--- /dev/null
+/*
+ * Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef __AUDIT_TRAIL_AUDIT_LOG_STATISTICS_H__
+#define __AUDIT_TRAIL_AUDIT_LOG_STATISTICS_H__
+
+#include <algorithm>
+#include <utility>
+#include <vector>
+#include <map>
+
+template <typename T>
+class AuditLogStatistics final {
+public:
+ AuditLogStatistics() {
+ idx = size = 0;
+ sizeFlag = false;
+ table.reserve(windowSize);
+ }
+
+ void addCount(T field) {
+ if (idx == windowSize) {
+ idx = 0;
+ sizeFlag = true;
+ }
+
+ table[idx++] = field;
+ if (!sizeFlag)
+ size = idx;
+ }
+
+ std::vector<T>& getTable() {
+ sortedTable = sortTable();
+ return sortedTable;
+ }
+
+ bool isTableEmpty() {
+ return (size == 0);
+ }
+
+ bool isTableChange() {
+ if (sortedTable == sortTable())
+ return false;
+
+ return true;
+ }
+
+ void resetTable() {
+ idx = size = 0;
+ sizeFlag = false;
+ table.clear();
+ }
+
+private:
+ static bool compare(const std::pair<T, int>&left, const std::pair<T, int>&right) {
+ if (left.second != right.second)
+ return left.second > right.second;
+
+ return left.first < right.first;
+ }
+
+ std::vector<T> sortTable() {
+ std::vector<T> sortedVector;
+ std::vector<std::pair<T, int>> countingVector;
+ std::map<T, int> countingMap;
+
+ for (int i = 0; i < size; i++) {
+ if (countingMap.find(table[i]) == countingMap.end())
+ countingMap[table[i]] = 1;
+ else
+ countingMap[table[i]]++;
+ }
+
+ for (auto iter = countingMap.begin(); iter != countingMap.end(); iter++)
+ countingVector.emplace_back(std::make_pair(iter->first, iter->second));
+
+ std::sort(countingVector.begin(), countingVector.end(), compare);
+
+ for (auto iter = countingVector.begin(); iter != countingVector.end(); iter++)
+ sortedVector.emplace_back(std::move(iter->first));
+
+ return sortedVector;
+ }
+
+ std::vector<T> sortedTable;
+ const int windowSize = 1000;
+ int idx;
+ int size;
+ bool sizeFlag;
+
+ std::vector<T> table;
+};
+
+#endif //!__AUDIT_TRAIL_AUDIT_LOG_STATISTICS_H__
callback = nullptr;
}
- void addMessage(int type, const std::string &log)
+ bool addMessage(int type, const std::string &log)
{
+ bool flag = false;
builder.addMessage(type, log);
if (builder.isCompleted()) {
logs.push_back(builder.pop());
if (callback)
callback(logs.back());
+ flag = true;
}
+ return flag;
}
private:
std::vector<T> logs;
AuditLogBuilder<T> builder;
std::function<void(T&)> callback;
-
};
#endif //!__AUDIT_TRAIL_AUDIT_LOGGER_H__
int type = msg.first;
std::string log(msg.second.begin(), msg.second.end());
+ if (systemLogs.addMessage(type, log)) {
+ auto &parsedSystemLogs = systemLogs.get();
+
+ if ((parsedSystemLogs[parsedSystemLogs.size() - 1].tag.size() != 0) &&
+ (parsedSystemLogs[parsedSystemLogs.size() - 1].tag.compare("smack") != 0)) {
+ tagStatistics.addCount(parsedSystemLogs[parsedSystemLogs.size() - 1].tag);
+
+ if (parsedSystemLogs[parsedSystemLogs.size() - 1].action.systemCall != 0)
+ syscallStatistics.addCount(parsedSystemLogs[parsedSystemLogs.size() - 1].action.systemCall);
+ }
+ }
+
userLogs.addMessage(type, log);
- systemLogs.addMessage(type, log);
} catch (runtime::Exception &e) {
break;
}
instance.object.uid = std::stoul(value);
} else if (name == "ogid") {
instance.object.gid = std::stoul(value);
+ } else if (name == "key") { /* tag */
+ if (value != "(null)" && instance.tag != "smack") {
+ instance.tag = value;
+ }
}
}
instance.object.pid = std::stoul(value);
} else if (name == "ouid") {
instance.object.uid = std::stoul(value);
+ } else if (name == "key") { /* tag */
+ if (value != "(null)" && instance.tag != "smack") {
+ instance.tag = value;
+ }
}
}
instance.object.type = AuditSystemLog::ProcessObject;
const auto &name = pair.first;
const auto &value = pair.second;
- if (name == "saddr")
+ if (name == "saddr") {
instance.object.socketAddr = value;
+ } else if (name == "key") { /* tag */
+ if (value != "(null)" && instance.tag != "smack") {
+ instance.tag = value;
+ }
+ }
}
instance.object.type = AuditSystemLog::SocketObject;
}
projects / platform / core / security / audit-trail.git / commitdiff