Skip to content

Commit

Permalink
func: disable proc_scan, fanotify, arf, and fullscan with proc
Browse files Browse the repository at this point in the history
  • Loading branch information
@kulukami
kulukami committed Dec 26, 2024
1 parent 51b8da8 commit 4251d77
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 17 deletions.
2 changes: 1 addition & 1 deletion plugins/scanner/clamav-mussels-cookbook
Submodule clamav-mussels-cookbook updated 29 files
+0 −36 collections/clamav_deps-0.101.yaml
+5 −5 collections/clamav_deps-1.0.yaml
+5 −5 collections/clamav_deps-1.1.yaml
+61 −2 collections/clamav_deps-1.2.yaml
+22 −5 collections/libclamav_deps-1.1.yaml
+0 −225 recipes/clamav-0.101.yaml
+0 −247 recipes/clamav-0.102.yaml
+8 −8 recipes/clamav-1.0.yaml
+532 −0 recipes/clamav-1.1.yaml
+532 −0 recipes/clamav-1.2.yaml
+66 −1 recipes/libbz2-1.0.yaml
+54 −0 recipes/libbz2-1.1-dev.yaml
+18 −10 recipes/libcurl-7.yaml
+26 −2 recipes/libiconv-1.17.yaml
+51 −1 recipes/libjson-c-0.16.yaml
+0 −2 recipes/libmspack-0.yaml
+2 −2 recipes/libnghttp2-1.yaml
+55 −4 recipes/libopenssl-1.1.yaml
+41 −4 recipes/libpcre2-10.yaml
+67 −3 recipes/libxml2-2.10.yaml
+66 −3 recipes/libz-1.2.yaml
+2 −2 recipes/ncurses-6.yaml
+0 −15 recipes/pthreads-2.9.1-patches/01-have_struct_timespec.diff
+1,363 −0 recipes/pthreads-3.0-patches/01-pthreads-3.0-have_struct_timespec.patch
+22 −0 recipes/pthreads-3.0-patches/02-pthreads-3.0-no-quser.patch
+15 −10 recipes/pthreads-win32-3.0.yaml
+13 −0 tools/aarch64_linux_musl_gcc.yaml
+5 −4 tools/gcc.yaml
+13 −0 tools/x86_64_linux_musl_gcc.yaml
2 changes: 1 addition & 1 deletion plugins/scanner/settings.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ flock_path = "/var/run/elkeid_scanners_plugin.pid"
### cgroup max mem limit, defult 256Mb
cgroup_name = "clamav_"
### mega byte
cgroup_mem_limit = 256
cgroup_mem_limit = 300
### %
cgroup_cpu_limit = 39

Expand Down
26 changes: 14 additions & 12 deletions plugins/scanner/src/detector.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,7 @@ impl Detector {
clamav::clamav_init().unwrap();
let recv_worker = thread::spawn(move || {
let mut _arf_t: Option<HoneyPot> = None;
/*
let s_arf_worker = task_sender.clone();
let s_arf_lock = recv_worker_s_locker.clone();
Expand All @@ -342,6 +343,7 @@ impl Detector {
None
}
};
*/

loop {
match r_client.receive() {
Expand All @@ -365,10 +367,10 @@ impl Detector {
),
};
if let Err(e) = r_client
.send_record(&end_flag.to_record_token(&t.get_token()))
{
warn!("send err, should exit : {:?}", e);
};
.send_record(&end_flag.to_record_token(&t.get_token()))
{
warn!("send err, should exit : {:?}", e);
};
continue;
}
let task_map: HashMap<String, String> =
Expand All @@ -380,9 +382,9 @@ impl Detector {
data: "failed".to_string(),
error: format!("recv serde_json err {:?}", t.data),
};
if let Err(e) = r_client
.send_record(&end_flag.to_record_token(&t.get_token()))
{
if let Err(e) = r_client.send_record(
&end_flag.to_record_token(&t.get_token()),
) {
warn!("send err, should exit : {:?}", e);
};
continue;
Expand Down Expand Up @@ -458,7 +460,7 @@ impl Detector {
break;
}
Some(Err(_err)) => {
/*
/*
let end_flag = ScanFinished {
data: "failed".to_string(),
error: _err.to_string(),
Expand All @@ -468,10 +470,10 @@ impl Detector {
) {
warn!("send err, should exit : {:?}", e);
};
break;
break;
*/
warn!("walkdir continue with: {:?}", _err);
continue
continue;
}
Some(Ok(entry)) => entry,
};
Expand All @@ -484,8 +486,8 @@ impl Detector {
if fsize <= 4 || fsize > 1024 * 1024 * 100 {
continue;
}
}else{
continue
} else {
continue;
}

let task = ScanTaskUserTask::with_path(
Expand Down
3 changes: 2 additions & 1 deletion plugins/scanner/src/model/functional/cronjob.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,8 @@ impl Cronjob {
let mut proc_crobjob_is_first_run = true;
let mut scaned_cache = LruCache::new(20480);
let job_proc = thread::spawn(move || loop {
std::thread::sleep(Duration::from_secs(30));
continue;
let start_timestamp = Clock::now_since_epoch().as_secs();
info!("[CronjobProc] Scan started at : {}", start_timestamp);

Expand Down Expand Up @@ -230,7 +232,6 @@ impl Cronjob {
};
}
last_scaned_timestamp = Clock::now_since_epoch().as_secs();
std::thread::sleep(Duration::from_secs(30));
proc_crobjob_is_first_run = false;
});
return Self { job_dir, job_proc };
Expand Down
5 changes: 3 additions & 2 deletions plugins/scanner/src/model/functional/fulldiskscan.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,8 @@ pub fn FullScan(
let job = thread::spawn(move || {
// step-1
// proc scan
info!("[FullScan] step-1: /proc/pid/exe");
info!("[FullScan] step-1: /proc/pid/exe skiped");
/*
let dir_p = fs::read_dir("/proc").unwrap();
for each in dir_p {
Expand Down Expand Up @@ -273,7 +274,7 @@ pub fn FullScan(
}
};
}

*/
// step-2
info!("[FullScan] step-2: fulldisk");
match fullscan_mode {
Expand Down

0 comments on commit 4251d77

Please sign in to comment.