yulong-hids-archived
yulong-hids-archived copied to clipboard
ysrc
[archived] 一款实验性质的主机入侵检测系统
你好, 我新建用户后发现 userlist 中看不到新用户. reload agent 过了一段时间后仍看不到, 但同时该主机的 crontab/listening/process 信息能正确更新. 我对比了另外一台机器的 /etc/passwd 和web界面中的 userlist, 发现 userlist 少了3个用户.
user: 最后一行的用户被忽略; crontab:不规范的空格导致panic listen:进程名为空时导致panic
/agent/collect/crontab_linux.go ubuntu的crontab在/var/spool/cron/crontabs/,这里没有覆盖到。
在一台 CentOS 5.4 的机器上成功安装后服务没起来, 手动启动时发现如下提示: ``` ./daemon -netloc xxxx:443 2018/05/15 13:52:35 Start Agent 2018/05/15 13:52:35 Start Agent successful 2018/05/15 13:52:35 Agent to exit: exit status 127 2018/05/15 13:52:35 Start the...
Download dependent environment package Install dependency, service error: open /usr/yulong-hids/data.zip: no such file or directory
只在部分 CentOS 6.5 的机器上观察到这种情况. 第一次安装 ``` /tmp/daemon -install -netloc xxx:443 2018/05/15 13:40:18 Download dependent environment package 2018/05/15 13:40:18 Use syshook_2.6.32-431 2018/05/15 13:40:18 Install dependency, service error: exit status 1 ```...
C:\hids_server>server -db 10.192.9.231:27017 -es 10.192.9.231:9200 2018/05/08 14:26:04 Get Config 2018/05/08 14:26:05 {true false {[] [] [mssecsvc\.exe tasksche\.exe] []} {[] [] [] []} -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDC5AAi+XJE8whsKkB3bO1hPuApgAvvIDodReAO5GbSo73a63rc EgIGZaWm/3EJIRvG1yXYd0dWsI1NWvuhQPvwWmegkSsvBiSUgiIBn0NxJ4K5UwAs 8ducHQKtgdXaoanOVWBIFBaiYOcsW1iPWLb3HYQgLCLrkR2z7kGFEG4VawIDAQAB AoGBAIN0YLc2hCIHv92dnkAvo+odC/xSFzqjBS/ritbgro5TzeKVRRiduOnxtAtx...
` C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:535 +0x5a yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).readLoop(0xc04372e9a0 ) C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:551 +0x609 created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newSocket C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:194 +0x1fc goroutine 417 [IO wait]: internal/poll.runtime_pollWait(0x3a80820, 0x72, 0xa16060) C:/Go/src/runtime/netpoll.go:173 +0x5e internal/poll.(*pollDesc).wait(0xc0420d6a08, 0x72, 0xc9d400, 0x0, 0x0) C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2 internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc0420d6858,...
