■ ■ ■ ■ ■ ■
guardity-common/src/lib.rs
1 1 #![cfg_attr(not(feature = "user"), no_std)] 2 2 3 - #[cfg(feature = "user")] 4 - use std::net::{Ipv4Addr, Ipv6Addr}; 5 - 6 - #[cfg(feature = "user")] 7 - use serde::Serialize; 3 + pub mod alerts; 8 4 9 5 pub const MAX_PATHS: usize = 4; 10 6 pub const MAX_PORTS: usize = 1; 11 7 pub const MAX_IPV4ADDRS: usize = 1; 12 8 pub const MAX_IPV6ADDRS: usize = 1; 13 9 14 - pub trait Alert {} 15 - 16 - #[repr(C)] 17 - #[cfg_attr(feature = "user", derive(Debug, serde::Serialize, serde::Deserialize))] 18 - #[derive(Copy, Clone)] 19 - pub struct AlertBprmCheckSecurity { 20 - pub pid: u32, 21 - #[cfg_attr(feature = "user", serde(skip))] 22 - _padding: u32, 23 - pub binprm_inode: u64, 24 - } 25 - 26 - impl AlertBprmCheckSecurity { 27 - pub fn new(pid: u32, binprm_inode: u64) -> Self { 28 - Self { 29 - pid, 30 - _padding: 0, 31 - binprm_inode, 32 - } 33 - } 34 - } 35 - 36 - impl Alert for AlertBprmCheckSecurity {} 37 - 38 - #[repr(C)] 39 - #[cfg_attr(feature = "user", derive(Debug, serde::Serialize, serde::Deserialize))] 40 - #[derive(Copy, Clone)] 41 - pub struct AlertFileOpen { 42 - pub pid: u32, 43 - #[cfg_attr(feature = "user", serde(skip))] 44 - _padding: u32, 45 - pub binprm_inode: u64, 46 - pub inode: u64, 47 - } 48 - 49 - impl AlertFileOpen { 50 - pub fn new(pid: u32, binprm_inode: u64, inode: u64) -> Self { 51 - Self { 52 - pid, 53 - _padding: 0, 54 - binprm_inode, 55 - inode, 56 - } 57 - } 58 - } 59 - 60 - impl Alert for AlertFileOpen {} 61 - 62 - #[repr(C)] 63 - #[cfg_attr(feature = "user", derive(Debug, serde::Serialize, serde::Deserialize))] 64 - #[derive(Copy, Clone)] 65 - pub struct AlertSetuid { 66 - pub pid: u32, 67 - #[cfg_attr(feature = "user", serde(skip))] 68 - _padding: u32, 69 - pub binprm_inode: u64, 70 - pub old_uid: u32, 71 - pub old_gid: u32, 72 - pub new_uid: u32, 73 - pub new_gid: u32, 74 - } 75 - 76 - impl AlertSetuid { 77 - pub fn new( 78 - pid: u32, 79 - binprm_inode: u64, 80 - old_uid: u32, 81 - old_gid: u32, 82 - new_uid: u32, 83 - new_gid: u32, 84 - ) -> Self { 85 - Self { 86 - pid, 87 - _padding: 0, 88 - binprm_inode, 89 - old_uid, 90 - old_gid, 91 - new_uid, 92 - new_gid, 93 - } 94 - } 95 - } 96 - 97 - impl Alert for AlertSetuid {} 98 - 99 - #[repr(C)] 100 - #[cfg_attr(feature = "user", derive(Debug, serde::Serialize, serde::Deserialize))] 101 - #[derive(Copy, Clone)] 102 - pub struct AlertSocketBind { 103 - pub pid: u32, 104 - #[cfg_attr(feature = "user", serde(skip))] 105 - _padding1: u32, 106 - pub binprm_inode: u64, 107 - pub port: u16, 108 - #[cfg_attr(feature = "user", serde(skip))] 109 - _padding2: [u16; 3], 110 - } 111 - 112 - impl AlertSocketBind { 113 - pub fn new(pid: u32, binprm_inode: u64, port: u16) -> Self { 114 - Self { 115 - pid, 116 - _padding1: 0, 117 - binprm_inode, 118 - port, 119 - _padding2: [0; 3], 120 - } 121 - } 122 - } 123 - 124 - impl Alert for AlertSocketBind {} 125 - 126 - #[cfg(feature = "user")] 127 - fn serialize_ipv4<S>(addr: &u32, s: S) -> Result<S::Ok, S::Error> 128 - where 129 - S: serde::Serializer, 130 - { 131 - Ipv4Addr::from(*addr).serialize(s) 132 - } 133 - 134 - #[cfg(feature = "user")] 135 - fn serialize_ipv6<S>(addr: &[u8; 16], s: S) -> Result<S::Ok, S::Error> 136 - where 137 - S: serde::Serializer, 138 - { 139 - Ipv6Addr::from(addr.to_owned()).serialize(s) 140 - } 141 - 142 - #[repr(C)] 143 - #[cfg_attr(feature = "user", derive(Debug, serde::Serialize, serde::Deserialize))] 144 - #[derive(Copy, Clone)] 145 - pub struct AlertSocketConnect { 146 - pub pid: u32, 147 - #[cfg_attr(feature = "user", serde(skip))] 148 - _padding1: u32, 149 - pub binprm_inode: u64, 150 - #[cfg_attr(feature = "user", serde(serialize_with = "serialize_ipv4"))] 151 - pub addr_v4: u32, 152 - #[cfg_attr(feature = "user", serde(skip))] 153 - _padding2: u32, 154 - #[cfg_attr(feature = "user", serde(serialize_with = "serialize_ipv6"))] 155 - pub addr_v6: [u8; 16], 156 - } 157 - 158 - impl AlertSocketConnect { 159 - pub fn new_ipv4(pid: u32, binprm_inode: u64, addr_v4: u32) -> Self { 160 - Self { 161 - pid, 162 - _padding1: 0, 163 - binprm_inode, 164 - addr_v4, 165 - _padding2: 0, 166 - addr_v6: [0; 16], 167 - } 168 - } 169 - 170 - pub fn new_ipv6(pid: u32, binprm_inode: u64, addr_v6: [u8; 16]) -> Self { 171 - Self { 172 - pid, 173 - _padding1: 0, 174 - binprm_inode, 175 - addr_v4: 0, 176 - _padding2: 0, 177 - addr_v6, 178 - } 179 - } 180 - } 181 - 182 - impl Alert for AlertSocketConnect {} 183 - 184 10 #[repr(C)] 185 11 #[derive(Copy, Clone)] 186 12 pub struct Paths { skipped 93 lines 280 106 281 107 use aya::Pod; 282 108 283 - unsafe impl Pod for AlertFileOpen {} 284 - unsafe impl Pod for AlertSetuid {} 285 109 unsafe impl Pod for Paths {} 286 110 unsafe impl Pod for Ports {} 287 111 unsafe impl Pod for Ipv4Addrs {} skipped 3 lines