예제 #1
0
TEST_F(ConfigTests, test_watched_files) {
  ConfigDataInstance config;
  ASSERT_EQ(config.files().size(), 3);
  // From the deprecated "additional_monitoring" collection.
  EXPECT_EQ(config.files().at("downloads").size(), 1);

  // From the new, recommended top-level "file_paths" collection.
  EXPECT_EQ(config.files().at("downloads2").size(), 1);
  EXPECT_EQ(config.files().at("system_binaries").size(), 2);
}
예제 #2
0
Status YARAEventSubscriber::init() {
  Status status;

  ConfigDataInstance config;
  const auto& yara_config = config.getParsedData("yara");
  if (yara_config.count("file_paths") == 0)
    return Status(0, "OK");
  const auto& yara_paths = yara_config.get_child("file_paths");
  const auto& file_map = config.files();
  for (const auto& yara_path_element : yara_paths) {
    // Subscribe to each file for the given key (category).
    if (file_map.count(yara_path_element.first) == 0) {
      VLOG(1) << "Key in yara.file_paths not found in file_paths: "
              << yara_path_element.first;
      continue;
    }

    for (const auto& file : file_map.at(yara_path_element.first)) {
      VLOG(1) << "Added YARA listener to: " << file;
      auto mc = createSubscriptionContext();
      mc->path = file;
      mc->mask = FILE_CHANGE_MASK;
      mc->recursive = true;
      subscribe(&YARAEventSubscriber::Callback,
                mc,
                (void*)(&yara_path_element.first));
    }
  }

  return Status(0, "OK");
}
예제 #3
0
Status FileEventSubscriber::init() {
  ConfigDataInstance config;
  for (const auto& element_kv : config.files()) {
    for (const auto& file : element_kv.second) {
      VLOG(1) << "Added listener to: " << file;
      auto mc = createSubscriptionContext();
      mc->path = file;
      subscribe(&FileEventSubscriber::Callback, mc,
                (void*)(&element_kv.first));
    }
  }

  return Status(0, "OK");
}
예제 #4
0
Status FileEventSubscriber::init() {
  ConfigDataInstance config;
  for (const auto& element_kv : config.files()) {
    for (const auto& file : element_kv.second) {
      VLOG(1) << "Added listener to: " << file;
      auto mc = createSubscriptionContext();
      mc->recursive = 1;
      mc->path = file;
      mc->mask = IN_ATTRIB | IN_MODIFY | IN_DELETE | IN_CREATE;
      subscribe(&FileEventSubscriber::Callback, mc,
                (void*)(&element_kv.first));
    }
  }

  return Status(0, "OK");
}