forked from slackhq/go-audit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.go
97 lines (81 loc) · 2.2 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package main
import (
"io/ioutil"
"log/syslog"
yaml "gopkg.in/yaml.v2"
)
// Config defines configuration of go-audit.
type Config struct {
SockerBuffer struct {
Receive int `yaml:"receive"`
} `yaml:"socker_buffer"`
Events struct {
Min int `yaml:"min"`
Max int `yaml:"max"`
} `yaml:"events"`
MessageTracking struct {
Enabled bool `yaml:"enabled"`
LogOutOfOrder bool `yaml:"log_out_of_order"`
MaxOutOfOrder int `yaml:"max_out_of_order"`
} `yaml:"message_tracking"`
MetricsAddress string `yaml:"metrics_address"`
Output struct {
Stdout struct {
Enabled bool `yaml:"enabled"`
Attempts int `yaml:"attempts"`
} `yaml:"stdout"`
Syslog struct {
Enabled bool `yaml:"enabled"`
Attempts int `yaml:"attempts"`
Network string `yaml:"network"`
Address string `yaml:"address"`
Priority int `yaml:"priority"`
Tag string `yaml:"tag"`
} `yaml:"syslog"`
File struct {
Enabled bool `yaml:"enabled"`
Attempts int `yaml:"attempts"`
Path string `yaml:"path"`
Mode int `yaml:"mode"`
User string `yaml:"user"`
Group string `yaml:"group"`
} `yaml:"file"`
Kafka KafkaConfig `yaml:"kafka"`
} `yaml:"output"`
Log struct {
Level string `yaml:"level"`
} `yaml:"log"`
Rules []string `yaml:"rules"`
Filters []Filter `yaml:"filters"`
}
// Filter specifies syscalls to ignore.
type Filter struct {
Syscall int `yaml:"syscall"`
MessageType int `yaml:"message_type"`
Regex string `yaml:"regex"`
}
func loadConfig(filename string) (*Config, error) {
buf, err := ioutil.ReadFile(filename)
if err != nil {
return nil, err
}
config := defaultConfig()
if err := yaml.Unmarshal(buf, config); err != nil {
return nil, err
}
return config, nil
}
func defaultConfig() *Config {
config := new(Config)
config.Events.Min = 1300
config.Events.Max = 1399
config.MessageTracking.Enabled = true
config.MessageTracking.LogOutOfOrder = false
config.MessageTracking.MaxOutOfOrder = 500
config.Output.Syslog.Enabled = false
config.Output.Syslog.Attempts = 3
config.Output.Syslog.Priority = int(syslog.LOG_LOCAL0 | syslog.LOG_WARNING)
config.Output.Syslog.Tag = "go-audit"
config.Log.Level = "warn"
return config
}