microsoft
/
OMS-Auditd-Plugin
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Auditd plugin that forwards audit events to OMS Agent for Linux
159 коммитов 57 Ветки 43 Теги 3,3 MiB
C++ 92.3%
Shell 3%
Python 2.1%
CMake 1.1%
Makefile 0.9%
Разное 0.6%
Перейти к файлу
Tad Glines 2c23438b5d Update for CDPx pipeline changes 2020-11-14 13:29:55 -08:00
.pipelines CDPx fixes 2020-11-13 15:46:06 -08:00
build Update for CDPx pipeline changes 2020-11-14 13:29:55 -08:00
conf/outconf.d Add Fluent event output writer to integrate AUOMS with OneAgent (#43) 2020-03-27 16:50:37 -07:00
installer Add CPULimits and fixes 2020-06-10 13:09:59 -07:00
.gitignore Add containerid to AUOMS_EXECVE recordtype events (#41) 2020-01-08 14:34:01 -08:00
AuditRules.cpp Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
AuditRules.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
AuditRulesMonitor.cpp Merge branch 'master' into taglines-v2.2 2020-06-23 11:51:07 -07:00
AuditRulesMonitor.h Merge branch 'master' into taglines-v2.2 2020-06-23 11:51:07 -07:00
AuditStatus.cpp Convert to new priority queue design 2020-04-08 13:15:21 -07:00
AuditStatus.h Convert to new priority queue design 2020-04-08 13:15:21 -07:00
CGroups.cpp Tweak cgroup logic 2020-09-08 11:21:30 -07:00
CGroups.h Tweak cgroup logic 2020-09-08 11:21:30 -07:00
CMakeLists.txt Set cgroup defaults, add some audit multicast support 2020-09-01 12:11:41 -07:00
CPULimits.cpp Tweak cgroup logic 2020-09-08 11:21:30 -07:00
CPULimits.h Set cgroup defaults, add some audit multicast support 2020-09-01 12:11:41 -07:00
Cache.h Fix RawEventAccumulator (#48) 2020-06-24 15:05:04 -07:00
CollectionMonitor.cpp Merge branch 'master' into taglines-v2.2 2020-06-23 11:51:07 -07:00
CollectionMonitor.h Merge branch 'master' into taglines-v2.2 2020-06-23 11:51:07 -07:00
Config.cpp Convert to new priority queue design 2020-04-08 13:15:21 -07:00
Config.h Tweak event prioritization logic and defaults 2020-08-27 15:21:38 -07:00
ConfigTests.cpp Initial code commit 2016-11-18 12:02:01 -08:00
Defer.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
Event.cpp Decouple Input, Prioritize Events, More Metrics 2020-05-20 13:36:02 -07:00
Event.h Fix unit tests 2020-06-10 14:12:38 -07:00
EventFilter.cpp Patched so outputs can be added and removed and ProcessTree and GLobalFiltersMask are updated each time (#40) 2020-01-07 11:42:41 -08:00
EventFilter.h Patched so outputs can be added and removed and ProcessTree and GLobalFiltersMask are updated each time (#40) 2020-01-07 11:42:41 -08:00
EventId.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
EventPrioritizer.cpp Tweak event prioritization logic and defaults 2020-08-27 15:21:38 -07:00
EventPrioritizer.h Tweak event prioritization logic and defaults 2020-08-27 15:21:38 -07:00
EventProcessorTests.cpp Merge branch 'master' into taglines-v2.2 2020-06-26 12:47:52 -07:00
EventQueue.h Decouple Input, Prioritize Events, More Metrics 2020-05-20 13:36:02 -07:00
EventTests.cpp Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
ExecUtil.cpp Convert to new priority queue design 2020-04-08 13:15:21 -07:00
ExecUtil.h Convert to new priority queue design 2020-04-08 13:15:21 -07:00
ExecveConverter.cpp Add missing copyright headers 2020-08-24 14:22:29 -07:00
ExecveConverter.h Add missing copyright headers 2020-08-24 14:22:29 -07:00
ExecveConverterTests.cpp Fix unit tests 2020-06-10 14:12:38 -07:00
FieldType.h Add missing copyright headers 2020-08-24 14:22:29 -07:00
FileUtils.cpp Add missing copyright headers 2020-08-24 14:22:29 -07:00
FileUtils.h Add missing copyright headers 2020-08-24 14:22:29 -07:00
FileWatcher.cpp Add missing copyright headers 2020-08-24 14:22:29 -07:00
FileWatcher.h Add missing copyright headers 2020-08-24 14:22:29 -07:00
FiltersEngine.cpp Patched so outputs can be added and removed and ProcessTree and GLobalFiltersMask are updated each time (#40) 2020-01-07 11:42:41 -08:00
FiltersEngine.h Patched so outputs can be added and removed and ProcessTree and GLobalFiltersMask are updated each time (#40) 2020-01-07 11:42:41 -08:00
FluentEventWriter.cpp Add Fluent event output writer to integrate AUOMS with OneAgent (#43) 2020-03-27 16:50:37 -07:00
FluentEventWriter.h Add Fluent event output writer to integrate AUOMS with OneAgent (#43) 2020-03-27 16:50:37 -07:00
FluentEventWriterTests.cpp Fix unit tests 2020-06-10 14:12:38 -07:00
Gate.h Set cgroup defaults, add some audit multicast support 2020-09-01 12:11:41 -07:00
IEventFilter.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
IEventReader.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
IEventWriter.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
IO.cpp Merge remaining release_2.1 branch bug fixes (#45) 2020-06-19 12:11:31 -07:00
IO.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
Input.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
Input.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
InputBuffer.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
Inputs.cpp Merge remaining release_2.1 branch bug fixes (#45) 2020-06-19 12:11:31 -07:00
Inputs.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
Interpret.cpp Tweak event prioritization logic and defaults 2020-08-27 15:21:38 -07:00
Interpret.h Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
JSONEventWriter.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
JSONEventWriter.h Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
KernelInfo.cpp Set cgroup defaults, add some audit multicast support 2020-09-01 12:11:41 -07:00
KernelInfo.h Set cgroup defaults, add some audit multicast support 2020-09-01 12:11:41 -07:00
LICENSE Initial code commit 2016-11-18 12:02:01 -08:00
LockFile.cpp Trigger queue reset on upgrade 2020-05-22 10:39:27 -07:00
LockFile.h Trigger queue reset on upgrade 2020-05-22 10:39:27 -07:00
Logger.cpp Merge remaining release_2.1 branch bug fixes (#45) 2020-06-19 12:11:31 -07:00
Logger.h Merge remaining release_2.1 branch bug fixes (#45) 2020-06-19 12:11:31 -07:00
MachineType.h Bug fixes and add support for arm64 (#35) 2019-08-07 07:20:30 -07:00
Metrics.cpp Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
Metrics.h Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
MsgPackEventWriter.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
MsgPackEventWriter.h Added support for receiver ack to control cursor 2017-09-29 16:25:45 -07:00
Netlink.cpp Set cgroup defaults, add some audit multicast support 2020-09-01 12:11:41 -07:00
Netlink.h Set cgroup defaults, add some audit multicast support 2020-09-01 12:11:41 -07:00
NetlinkAudit.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
OMSEventWriter.cpp Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
OMSEventWriter.h Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
OMSEventWriterTests.cpp Fix unit tests 2020-06-10 14:12:38 -07:00
OperationalStatus.cpp Add missing copyright headers 2020-08-24 14:22:29 -07:00
OperationalStatus.h Add missing copyright headers 2020-08-24 14:22:29 -07:00
Output.cpp Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
Output.h Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
OutputInputTests.cpp Merge branch 'master' into taglines-v2.2 2020-06-19 16:39:30 -07:00
Outputs.cpp Fix logging in Outputs.cpp 2020-08-26 14:55:13 -07:00
Outputs.h Convert to new priority queue design 2020-04-08 13:15:21 -07:00
PriorityQueue.cpp Fix bugs in SPSCDataQueue and PriorityQueue 2020-08-26 12:30:18 -07:00
PriorityQueue.h Tweak cursor save logic in PriorityQueue 2020-08-25 10:11:30 -07:00
PriorityQueueTests.cpp Tweak limits, fix unit test 2020-08-24 11:36:49 -07:00
ProcFilter.cpp Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
ProcFilter.h Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
ProcMetrics.cpp Tweak mem limits logic 2020-08-25 11:23:05 -07:00
ProcMetrics.h Tweak mem limits logic 2020-08-25 11:23:05 -07:00
ProcessDefines.h Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
ProcessInfo.cpp Add O_CLOEXEC to open() in ProcessInfo::read_file() 2020-09-02 09:45:36 -07:00
ProcessInfo.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
ProcessTree.cpp Improve mem metrics, clean up process tree code 2020-08-25 09:13:20 -07:00
ProcessTree.h Improve mem metrics, clean up process tree code 2020-08-25 09:13:20 -07:00
Queue.cpp Fix Queue and Event Parse bugs 2020-04-29 12:05:24 -07:00
Queue.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
QueueTests.cpp Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
README.md Update README.md 2019-08-07 07:42:05 -07:00
RawEventAccumulator.cpp Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
RawEventAccumulator.h Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
RawEventProcessor.cpp Merge branch 'master' into taglines-v2.2 2020-09-03 08:03:15 -07:00
RawEventProcessor.h Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
RawEventReader.h Merge remaining release_2.1 branch bug fixes (#45) 2020-06-19 12:11:31 -07:00
RawEventRecord.cpp Fix Queue and Event Parse bugs 2020-04-29 12:05:24 -07:00
RawEventRecord.h Fix Queue and Event Parse bugs 2020-04-29 12:05:24 -07:00
RawEventWriter.h Added support for receiver ack to control cursor 2017-09-29 16:25:45 -07:00
RecordType.h Tweak event prioritization logic and defaults 2020-08-27 15:21:38 -07:00
Retry.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
RunBase.cpp Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
RunBase.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
SPSCDataQueue.cpp Fix bugs in SPSCDataQueue and PriorityQueue 2020-08-26 12:30:18 -07:00
SPSCDataQueue.h Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
SPSCDataQueueTests.cpp Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
SchedPriority.cpp Add CPULimits and fixes 2020-06-10 13:09:59 -07:00
SchedPriority.h Add CPULimits and fixes 2020-06-10 13:09:59 -07:00
Signals.cpp Improve rule parsing, fix bugs (#28) 2019-05-09 13:34:17 -07:00
Signals.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
StdinReader.cpp Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
StdinReader.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
StdoutWriter.h Added support for receiver ack to control cursor 2017-09-29 16:25:45 -07:00
StringTable.h Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
StringTests.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
StringUtils.cpp Fix bug in InterpretSockaddrField() 2020-04-24 13:16:41 -07:00
StringUtils.h Fix bug in StringUtils.h (append_int) 2020-04-27 15:42:30 -07:00
SyscallMetrics.cpp Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
SyscallMetrics.h Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
SyslogEventWriter.cpp Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
SyslogEventWriter.h Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
SystemMetrics.cpp Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
SystemMetrics.h Add IO metrics, bug fixes 2020-08-24 10:10:32 -07:00
THIRD_PARTY_IP_NOTICE Rework plugin to support multi-home configuration 2017-05-22 04:13:32 -07:00
TempDir.cpp Eliminate compiler warnings minor build tweak. (#33) 2019-07-25 14:16:49 -07:00
TempDir.h Initial code commit 2016-11-18 12:02:01 -08:00
TempFile.cpp Eliminate compiler warnings minor build tweak. (#33) 2019-07-25 14:16:49 -07:00
TempFile.h Initial code commit 2016-11-18 12:02:01 -08:00
TestEventData.cpp Merge branch 'master' into taglines-v2.2 2020-09-03 08:03:15 -07:00
TestEventData.h Fix RawEventAccumulator (#48) 2020-06-24 15:05:04 -07:00
TestEventQueue.h Fix unit tests 2020-04-08 13:53:54 -07:00
TestEventWriter.h Add Fluent event output writer to integrate AUOMS with OneAgent (#43) 2020-03-27 16:50:37 -07:00
TextEventWriter.cpp Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
TextEventWriter.h Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
TextEventWriterConfig.cpp Add metrics collection and other changes (#36) 2019-11-21 14:55:06 -08:00
TextEventWriterConfig.h Add Fluent event output writer to integrate AUOMS with OneAgent (#43) 2020-03-27 16:50:37 -07:00
Translate.h Tweak event prioritization logic and defaults 2020-08-27 15:21:38 -07:00
TranslateArch.cpp Bug fixes and add support for arm64 (#35) 2019-08-07 07:20:30 -07:00
TranslateErrno.cpp Improve rule parsing, fix bugs (#28) 2019-05-09 13:34:17 -07:00
TranslateField.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
TranslateFieldType.cpp Kesheldr syscall filter ng (#38) 2019-10-07 15:58:47 +01:00
TranslateRecordType.cpp Tweak event prioritization logic and defaults 2020-08-27 15:21:38 -07:00
TranslateSyscall.cpp Bug fixes and add support for arm64 (#35) 2019-08-07 07:20:30 -07:00
UnixDomainListener.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
UnixDomainListener.h Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
UnixDomainWriter.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
UnixDomainWriter.h Added support for receiver ack to control cursor 2017-09-29 16:25:45 -07:00
UserDB.cpp Improve rule parsing, fix bugs (#28) 2019-05-09 13:34:17 -07:00
UserDB.h Improve rule parsing, fix bugs (#28) 2019-05-09 13:34:17 -07:00
UserDBTests.cpp Initial code commit 2016-11-18 12:02:01 -08:00
Version.cpp Add missing copyright headers 2020-08-24 14:22:29 -07:00
Version.h Add missing copyright headers 2020-08-24 14:22:29 -07:00
auoms.cpp Fix crash bug 2020-09-03 09:00:21 -07:00
auoms.version Merge branch 'master' into taglines-v2.2 2020-09-03 08:03:15 -07:00
auomscollect.cpp Fix bug in auomscollect config logic 2020-09-08 15:20:37 -07:00
auomsctl.cpp Fix minor build issue 2020-09-10 13:23:02 -07:00
fakeaudispd.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
file2sock.cpp Feature 3.0 (#27) 2019-04-30 12:06:02 -07:00
testreceiver.cpp Fix ack queue deadlock 2020-06-11 17:11:11 -07:00

README.md

OMS-Auditd-Plugin

Auditd plugin that forwards audit events to OMS Agent for Linux

Build Instructions

Env Setup

git clone https://github.com/Microsoft/pal
git clone https://github.com/microsoft/OMS-Auditd-Plugin
cd OMS-Auditd-Plugin
ROOT=$(pwd)

Build Docker images

cd build/docker
docker build -t auoms-build auoms-build
docker build -t auoms-build32 auoms-build32
cd $ROOT

Build 64bit auoms

build/run-docker-build.sh

Build 32bit auoms

build/run-docker-build.sh 32