Categorygithub.com/onils/psaudit
repositorypackage
0.0.0-20191011062322-441f9d4ad8e1
Repository: https://github.com/onils/psaudit.git
Documentation: pkg.go.dev

# Packages

No description provided by the author
No description provided by the author

# README

psaudit

通过Linux netlink NETLINK_CONNECTOR 协议实时进行监控本机进程情况。

当前维度: Linux NETLINK_CONNECTOR -> execve -> pid -> pid info 之前研究测试用的,方便输出安全规则。

获取的信息

参数含义来源
namename/proc/PID/status,Name
cmdCmd/proc/PID/cmdline
pidprocess IDnetlink Exec
statestate/proc/PID/status,state
tgidthread group ID/proc/PID/status,Tgid
uiduser ID(进程执行者)/proc/PID/status,Uid[0]
euideffective user ID(进程执行对文件的访问权限)/proc/PID/status,Uid[1]
suidsaved set user ID(副本)/proc/PID/status,Uid[2]
fsuidfile system user ID/proc/PID/status,Uid[3]
gidgroup ID/proc/PID/status,Gid[0]
egideffective group ID/proc/PID/status,Gid[1]
sgidsaved group ID/proc/PID/status,Gid[2]
fsgidfile system group ID/proc/PID/status,Gid[3]
cwdCwd/proc/PID/environ,PWD
exeExe/proc/PID/exe (read link)
ppidparent process ID/proc/PID/status,PPid
p_nameppid name/proc/PPID/status,name
p_uidppid uid/proc/PPID/status,Uid[0]
p_cmdppid cmd/proc/PPID/cmdline
fd_infofd info/proc/PID/fd/[0-9]*
sock_infofd to socket info/proc/net