mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-28 09:41:18 +00:00
Compare commits
5 Commits
752ed2a2d9
...
e1f0a92875
Author | SHA1 | Date | |
---|---|---|---|
|
e1f0a92875 | ||
|
bd051fcc3a | ||
|
48d42a2fbd | ||
|
6a43a56b30 | ||
|
d19e3e3b8b |
@ -26,5 +26,5 @@ release: build
|
|||||||
tar czvf cg.tgz cg cg.sum
|
tar czvf cg.tgz cg cg.sum
|
||||||
rm -f cg cg.sum
|
rm -f cg cg.sum
|
||||||
git add cg.tgz
|
git add cg.tgz
|
||||||
git commit -m "cg: release"
|
# git commit -m "cg: release"
|
||||||
git push
|
# git push
|
||||||
|
BIN
tools/cg/cg.tgz
BIN
tools/cg/cg.tgz
Binary file not shown.
@ -5,8 +5,8 @@ go 1.20
|
|||||||
require (
|
require (
|
||||||
github.com/docker/docker v23.0.1+incompatible
|
github.com/docker/docker v23.0.1+incompatible
|
||||||
github.com/sirupsen/logrus v1.9.0
|
github.com/sirupsen/logrus v1.9.0
|
||||||
golang.org/x/crypto v0.6.0
|
|
||||||
golang.org/x/sys v0.5.0
|
golang.org/x/sys v0.5.0
|
||||||
|
golang.org/x/term v0.5.0
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
@ -24,7 +24,6 @@ require (
|
|||||||
github.com/stretchr/testify v1.8.1 // indirect
|
github.com/stretchr/testify v1.8.1 // indirect
|
||||||
golang.org/x/mod v0.8.0 // indirect
|
golang.org/x/mod v0.8.0 // indirect
|
||||||
golang.org/x/net v0.7.0 // indirect
|
golang.org/x/net v0.7.0 // indirect
|
||||||
golang.org/x/term v0.5.0 // indirect
|
|
||||||
golang.org/x/time v0.1.0 // indirect
|
golang.org/x/time v0.1.0 // indirect
|
||||||
golang.org/x/tools v0.6.0 // indirect
|
golang.org/x/tools v0.6.0 // indirect
|
||||||
gotest.tools/v3 v3.4.0 // indirect
|
gotest.tools/v3 v3.4.0 // indirect
|
||||||
|
@ -52,8 +52,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
|
|||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
|
|
||||||
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
|
|
||||||
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||||
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||||
golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
|
golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
|
||||||
|
@ -20,7 +20,7 @@ import (
|
|||||||
"github.com/docker/docker/api/types/filters"
|
"github.com/docker/docker/api/types/filters"
|
||||||
"github.com/docker/docker/client"
|
"github.com/docker/docker/client"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"golang.org/x/crypto/ssh/terminal"
|
"golang.org/x/term"
|
||||||
)
|
)
|
||||||
|
|
||||||
// set during compilation using ldflags
|
// set during compilation using ldflags
|
||||||
@ -47,11 +47,6 @@ func main() {
|
|||||||
ForceColors: true,
|
ForceColors: true,
|
||||||
})
|
})
|
||||||
|
|
||||||
hostname, _ := os.Hostname()
|
|
||||||
|
|
||||||
log.Infof("ContainerGuard (CG) started protecting [%v]", hostname)
|
|
||||||
log.Infof("compiled on %v from commit %v", Buildtime, Version)
|
|
||||||
|
|
||||||
// number of virtual cores
|
// number of virtual cores
|
||||||
var numCPU = runtime.NumCPU()
|
var numCPU = runtime.NumCPU()
|
||||||
// MAX_LOAD defines the maximum amount of `strain` each CPU can have
|
// MAX_LOAD defines the maximum amount of `strain` each CPU can have
|
||||||
@ -60,33 +55,24 @@ func main() {
|
|||||||
// last recorded loadavg after a trigger event
|
// last recorded loadavg after a trigger event
|
||||||
var LAST_LOAD float64 // default value 0.0
|
var LAST_LOAD float64 // default value 0.0
|
||||||
|
|
||||||
var count int
|
hostname, _ := os.Hostname()
|
||||||
|
log.Infof("started protecting [%v] (%v load)", hostname, MAX_LOAD)
|
||||||
|
log.Infof("compiled on %v from commit %v", Buildtime, Version)
|
||||||
|
|
||||||
for range time.Tick(time.Second * time.Duration(*timerFlag)) {
|
for range time.Tick(time.Second * time.Duration(*timerFlag)) {
|
||||||
|
CURRENT_LOAD := sysLoad1mAvg()
|
||||||
|
|
||||||
if sysLoad1mAvg() <= MAX_LOAD {
|
if CURRENT_LOAD <= MAX_LOAD {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// protect legitimate users
|
// if load is going down don't trigger
|
||||||
if LAST_LOAD != 0.0 { // we got a trigger event
|
if CURRENT_LOAD < LAST_LOAD {
|
||||||
// after 60s stop protecting
|
LAST_LOAD = CURRENT_LOAD
|
||||||
if count > 60 / *timerFlag {
|
|
||||||
LAST_LOAD = 0.0
|
|
||||||
count = 0
|
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if sysLoad1mAvg() <= LAST_LOAD {
|
log.Warnf("[TRIGGER] load (%.2f) on cpu (%v) higher than max_load (%v)", CURRENT_LOAD, numCPU, MAX_LOAD)
|
||||||
LAST_LOAD = sysLoad1mAvg()
|
|
||||||
count++
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
// if load doesn't go down every `timerFlag``
|
|
||||||
LAST_LOAD = 0.0 // reset
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Warnf("[TRIGGER] load (%.2f) on cpu (%v) higher than max_load (%v)", sysLoad1mAvg(), numCPU, MAX_LOAD)
|
|
||||||
|
|
||||||
// docker client
|
// docker client
|
||||||
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
|
cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
|
||||||
@ -100,7 +86,6 @@ func main() {
|
|||||||
log.Error(err)
|
log.Error(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
LAST_LOAD = sysLoad1mAvg()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -300,7 +285,7 @@ func _sendMessage(fd, message string) error {
|
|||||||
// return fmt.Errorf("%v is NOT a socket! dodging attack...", file.Name())
|
// return fmt.Errorf("%v is NOT a socket! dodging attack...", file.Name())
|
||||||
// }
|
// }
|
||||||
|
|
||||||
if !terminal.IsTerminal(int(file.Fd())) {
|
if !term.IsTerminal(int(file.Fd())) {
|
||||||
return fmt.Errorf("unable to write to %v: not a tty", file.Name())
|
return fmt.Errorf("unable to write to %v: not a tty", file.Name())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user