mirror of
https://github.com/evilsocket/opensnitch.git
synced 2025-03-04 08:34:40 +01:00
allow to filter connections by username
Added new rule operand 'user.name' to filter connections by username. More info #1236
This commit is contained in:
Gustavo Iñiguez Goia
parent
c0be3d15dc
commit
ff3ac6663a
1 changed files with 12 additions and 1 deletions
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
"os/user"
|
||||||
"reflect"
|
"reflect"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
@ -47,6 +48,7 @@ const (
|
||||||
OpProcessHashMD5 = Operand("process.hash.md5")
|
OpProcessHashMD5 = Operand("process.hash.md5")
|
||||||
OpProcessHashSHA1 = Operand("process.hash.sha1")
|
OpProcessHashSHA1 = Operand("process.hash.sha1")
|
||||||
OpUserID = Operand("user.id")
|
OpUserID = Operand("user.id")
|
||||||
|
OpUserName = Operand("user.name")
|
||||||
OpSrcIP = Operand("source.ip")
|
OpSrcIP = Operand("source.ip")
|
||||||
OpSrcPort = Operand("source.port")
|
OpSrcPort = Operand("source.port")
|
||||||
OpDstIP = Operand("dest.ip")
|
OpDstIP = Operand("dest.ip")
|
||||||
|
|
@ -209,6 +211,15 @@ func (o *Operator) Compile() error {
|
||||||
o.cb = o.cmpNetwork
|
o.cb = o.cmpNetwork
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if o.Operand == OpUserName && o.Type == Simple {
|
||||||
|
// TODO: allow regexps, take into account users from containers.
|
||||||
|
u, err := user.Lookup(o.Data)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("user.name Operand error: %s", err)
|
||||||
|
}
|
||||||
|
o.cb = o.simpleCmp
|
||||||
|
o.Data = u.Uid
|
||||||
|
}
|
||||||
if o.Operand == OpDomainsLists {
|
if o.Operand == OpDomainsLists {
|
||||||
if o.Data == "" {
|
if o.Data == "" {
|
||||||
return fmt.Errorf("Operand lists is empty, nothing to load: %s", o)
|
return fmt.Errorf("Operand lists is empty, nothing to load: %s", o)
|
||||||
|
|
@ -382,7 +393,7 @@ func (o *Operator) Match(con *conman.Connection, hasChecksums bool) bool {
|
||||||
return o.cb(con.DstHost)
|
return o.cb(con.DstHost)
|
||||||
} else if o.Operand == OpIPLists {
|
} else if o.Operand == OpIPLists {
|
||||||
return o.cb(con.DstIP.String())
|
return o.cb(con.DstIP.String())
|
||||||
} else if o.Operand == OpUserID {
|
} else if o.Operand == OpUserID || o.Operand == OpUserName {
|
||||||
return o.cb(strconv.Itoa(con.Entry.UserId))
|
return o.cb(strconv.Itoa(con.Entry.UserId))
|
||||||
} else if o.Operand == OpDstNetwork {
|
} else if o.Operand == OpDstNetwork {
|
||||||
return o.cb(con.DstIP)
|
return o.cb(con.DstIP)
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue