s.Ruid))
|
||||
rgroup = strconv.Itoa(int(s.Rgid))
|
||||
} else {
|
||||
auser, _ = getUserName(s.Auid)
|
||||
euser, _ = getUserName(s.Euid)
|
||||
@ -1026,11 +1025,11 @@ func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) {
|
||||
var rgroup string
|
||||
var ip string
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
auser = string(p.Auid)
|
||||
euser = string(p.Euid)
|
||||
egroup = string(p.Egid)
|
||||
ruser = string(p.Ruid)
|
||||
rgroup = string(p.Rgid)
|
||||
auser = strconv.Itoa(int(p.Auid))
|
||||
euser = strconv.Itoa(int(p.Euid))
|
||||
egroup = strconv.Itoa(int(p.Egid))
|
||||
ruser = strconv.Itoa(int(p.Ruid))
|
||||
rgroup = strconv.Itoa(int(p.Rgid))
|
||||
} else {
|
||||
auser, _ = getUserName(p.Auid)
|
||||
euser, _ = getUserName(p.Euid)
|
||||
@ -1105,11 +1104,11 @@ func (s *Subject64) Print(file *os.File, delimiter string, flags int) {
|
||||
var ruser string
|
||||
var rgroup string
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
auser = string(s.Auid)
|
||||
euser = string(s.Euid)
|
||||
egroup = string(s.Egid)
|
||||
ruser = string(s.Ruid)
|
||||
rgroup = string(s.Rgid)
|
||||
auser = strconv.Itoa(int(s.Auid))
|
||||
euser = strconv.Itoa(int(s.Euid))
|
||||
egroup = strconv.Itoa(int(s.Egid))
|
||||
ruser = strconv.Itoa(int(s.Ruid))
|
||||
rgroup = strconv.Itoa(int(s.Rgid))
|
||||
} else {
|
||||
auser, _ = getUserName(s.Auid)
|
||||
euser, _ = getUserName(s.Euid)
|
||||
@ -1176,11 +1175,11 @@ func (p *Process64) Print(file *os.File, delimiter string, flags int) {
|
||||
var ruser string
|
||||
var rgroup string
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
auser = string(p.Auid)
|
||||
euser = string(p.Euid)
|
||||
egroup = string(p.Egid)
|
||||
ruser = string(p.Ruid)
|
||||
rgroup = string(p.Rgid)
|
||||
auser = strconv.Itoa(int(p.Auid))
|
||||
euser = strconv.Itoa(int(p.Euid))
|
||||
egroup = strconv.Itoa(int(p.Egid))
|
||||
ruser = strconv.Itoa(int(p.Ruid))
|
||||
rgroup = strconv.Itoa(int(p.Rgid))
|
||||
} else {
|
||||
auser, _ = getUserName(p.Auid)
|
||||
euser, _ = getUserName(p.Euid)
|
||||
@ -1262,11 +1261,11 @@ func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) {
|
||||
var rgroup string
|
||||
var ip string
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
auser = string(s.Auid)
|
||||
euser = string(s.Euid)
|
||||
egroup = string(s.Egid)
|
||||
ruser = string(s.Ruid)
|
||||
rgroup = string(s.Rgid)
|
||||
auser = strconv.Itoa(int(s.Auid))
|
||||
euser = strconv.Itoa(int(s.Euid))
|
||||
egroup = strconv.Itoa(int(s.Egid))
|
||||
ruser = strconv.Itoa(int(s.Ruid))
|
||||
rgroup = strconv.Itoa(int(s.Rgid))
|
||||
} else {
|
||||
auser, _ = getUserName(s.Auid)
|
||||
euser, _ = getUserName(s.Euid)
|
||||
@ -1355,11 +1354,11 @@ func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) {
|
||||
var rgroup string
|
||||
var ip string
|
||||
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
|
||||
auser = string(p.Auid)
|
||||
euser = string(p.Euid)
|
||||
egroup = string(p.Egid)
|
||||
ruser = string(p.Ruid)
|
||||
rgroup = string(p.Rgid)
|
||||
auser = strconv.Itoa(int(p.Auid))
|
||||
euser = strconv.Itoa(int(p.Euid))
|
||||
egroup = strconv.Itoa(int(p.Egid))
|
||||
ruser = strconv.Itoa(int(p.Ruid))
|
||||
rgroup = strconv.Itoa(int(p.Rgid))
|
||||
} else {
|
||||
auser, _ = getUserName(p.Auid)
|
||||
euser, _ = getUserName(p.Euid)
|
||||
|
||||
Reference in New Issue
Block a user