diff --git a/CMakeLists.txt b/CMakeLists.txt index e1dc472..2027680 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -273,14 +273,17 @@ target_link_libraries(ConfigTests ${Boost_LIBRARIES}) add_test(Config ${CMAKE_BINARY_DIR}/ConfigTests --log_sink=ConfigTests.log --report_sink=ConfigTests.report) add_executable(EventTests - TempFile.cpp + TempDir.cpp Logger.cpp - Queue.cpp + PriorityQueue.cpp + FileUtils.cpp Event.cpp EventTests.cpp ) -target_link_libraries(EventTests ${Boost_LIBRARIES}) +target_link_libraries(EventTests ${Boost_LIBRARIES} + pthread +) add_test(Event ${CMAKE_BINARY_DIR}/EventTests --log_sink=EventTests.log --report_sink=EventTests.report) @@ -360,8 +363,6 @@ add_executable(EventProcessorTests ) target_link_libraries(EventProcessorTests ${Boost_LIBRARIES} - audit - auparse dl pthread rt @@ -383,8 +384,6 @@ add_executable(ExecveConverterTests ) target_link_libraries(ExecveConverterTests ${Boost_LIBRARIES} - audit - auparse dl pthread rt diff --git a/EventProcessorTests.cpp b/EventProcessorTests.cpp index 54a97d5..ad5dccc 100644 --- a/EventProcessorTests.cpp +++ b/EventProcessorTests.cpp @@ -17,7 +17,7 @@ #define BOOST_TEST_MODULE "EventProcessorTests" #include -#include "Queue.h" +#include "PriorityQueue.h" #include "Logger.h" #include "TempDir.h" #include "TestEventData.h" @@ -47,7 +47,7 @@ class RawEventQueue: public IEventBuilderAllocator { public: explicit RawEventQueue(std::shared_ptr proc): _buffer(), _size(0), _proc(std::move(proc)) {} - int Allocate(void** data, size_t size) override { + bool Allocate(void** data, size_t size) override { if (_size != size) { _size = size; } @@ -55,18 +55,18 @@ public: _buffer.resize(_size); } *data = _buffer.data(); - return 1; + return true; } - int Commit() override { + bool Commit() override { _proc->ProcessData(_buffer.data(), _size); _size = 0; - return 1; + return true; } - int Rollback() override { + bool Rollback() override { _size = 0; - return 1; + return true; } private: diff --git a/EventTests.cpp b/EventTests.cpp index dd75577..7ed4ef7 100644 --- a/EventTests.cpp +++ b/EventTests.cpp @@ -18,20 +18,20 @@ #define BOOST_TEST_MODULE "EventTests" #include -#include "Queue.h" +#include "PriorityQueue.h" #include "EventQueue.h" -#include "TempFile.h" +#include "TempDir.h" BOOST_AUTO_TEST_CASE( test ) { - TempFile file("/tmp/EventTests."); + TempDir dir("/tmp/EventTests."); - auto queue = std::make_shared(file.Path(), 64*1024); + auto queue = PriorityQueue::Open(dir.Path(), 8, 16*1024,8, 0, 100, 0); auto event_queue = std::make_shared(queue); - queue->Open(); + auto cursor = queue->OpenCursor("event_test"); EventBuilder builder(event_queue); @@ -82,15 +82,12 @@ BOOST_AUTO_TEST_CASE( test ) BOOST_FAIL("EndEvent failed: " + std::to_string(ret)); } - char buffer[64*1024]; - void* data = reinterpret_cast(buffer); - size_t size = sizeof(buffer); - QueueCursor cursor = QueueCursor::TAIL; - if (queue->Get(cursor, data, &size, &cursor, 10) <= 0) { + auto rval = cursor->Get(0); + if (!rval.first) { BOOST_FAIL("Queue didn't have any data in it!"); } - Event event(data, size); + Event event(rval.first->Data(), rval.first->Size()); BOOST_CHECK_EQUAL(event.Seconds(), 1); BOOST_CHECK_EQUAL(event.Milliseconds(), 3); @@ -223,11 +220,12 @@ BOOST_AUTO_TEST_CASE( test ) BOOST_FAIL("EndEvent failed: " + std::to_string(ret)); } - size = sizeof(buffer); - if (queue->Get(cursor, data, &size, &cursor, 10) <= 0) { + rval = cursor->Get(0); + if (!rval.first) { BOOST_FAIL("Queue didn't have any data in it!"); } - event = Event(data, size); + + event = Event(rval.first->Data(), rval.first->Size()); BOOST_CHECK_EQUAL(event.Pid(), -1); diff --git a/ExecveConverterTests.cpp b/ExecveConverterTests.cpp index a5e9a2f..03ff468 100644 --- a/ExecveConverterTests.cpp +++ b/ExecveConverterTests.cpp @@ -37,7 +37,7 @@ class RawEventQueue: public IEventBuilderAllocator { public: explicit RawEventQueue(std::vector& cmdlines): _buffer(), _size(0), _cmdlines(cmdlines) {} - int Allocate(void** data, size_t size) override { + bool Allocate(void** data, size_t size) override { if (_size != size) { _size = size; } @@ -45,10 +45,10 @@ public: _buffer.resize(_size); } *data = _buffer.data(); - return 1; + return true; } - int Commit() override { + bool Commit() override { Event event(_buffer.data(), _size); std::vector recs; for(auto& rec :event) { @@ -59,12 +59,12 @@ public: _converter.Convert(recs, _cmdline); _cmdlines.emplace_back(_cmdline); _size = 0; - return 1; + return true; } - int Rollback() override { + bool Rollback() override { _size = 0; - return 1; + return true; } private: diff --git a/TestEventData.cpp b/TestEventData.cpp index ee90c0a..60edcf2 100644 --- a/TestEventData.cpp +++ b/TestEventData.cpp @@ -127,6 +127,7 @@ const std::vector test_events { // EXECVE {"argc", "6", nullptr, field_type_t::UNCLASSIFIED}, {"cmdline", "logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \"", nullptr, field_type_t::UNESCAPED}, + {"containerid", "", nullptr, field_type_t::UNCLASSIFIED}, }}} }, {1521757638, 392, 262333, 1, 26918, { @@ -159,6 +160,7 @@ const std::vector test_events { // EXECVE {"argc", "6", nullptr, field_type_t::UNCLASSIFIED}, {"cmdline", "logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \"", nullptr, field_type_t::UNESCAPED}, + {"containerid", "", nullptr, field_type_t::UNCLASSIFIED}, }}} }, {1521757638, 392, 262334, 1, -1, { @@ -182,6 +184,7 @@ const std::vector test_events { // EXECVE {"argc", "6", nullptr, field_type_t::UNCLASSIFIED}, {"cmdline", "logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \"", nullptr, field_type_t::UNESCAPED}, + {"containerid", "", nullptr, field_type_t::UNCLASSIFIED}, }}} }, {1521773704, 435, 270957, 0, -1, { @@ -252,6 +255,7 @@ const std::vector test_events { {"exe", "\"/usr/sbin/chronyd\"", nullptr, field_type_t::ESCAPED}, {"key", "\"time-change\"", "time-change", field_type_t::ESCAPED_KEY}, {"proctitle", "/usr/sbin/chronyd", nullptr, field_type_t::PROCTITLE}, + {"containerid", "", nullptr, field_type_t::UNCLASSIFIED}, }}} }, {1563470055, 872, 7605215, 1, 91098, { @@ -300,6 +304,7 @@ const std::vector test_events { // EXECVE {"argc", "5", nullptr, field_type_t::UNCLASSIFIED}, {"cmdline", "iptables -w -t security --flush", nullptr, field_type_t::UNESCAPED}, + {"containerid", "", nullptr, field_type_t::UNCLASSIFIED}, }}} }, {1563470055, 876, 7605216, 1, 91098, { @@ -333,6 +338,7 @@ const std::vector test_events { {"NETFILTER_CFG_table", "security", nullptr, field_type_t::UNCLASSIFIED}, {"NETFILTER_CFG_family", "2", nullptr, field_type_t::NFPROTO}, {"NETFILTER_CFG_entries", "4", nullptr, field_type_t::UNCLASSIFIED}, + {"containerid", "", nullptr, field_type_t::UNCLASSIFIED}, }}} }, {1572298453, 690, 5717, 1, 1450, { @@ -363,6 +369,7 @@ const std::vector test_events { {"exe", "\"/usr/sbin/agetty\"", nullptr, field_type_t::ESCAPED}, {"key", "(null)", nullptr, field_type_t::ESCAPED_KEY}, {"INTEGRITY_POLICY_RULE_unparsed_text", "IPE=ctx ( op: [execute] dmverity_verified: [false] boot_verified: [true] audit_pathname: [/usr/lib/libc-2.28.so] ) [ action = allow ] [ boot_verified = true ]", nullptr, field_type_t::UNESCAPED}, + {"containerid", "", nullptr, field_type_t::UNCLASSIFIED}, }}} }, }; @@ -375,12 +382,12 @@ const std::vector oms_test_events = { }; */ const std::vector oms_test_events = { - R"event([1521757638.392,{"MessageType":"AUOMS_EVENT","Timestamp":"1521757638.392","SerialNumber":262332,"ProcessFlags":0,"records":[{"RecordTypeCode":14688,"RecordType":"AUOMS_EXECVE","arch":"x86_64","syscall":"execve","success":"yes","exit":"0","a0":"55d782c96198","a1":"55d782c96120","a2":"55d782c96158","a3":"1","ppid":"26595","pid":"26918","audit_user":"root","auid":"0","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"842","comm":"logger","exe":"/usr/bin/logger","key":"auoms,execve","key_r":"61756F6D7301657865637665","cwd":"/","name":"/usr/bin/logger","inode":"312545","dev":"00:13","mode":"file,755","o_user":"root","ouid":"0","owner_group":"root","ogid":"0","rdev":"00:00","nametype":"NORMAL","path_name":"[\"/usr/bin/logger\",\"/lib64/ld-linux-x86-64.so.2\"]","path_nametype":"[\"NORMAL\",\"NORMAL\"]","path_mode":"[\"0100755\",\"0100755\"]","path_ouid":"[\"0\",\"0\"]","path_ogid":"[\"0\",\"0\"]","argc":"6","cmdline":"logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \""}]}])event", - R"event([1521757638.392,{"MessageType":"AUOMS_EVENT","Timestamp":"1521757638.392","SerialNumber":262333,"ProcessFlags":0,"records":[{"RecordTypeCode":14688,"RecordType":"AUOMS_EXECVE","arch":"x86_64","syscall":"execve","success":"yes","exit":"0","a0":"55d782c96198","a1":"55d782c96120","a2":"55d782c96158","a3":"1","ppid":"26595","pid":"26918","audit_user":"root","auid":"0","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"842","comm":"logger","exe":"/usr/bin/logger","key":"(null)","argc":"6","cmdline":"logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \""}]}])event", - R"event([1521757638.392,{"MessageType":"AUOMS_EVENT","Timestamp":"1521757638.392","SerialNumber":262334,"ProcessFlags":0,"records":[{"RecordTypeCode":10002,"RecordType":"AUOMS_SYSCALL_FRAGMENT","cwd":"/","name":"/usr/bin/logger","inode":"312545","dev":"00:13","mode":"file,755","o_user":"root","ouid":"0","owner_group":"root","ogid":"0","rdev":"00:00","nametype":"NORMAL","path_name":"[\"/usr/bin/logger\",\"/lib64/ld-linux-x86-64.so.2\"]","path_nametype":"[\"NORMAL\",\"NORMAL\"]","path_mode":"[\"0100755\",\"0100755\"]","path_ouid":"[\"0\",\"0\"]","path_ogid":"[\"0\",\"0\"]","argc":"6","cmdline":"logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \""}]}])event", + R"event([1521757638.392,{"MessageType":"AUOMS_EVENT","Timestamp":"1521757638.392","SerialNumber":262332,"ProcessFlags":0,"records":[{"RecordTypeCode":14688,"RecordType":"AUOMS_EXECVE","arch":"x86_64","syscall":"execve","success":"yes","exit":"0","a0":"55d782c96198","a1":"55d782c96120","a2":"55d782c96158","a3":"1","ppid":"26595","pid":"26918","audit_user":"root","auid":"0","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"842","comm":"logger","exe":"/usr/bin/logger","key":"auoms,execve","key_r":"61756F6D7301657865637665","cwd":"/","name":"/usr/bin/logger","inode":"312545","dev":"00:13","mode":"file,755","o_user":"root","ouid":"0","owner_group":"root","ogid":"0","rdev":"00:00","nametype":"NORMAL","path_name":"[\"/usr/bin/logger\",\"/lib64/ld-linux-x86-64.so.2\"]","path_nametype":"[\"NORMAL\",\"NORMAL\"]","path_mode":"[\"0100755\",\"0100755\"]","path_ouid":"[\"0\",\"0\"]","path_ogid":"[\"0\",\"0\"]","argc":"6","cmdline":"logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \"","containerid":""}]}])event", + R"event([1521757638.392,{"MessageType":"AUOMS_EVENT","Timestamp":"1521757638.392","SerialNumber":262333,"ProcessFlags":0,"records":[{"RecordTypeCode":14688,"RecordType":"AUOMS_EXECVE","arch":"x86_64","syscall":"execve","success":"yes","exit":"0","a0":"55d782c96198","a1":"55d782c96120","a2":"55d782c96158","a3":"1","ppid":"26595","pid":"26918","audit_user":"root","auid":"0","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"842","comm":"logger","exe":"/usr/bin/logger","key":"(null)","argc":"6","cmdline":"logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \"","containerid":""}]}])event", + R"event([1521757638.392,{"MessageType":"AUOMS_EVENT","Timestamp":"1521757638.392","SerialNumber":262334,"ProcessFlags":0,"records":[{"RecordTypeCode":10002,"RecordType":"AUOMS_SYSCALL_FRAGMENT","cwd":"/","name":"/usr/bin/logger","inode":"312545","dev":"00:13","mode":"file,755","o_user":"root","ouid":"0","owner_group":"root","ogid":"0","rdev":"00:00","nametype":"NORMAL","path_name":"[\"/usr/bin/logger\",\"/lib64/ld-linux-x86-64.so.2\"]","path_nametype":"[\"NORMAL\",\"NORMAL\"]","path_mode":"[\"0100755\",\"0100755\"]","path_ouid":"[\"0\",\"0\"]","path_ogid":"[\"0\",\"0\"]","argc":"6","cmdline":"logger -t zfs-backup -p daemon.err \"zfs incremental backup of rpool/lxd failed: \"","containerid":""}]}])event", R"event([1562867403.686,{"MessageType":"AUDIT_EVENT","Timestamp":"1562867403.686","SerialNumber":4179743,"ProcessFlags":0,"records":[{"RecordTypeCode":1112,"RecordType":"USER_LOGIN","pid":"26475","user":"root","uid":"0","audit_user":"user","auid":"1000","ses":"91158","op":"login","id":"user","id_r":"1000","exe":"/usr/sbin/sshd","hostname":"131.107.147.6","addr":"131.107.147.6","terminal":"/dev/pts/0","res":"success"}]}])event", - R"event([1563459621.014,{"MessageType":"AUOMS_EVENT","Timestamp":"1563459621.014","SerialNumber":574,"ProcessFlags":0,"records":[{"RecordTypeCode":10001,"RecordType":"AUOMS_SYSCALL","arch":"x86_64","syscall":"adjtimex","success":"yes","exit":"0","a0":"7ffc9aa65d80","a1":"0","a2":"270b","a3":"7ffc9aa65e40","ppid":"1","pid":"1655","audit_user":"unset","auid":"4294967295","user":"_chrony","uid":"123","group":"_chrony","gid":"132","effective_user":"_chrony","euid":"123","set_user":"_chrony","suid":"123","filesystem_user":"_chrony","fsuid":"123","effective_group":"_chrony","egid":"132","set_group":"_chrony","sgid":"132","filesystem_group":"_chrony","fsgid":"132","tty":"(none)","ses":"-1","comm":"chronyd","exe":"/usr/sbin/chronyd","key":"time-change","key_r":"\"time-change\"","proctitle":"/usr/sbin/chronyd"}]}])event", - R"event([1563470055.872,{"MessageType":"AUOMS_EVENT","Timestamp":"1563470055.872","SerialNumber":7605215,"ProcessFlags":0,"records":[{"RecordTypeCode":14688,"RecordType":"AUOMS_EXECVE","arch":"x86_64","syscall":"execve","success":"yes","exit":"0","a0":"ad1150","a1":"ad03d0","a2":"ad0230","a3":"fc2c9fc5","ppid":"16244","pid":"91098","audit_user":"unset","auid":"4294967295","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"-1","comm":"iptables","exe":"/usr/sbin/xtables-multi","key":"auoms","key_r":"\"auoms\"","cwd":"/var/lib/waagent","name":"/usr/sbin/iptables","inode":"1579593","dev":"08:02","mode":"file,755","o_user":"root","ouid":"0","owner_group":"root","ogid":"0","rdev":"00:00","nametype":"NORMAL","path_name":"[\"/usr/sbin/iptables\",\"/lib64/ld-linux-x86-64.so.2\"]","path_nametype":"[\"NORMAL\",\"NORMAL\"]","path_mode":"[\"0100755\",\"0100755\"]","path_ouid":"[\"0\",\"0\"]","path_ogid":"[\"0\",\"0\"]","argc":"5","cmdline":"iptables -w -t security --flush"}]}])event", - R"event([1563470055.876,{"MessageType":"AUOMS_EVENT","Timestamp":"1563470055.876","SerialNumber":7605216,"ProcessFlags":0,"records":[{"RecordTypeCode":10001,"RecordType":"AUOMS_SYSCALL","arch":"x86_64","syscall":"setsockopt","success":"yes","exit":"0","a0":"4","a1":"0","a2":"40","a3":"c31600","ppid":"16244","pid":"91098","audit_user":"unset","auid":"4294967295","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"-1","comm":"iptables","exe":"/usr/sbin/xtables-multi","key":"(null)","proctitle":"/bin/sh -c \"iptables -w -t security --flush\"","NETFILTER_CFG_table":"security","NETFILTER_CFG_family":"2","NETFILTER_CFG_entries":"4"}]}])event", - R"event([1572298453.69,{"MessageType":"AUOMS_EVENT","Timestamp":"1572298453.690","SerialNumber":5717,"ProcessFlags":0,"records":[{"RecordTypeCode":10001,"RecordType":"AUOMS_SYSCALL","arch":"aarch64","syscall":"mmap","success":"yes","exit":"281129964019712","a0":"0","a1":"16a048","a2":"5","a3":"802","ppid":"1","pid":"1450","audit_user":"unset","auid":"4294967295","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"-1","comm":"agetty","exe":"/usr/sbin/agetty","key":"(null)","INTEGRITY_POLICY_RULE_unparsed_text":"IPE=ctx ( op: [execute] dmverity_verified: [false] boot_verified: [true] audit_pathname: [/usr/lib/libc-2.28.so] ) [ action = allow ] [ boot_verified = true ]"}]}])event", + R"event([1563459621.014,{"MessageType":"AUOMS_EVENT","Timestamp":"1563459621.014","SerialNumber":574,"ProcessFlags":0,"records":[{"RecordTypeCode":10001,"RecordType":"AUOMS_SYSCALL","arch":"x86_64","syscall":"adjtimex","success":"yes","exit":"0","a0":"7ffc9aa65d80","a1":"0","a2":"270b","a3":"7ffc9aa65e40","ppid":"1","pid":"1655","audit_user":"unset","auid":"4294967295","user":"_chrony","uid":"123","group":"_chrony","gid":"132","effective_user":"_chrony","euid":"123","set_user":"_chrony","suid":"123","filesystem_user":"_chrony","fsuid":"123","effective_group":"_chrony","egid":"132","set_group":"_chrony","sgid":"132","filesystem_group":"_chrony","fsgid":"132","tty":"(none)","ses":"-1","comm":"chronyd","exe":"/usr/sbin/chronyd","key":"time-change","key_r":"\"time-change\"","proctitle":"/usr/sbin/chronyd","containerid":""}]}])event", + R"event([1563470055.872,{"MessageType":"AUOMS_EVENT","Timestamp":"1563470055.872","SerialNumber":7605215,"ProcessFlags":0,"records":[{"RecordTypeCode":14688,"RecordType":"AUOMS_EXECVE","arch":"x86_64","syscall":"execve","success":"yes","exit":"0","a0":"ad1150","a1":"ad03d0","a2":"ad0230","a3":"fc2c9fc5","ppid":"16244","pid":"91098","audit_user":"unset","auid":"4294967295","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"-1","comm":"iptables","exe":"/usr/sbin/xtables-multi","key":"auoms","key_r":"\"auoms\"","cwd":"/var/lib/waagent","name":"/usr/sbin/iptables","inode":"1579593","dev":"08:02","mode":"file,755","o_user":"root","ouid":"0","owner_group":"root","ogid":"0","rdev":"00:00","nametype":"NORMAL","path_name":"[\"/usr/sbin/iptables\",\"/lib64/ld-linux-x86-64.so.2\"]","path_nametype":"[\"NORMAL\",\"NORMAL\"]","path_mode":"[\"0100755\",\"0100755\"]","path_ouid":"[\"0\",\"0\"]","path_ogid":"[\"0\",\"0\"]","argc":"5","cmdline":"iptables -w -t security --flush","containerid":""}]}])event", + R"event([1563470055.876,{"MessageType":"AUOMS_EVENT","Timestamp":"1563470055.876","SerialNumber":7605216,"ProcessFlags":0,"records":[{"RecordTypeCode":10001,"RecordType":"AUOMS_SYSCALL","arch":"x86_64","syscall":"setsockopt","success":"yes","exit":"0","a0":"4","a1":"0","a2":"40","a3":"c31600","ppid":"16244","pid":"91098","audit_user":"unset","auid":"4294967295","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"-1","comm":"iptables","exe":"/usr/sbin/xtables-multi","key":"(null)","proctitle":"/bin/sh -c \"iptables -w -t security --flush\"","NETFILTER_CFG_table":"security","NETFILTER_CFG_family":"2","NETFILTER_CFG_entries":"4","containerid":""}]}])event", + R"event([1572298453.69,{"MessageType":"AUOMS_EVENT","Timestamp":"1572298453.690","SerialNumber":5717,"ProcessFlags":0,"records":[{"RecordTypeCode":10001,"RecordType":"AUOMS_SYSCALL","arch":"aarch64","syscall":"mmap","success":"yes","exit":"281129964019712","a0":"0","a1":"16a048","a2":"5","a3":"802","ppid":"1","pid":"1450","audit_user":"unset","auid":"4294967295","user":"root","uid":"0","group":"root","gid":"0","effective_user":"root","euid":"0","set_user":"root","suid":"0","filesystem_user":"root","fsuid":"0","effective_group":"root","egid":"0","set_group":"root","sgid":"0","filesystem_group":"root","fsgid":"0","tty":"(none)","ses":"-1","comm":"agetty","exe":"/usr/sbin/agetty","key":"(null)","INTEGRITY_POLICY_RULE_unparsed_text":"IPE=ctx ( op: [execute] dmverity_verified: [false] boot_verified: [true] audit_pathname: [/usr/lib/libc-2.28.so] ) [ action = allow ] [ boot_verified = true ]","containerid":""}]}])event", }; diff --git a/TestEventQueue.h b/TestEventQueue.h index c8d5552..c2558ba 100644 --- a/TestEventQueue.h +++ b/TestEventQueue.h @@ -24,20 +24,20 @@ class TestEventQueue: public IEventBuilderAllocator { public: - virtual int Allocate(void** data, size_t size) { + virtual bool Allocate(void** data, size_t size) { _buffer.resize(size); *data = _buffer.data(); - return 1; + return true; } - virtual int Commit() { + virtual bool Commit() { _events.emplace_back(std::make_shared>(_buffer.begin(), _buffer.end())); - return 1; + return true; } - virtual int Rollback() { + virtual bool Rollback() { _buffer.resize(0); - return 1; + return true; } size_t GetEventCount() {