def _network_audit_events(ctx, event, size): logger.audit('action=%s access=NET_%s family=%s exe=%s' % ( BPFBOX_ACTION(event.action), NET_ACCESS(event.access), NET_FAMILY(event.family), self._format_exe(event.profile_key, event.pid, event.uid), ))
def _ipc_audit_events(ctx, event, size): logger.audit('action=%s access=IPC_%s exe=%s target=%s' % ( BPFBOX_ACTION(event.action), IPC_ACCESS(event.access), self._format_exe(event.profile_key, event.pid, event.uid), self._format_exe(event.object_profile_key, event.object_pid, event.object_uid), ))
def _fs_audit_events(ctx, event, size): logger.audit( 'action=%s access=FS_%s exe=%s st_ino=%d st_dev=%s' % ( BPFBOX_ACTION(event.action), FS_ACCESS(event.access), self._format_exe(event.profile_key, event.pid, event.uid), event.st_ino, self._format_dev(event.s_id.decode('utf-8'), event.st_dev), ))
def load(self, policy: Policy): super().load(policy) state = self.calculate_state_number(policy) for target in self.target: Commands.add_ipc_rule( policy.profile, target, IPC_ACCESS.from_list(self.signal), BPFBOX_ACTION.from_list(self.action), state, )
def load(self, policy: Policy): super().load(policy) state = self.calculate_state_number(policy) for family in self.family: Commands.add_net_rule( policy.profile, NET_ACCESS.from_list(self.operation), NET_FAMILY.from_string(family), BPFBOX_ACTION.from_list(self.action), state, )
def load(self, policy: Policy): super().load(policy) state = self.calculate_state_number(policy) for _file in self.file: Commands.add_fs_rule( policy.profile, _file, FS_ACCESS.from_list(self.access), BPFBOX_ACTION.from_list(self.action), state=state, )
def append_action(rule): rule.action |= BPFBOX_ACTION.from_string(toks[0])