ysrc / yulong-hids-archived Goto Github PK
View Code? Open in Web Editor NEW[archived] 一款实验性质的主机入侵检测系统
License: Other
yulong-hids-archived's People
Contributors
Stargazers
Watchers
Forkers
shellb0y neargle maliciouskr t4erg wxiaomei antime arryboom killvxk 0xa-cc unclejim lengyun123456 samueltt gongchengcheng winter-hi wilsonleeee bollwarm kenser gitsucce-zz zuoshouxu gengjf 5up3rc ecore2018 freegit9527 xjmenghuan alexaum drone789 yangdevops float001 zminjiao mrquiet dm2333 0x24bin webtest444 yaopengbo chennqqi johnnyttzhu simonliyu ccavxx lzy11332211 lyy0755 y11en sckghost xrogzu jieprince q-jone lovesec webs3c lukw00heck qqqmiracle fooying fuhei xiaoyinchong kexk binihao5bei beiman123 r00tak logonmy kyodule pandazheng jilir majl jackerzhou noshenxian ruhip zcadqe897 herewshow haoirui superqcheng freeman983 liujianqun chlins mashushu fengzihk bajief t0data zhangwei666888 traceur jijicanyu songhongbao sun123qiang123 stevenksaint ht-dep dabeike woshi56789 oksbsb sweird1 c17abab phantom3389 renecn louwangzhiyuy benderpan qsdj lanzsec anhkggfork lxm gitbotsman webshell520 ggg-geyi lordlight helloexpyulong-hids-archived's Issues
无法卸载agent
使用命令daemon -uninstall后,查看进程,还是会有daemon和agent,只有syshook_execve是卸载了
[root@localhost ~]# ps -ef | grep 192.168
root 7610 1 0 07:45 ? 00:00:00 /usr/yulong-hids/daemon -netloc 192.168.47.104
root 7616 7610 2 07:45 ? 00:04:45 /usr/yulong-hids/agent 192.168.47.104
root 8619 8578 0 11:35 pts/0 00:00:00 grep --color=auto 192.168
[root@localhost ~]# /usr/yulong-hids/daemon -uninstall
2018/11/01 11:35:20 Uninstall completed
[root@localhost ~]# ps -ef | grep 192.168
root 7610 1 0 07:45 ? 00:00:00 /usr/yulong-hids/daemon -netloc 192.168.47.104
root 7616 7610 2 07:45 ? 00:04:45 /usr/yulong-hids/agent 192.168.47.104
root 8643 8578 0 11:35 pts/0 00:00:00 grep --color=auto 192.168
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# lsmod| grep syshook_execve
[root@localhost ~]#
安装agent后,重启后无法监控进程
正常安装好agent后,此时执行python s5.py在web端看到告警(功能正常),重启后,再次执行命令发现没有告警(功能异常),手动执行agent ip debug,发现出现如下错误:
connect syshook netlink error
此时查看65530端口是open的,通过对比安装完agent和重启后的端口情况发现:重启后agent少开放了一个随机端口
刚安装完agent的端口情况(功能正常):
udp 0 0 127.0.0.1:65530 0.0.0.0:* 1780/agent
udp 0 0 0.0.0.0:59142 0.0.0.0:* 1780/agent
重启后(功能异常):
udp 0 0 127.0.0.1:65530 0.0.0.0:* 1186/agent
此现象在centos7和6.x都存在
daemon common.go文件导入包重复
import (
"crypto/tls"
"net/http"
"os"
"os/exec"
"runtime"
"strings"
"sync"
"time"
"net"
"strings"
"fmt"
"github.com/axgle/mahonia"
"github.com/kardianos/service"
)
两个strings,编译会出错
ubuntu16.04.4 加载syshook_execve后crash
在 agent insmod 引起的
Apr 12 19:25:59 test kernel: [ 148.067042] Start found sys_call_table.
Apr 12 19:25:59 test kernel: [ 148.068545] Found the sys_call_table!!! __NR_close[3] sys_close[ffffffff81210e40]
Apr 12 19:25:59 test kernel: [ 148.068545] __NR_execve[59] sct[__NR_execve][0xffffffff8184f320]
Apr 12 19:25:59 test kernel: [ 148.068602] syshook: create netlink success.
Apr 12 19:25:59 test kernel: [ 148.070779] Loading module monitor_execve, sys_call_table at ffffffff81a00200
Apr 12 19:26:01 test kernel: [ 150.712893] BUG: unable to handle kernel paging request at fffffffdc3bd36a0
Apr 12 19:26:01 test kernel: [ 150.712964] IP: [<ffffffffc06a5881>] monitor_stub_execve_hook+0x21/0x28 [syshook_execve]
Apr 12 19:26:01 test kernel: [ 150.713034] PGD 1e0f067 PUD 0
Apr 12 19:26:01 test kernel: [ 150.713067] Oops: 0000 [#1] SMP
Apr 12 19:26:01 test kernel: [ 150.713100] Modules linked in: syshook_execve(OE) xt_nat xt_tcpudp ipt_MASQUERADE nf_nat_masquerade_ipv4 xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc aufs nfnetlink_queue nfnetlink_log nfnetlink tcp_diag bluetooth inet_diag vmw_vsock_vmci_transport vsock ppdev vmw_balloon snd_ens1371 snd_ac97_codec gameport snd_rawmidi snd_seq_device ac97_bus snd_pcm snd_timer snd coretemp soundcore joydev input_leds serio_raw parport_pc 8250_fintek parport i2c_piix4 shpchp vmw_vmci mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd vmwgfx ttm drm_kms_helper syscopyarea psmouse sysfillrect sysimgblt fb_sys_fops drm mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi pata_acpi fjes
Apr 12 19:26:01 test kernel: [ 150.714242] CPU: 0 PID: 1762 Comm: bash Tainted: G OE 4.4.0-116-generic #140-Ubuntu
Apr 12 19:26:01 test kernel: [ 150.714317] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/30/2014
Apr 12 19:26:01 test kernel: [ 150.714401] task: ffff8800303d4600 ti: ffff880039d80000 task.ti: ffff880039d80000
Apr 12 19:26:01 test kernel: [ 150.714512] RIP: 0010:[<ffffffffc06a5881>] [<ffffffffc06a5881>] monitor_stub_execve_hook+0x21/0x28 [syshook_execve]
Apr 12 19:26:01 test kernel: [ 150.714703] RSP: 0018:ffff880039d83f50 EFLAGS: 00010246
Apr 12 19:26:01 test kernel: [ 150.714751] RAX: ffffffffc06a5860 RBX: 0000000001e0edc8 RCX: 0000000000000598
Apr 12 19:26:01 test kernel: [ 150.714804] RDX: 0000000001dea008 RSI: 0000000001e0ee48 RDI: 0000000001e0edc8
Apr 12 19:26:01 test kernel: [ 150.714857] RBP: 0000000000000001 R08: 00007ffd9af80a90 R09: 0000000000000000
Apr 12 19:26:01 test kernel: [ 150.714910] R10: 0000000000000598 R11: 0000000000000206 R12: 0000000001e0edc8
Apr 12 19:26:01 test kernel: [ 150.714963] R13: 0000000001e0ee48 R14: 0000000001dea008 R15: 0000000001e0ed68
Apr 12 19:26:01 test kernel: [ 150.715017] FS: 00007f98fcd8c700(0000) GS:ffff88003c600000(0000) knlGS:0000000000000000
Apr 12 19:26:01 test kernel: [ 150.716734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 12 19:26:01 test kernel: [ 150.718464] CR2: fffffffdc3bd36a0 CR3: 000000003a000000 CR4: 0000000000360670
Apr 12 19:26:01 test kernel: [ 150.720287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 12 19:26:01 test kernel: [ 150.722047] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Apr 12 19:26:01 test kernel: [ 150.723165] Stack:
Apr 12 19:26:01 test kernel: [ 150.724100] ffffffff8184efc8 00000000fc2c9fc5 00007f98fc37d0cc 0000000000000001
Apr 12 19:26:01 test kernel: [ 150.725069] 00007f98fcd8e9d8 00007f98fcd8d030 00007f98fc3863c0 0000000000000206
Apr 12 19:26:01 test kernel: [ 150.726000] 0000000000000598 0000000000000000 00007ffd9af80a90 ffffffffffffffda
Apr 12 19:26:01 test kernel: [ 150.726965] Call Trace:
Apr 12 19:26:01 test kernel: [ 150.727879] [<ffffffff8184efc8>] ? entry_SYSCALL_64_fastpath+0x1c/0xbb
Apr 12 19:26:01 test kernel: [ 150.728816] Code: e8 ae bd ae c0 e9 7b ff ff ff 53 57 56 52 51 50 41 50 41 51 41 52 41 53 e8 ad f8 ff ff 41 5b 41 5a 41 59 41 58 58 59 5a 5e 5f 5b <ff> 24 c5 a0 73 6a c0 55 48 8b 3d 08 1b 00 00 48 89 e5 e8 78 d2
Apr 12 19:26:01 test kernel: [ 150.731763] RIP [<ffffffffc06a5881>] monitor_stub_execve_hook+0x21/0x28 [syshook_execve]
Apr 12 19:26:01 test kernel: [ 150.732700] RSP <ffff880039d83f50>
Apr 12 19:26:01 test kernel: [ 150.733621] CR2: fffffffdc3bd36a0
Apr 12 19:26:01 test kernel: [ 150.734541] ---[ end trace 7e834cbd3143b047 ]---
web引导步骤生成证书报错
linux
要了下错误日志
啥时候支持es6.x?
如题,es6出来好久了
加载syshook时判断内核版本
加载syshook后出现异常
uname -r
版本为 2.6.32-696.23.1.el6.x86_64
版本与data.zip中编译好的ko并不完全一致,导致异常。编译指南中有说明版本要完全一致,但是不一定每个人都会看。
最好在代码中进行判断,如果版本不完全一致则拒绝加载syshook模块,并给出提示自行编译。
collector没有覆盖ubuntu的crontab
/agent/collect/crontab_linux.go
ubuntu的crontab在/var/spool/cron/crontabs/,这里没有覆盖到。
白名单没有生效
在告警列表中将一些进程点击加入到白名单中,以为不会在告警了,但之后几天仍然会出现在危险告警中
linux下没有hook到进程
用的是release里面data.zip带的驱动
kernel版本 Linux mt-pi.office.mos 2.6.32-431.20.3.el6.mt20140703.x86_64
insmod syshook_execve.ko
返回
insmod: error inserting 'syshook_execve.ko': -1 Unknown symbol in module
驱动无法正常加载。
点击忽略所有未处理时报错
如下为 web 的提示
2018/04/11 09:52:20 ^[[1;31m[E] [notice.go:95] Model UpdateAll E11000 duplicate key error collection: agent.notice index: ip_1_info_1_type_1_status_1_uptime_1 dup key: { : "10.2.13.2", : "/bin/bash", : "process", : 1, : null } ^[[0m
截图如下
apt update 没显示 pid
外连监控
mac的编译方式呢。。。。。
mac的编译方式呢。。。。。
cert error
[root@192 yulong]# ./server -db 192.168.136.134:27017 -es 0.0.0.0:9200
2018/05/03 17:17:03 Get Config
2018/05/03 17:17:03 {false false {[] [] [] []} {[] [] [] []} {false } {false false}}
2018/05/03 17:17:03 cert error!
GCE centos7 加载syshook后ssh连接中断
kernel版本
3.10.0-693.21.1.el7.x86_64
运行的命令
insmod syshook_3.10.0-693.ko
可稳定复现
启动web服务报403错误,无法看到面板
在开发机上编译运行web.exe,在127.0.0.1/login/可以看到登录界面,但是登录之后看不到监控面板(已在服务器上启动了MongoDB, Elasticsearch并能连接)
下面是app.config
appname = yulong-hids-analyze-dashboard
runmode = prod
sessionon = true
apihost = ""
TemplateLeft = "<<<"
TemplateRight = ">>>"
ApiVer = "json"
copyrequestbody = true
perloadcount = 500
# Alert : 1
# Critical : 2
# Error : 3
# Warning : 4
# Notice : 5
# Informational : 6
# Debug : 7
loglevel=7
# 设置hostname, 如果没设置则不会验证
# 如果设置了,只有该host可以访问web页面,多个host以逗号隔开
ylhostname = ""
# 后台登录用户名
username = "yulong"
# passwordhex为登录密码的32位md5,默认密码为(带句号): All_life_is_a_game_of_luck.
passwordhex = "0c885bb124969eead759a4c2b512ed52"
# 日志文件路径
logfile = "logs.log"
OnlyHTTPS = true
EnableHTTPS = true
EnableHttpTLS = true
HTTPSPort = 443
EnableHTTP = true
HTTPPort = 80
HTTPSCertFile = "https_cert/cert.pem"
HTTPSKeyFile = "https_cert/private.pem"
FilePath = "upload_files/"
# 是否开启二次验证,推荐开启
TwoFactorAuth = true
# base32格式的二次验证秘钥,请务必修改默认值
# 可使用命令: python2 -c "import base64, random, string;print(base64.b32encode(''.join([random.choice(string.printable) for _ in range(35)]).encode()));"
# 命令可直接生成随机秘钥,直接在 Google Authenticator app内填入秘钥即可
TwoFactorAuthKey = "IVFHGS2OGYTXIVDGEIZWCNC2MVMHYWDRK44GOQALPNJHGRS6FE2QUCT4"
[mongodb]
# mongodb url 数据库名固定为agent
# mongodb 的 ip 地址请设置内网ip,请勿设置 127.0.0.1
url = "${IDS_MONGODB_URL||mongodb://*.*.*.*:27017/agent}"
[elastic_search]
# elastic_search web接口
baseurl = "${IDS_ELASTICSEARCH_URL||http://*.*.*.*:9200/}"
忽略
忽略
centos kernel panic
centos6 centos7
内核版本
2.6.32-696.23.1.el6.x86_64
3.10.0-693.21.1.el7.x86_64
直接使用的release中的驱动。
web页面点击“统计信息”提示:“服务端响应格式错误,请检查输入是否合理”
打开web页面,登陆后点击“统计信息”提示:“服务端响应格式错误,请检查输入是否合理”。
观察模式如何关闭,不关闭的话告警去哪里查看
如题,测试的话想手工制造一些触发策略的告警,然后看看是否会被记录
win下未获取到进程
实际驱动未能加载,可能与系统不兼容sha256签名的驱动有关。
待dual sign出一个包含sha1签名的驱动再试下。
有时需要安装两次才可以成功安装
只在部分 CentOS 6.5 的机器上观察到这种情况.
第一次安装
/tmp/daemon -install -netloc xxx:443
2018/05/15 13:40:18 Download dependent environment package
2018/05/15 13:40:18 Use syshook_2.6.32-431
2018/05/15 13:40:18 Install dependency, service error: exit status 1
第二次安装
/tmp/daemon -install -netloc xxx:443
2018/05/15 13:40:22 Download Agent
2018/05/15 13:40:53 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/15 13:40:53 Agent download finished, hash check passed
2018/05/15 13:40:53 Copy the daemon to the installation directory
2018/05/15 13:40:53 Start the service
2018/05/15 13:40:53 Installed!
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
uname -r
2.6.32-431.11.2.el6.toa.2.x86_64
CentOS上安装agent时提示找不到data.zip,Linux包已上传,是什么原因?
Download dependent environment package
Install dependency, service error: open /usr/yulong-hids/data.zip: no such file or directory
首先给这个方案点赞,其次写一些问题
windows:
如下
在某些内核版本下加载驱动,会造成系统挂掉
在3.10.0-862.14.4.el7.x86_64 下,因没有驱动所以自行编译驱动并加载后,系统自动重启。编译过程中没有报错
[root@localhost test]# uname -a
Linux localhost 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]# gcc -v
使用内建 specs。
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/local/libexec/gcc/x86_64-pc-linux-gnu/7.3.0/lto-wrapper
目标:x86_64-pc-linux-gnu
配置为:../configure --enable-checking=release --enable-languages=c,c++ --disable-multilib
线程模型:posix
gcc 版本 7.3.0 (GCC)
日志:
Nov 6 16:12:59 localhost kernel: syshook_execve: loading out-of-tree module taints kernel.
Nov 6 16:12:59 localhost kernel: syshook_execve: module verification failed: signature and/or required key missing - tainting kernel
Nov 6 16:12:59 localhost kernel: Start found sys_call_table.
Nov 6 16:12:59 localhost kernel: Found the sys_call_table!!! __NR_close[3] sys_close[ffffffffa7e1e240]#12 __NR_execve[59] sct[__NR_execve][0xffffffffa8325ce0]
Nov 6 16:12:59 localhost kernel: syshook: create netlink success.
Nov 6 16:12:59 localhost kernel: Loading module monitor_execve, sys_call_table at ffffffffa8403300
Win 32位 agnet 编译出错
C:\Go\src>go build -o yulong-hids\bin\win-32\agent.exe --ldflags="-w -s" yulong
hids\agent\agent.go
yulong-hids/agent/vendor/github.com/akrennmair/gopcap
In file included from C:/WpdPack/Include/pcap/pcap.h:54:0,
from C:/WpdPack/Include/pcap.h:45,
from yulong-hids\agent\vendor\github.com\akrennmair\gopcap\pca
.go:12:
c:\mingw\include\stdio.h:345:12: error: expected '=', ',', ';', 'asm' or 'att
ibute' before '__mingw__snprintf'
extern int mingw_stdio_redirect(snprintf)(char*, size_t, const char*, ...)
^
c:\mingw\include\stdio.h:349:12: error: expected '=', ',', ';', 'asm' or 'att
ibute' before '__mingw__vsnprintf'
extern int mingw_stdio_redirect(vsnprintf)(char*, size_t, const char*, __V
LIST);
^
C:\Go\src>
告警页面显示daemon外连外部ip
除非需要接威胁情报,驭龙整套系统都没有外连ip的需求。
上图ip对应为pypi.python.org用的cdn节点,用户确实那段时间有pip install。
初步怀疑关联错了,待复现诊断。
v0.4.3 BETA 出现server异常崩溃,已经有2次了。
bufio.(*Reader).Read(0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0x60, 0x60, 0x994020)
/usr/local/go/src/bufio/bufio.go:216 +0x238
io.ReadAtLeast(0xa09080, 0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0xc, 0x2, 0xc420020a00, 0x2)
/usr/local/go/src/io/io.go:309 +0x86
io.ReadFull(0xa09080, 0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0x813f53, 0x994020, 0xc420206660)
/usr/local/go/src/io/io.go:327 +0x58
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0xc420206660, 0xa09080, 0xc42021b620, 0x0, 0x0)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/message.go:359 +0x71
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest(0xc4200f0420, 0xa0d780, 0xc4201cf200, 0xa09080, 0xc42021b620, 0xa0d780, 0xc4201cf200, 0xc4200f0420)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:335 +0x7f
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0xc4200f0420, 0xa0eac0, 0xc42055a700)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:258 +0x248
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:189 +0x1de
goroutine 37239 [select]:
net/http.(*persistConn).writeLoop(0xc4204930e0)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 37238 [IO wait]:
internal/poll.runtime_pollWait(0x7f32e32707b0, 0x72, 0xc42052f9a8)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4200ced98, 0x72, 0xffffffffffffff00, 0xa0a640, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4200ced98, 0xc4203a6000, 0x1000, 0x1000)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4200ced80, 0xc4203a6000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4200ced80, 0xc4203a6000, 0x1000, 0x1000, 0x453530, 0xc420399b00, 0x4)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42009c158, 0xc4203a6000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
net/http.(*persistConn).Read(0xc4204930e0, 0xc4203a6000, 0x1000, 0x1000, 0xc42052fb98, 0x404fa5, 0xc42019e600)
/usr/local/go/src/net/http/transport.go:1453 +0x136
bufio.(*Reader).fill(0xc4205864e0)
/usr/local/go/src/bufio/bufio.go:100 +0x11e
bufio.(*Reader).Peek(0xc4205864e0, 0x1, 0x0, 0x0, 0x1, 0xc42007c120, 0x0)
/usr/local/go/src/bufio/bufio.go:132 +0x3a
net/http.(*persistConn).readLoop(0xc4204930e0)
/usr/local/go/src/net/http/transport.go:1601 +0x185
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 37597 [runnable]:
yulong-hids/server/action.ResultStat(0xc4202e3070, 0xe, 0xc4202e3084, 0xa, 0xc4202e3096, 0x5, 0xc42000e068, 0x1, 0x1, 0xbea93c80fb68c6e4, ...)
/home/neargle/gopath/src/yulong-hids/server/action/statistics.go:34 +0x564
main.(*Watcher).PutInfo(0xc420099a60, 0xa0d780, 0xc4201ce420, 0xc4202b5260, 0xc4202e30d8, 0x0, 0x0)
/home/neargle/gopath/src/yulong-hids/server/server.go:44 +0x1c9
reflect.Value.call(0xc4200ce800, 0xc42009c260, 0x13, 0x9af758, 0x4, 0xc4204c9c50, 0x4, 0x4, 0xc4202b0040, 0x92e760, ...)
/usr/local/go/src/reflect/value.go:447 +0x969
reflect.Value.Call(0xc4200ce800, 0xc42009c260, 0x13, 0xc4204c9c50, 0x4, 0x4, 0x8b2101, 0x8b21e0, 0xc4202e30d8)
/usr/local/go/src/reflect/value.go:308 +0xa4
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*service).call(0xc42009ec80, 0xa0d780, 0xc4201ce420, 0xc4200ce880, 0x8bc2e0, 0xc4202b5260, 0x16, 0x8b21e0, 0xc4202e30d8, 0x16, ...)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/service.go:315 +0x1b5
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).handleRequest(0xc4200f0420, 0xa0d780, 0xc4201ce420, 0xc4202f50e0, 0x903420, 0xc4201ce3c0, 0xa0d780)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:387 +0x3b0
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn.func2(0xc4202f50e0, 0xa0eac0, 0xc4200d4a80, 0xa0d780, 0xc4205cf290, 0xc4200f0420)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:302 +0x17e
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:290 +0x4f4
安装agent一直报错
在kali上安装
root@kali:/tmp# ./daemon -install -netloc 192.168.84.161:443
2018/05/14 15:40:37 Download Agent
2018/05/14 15:40:46 Install agent error: Agent Download Error
root@kali:/tmp# wget -O /tmp/daemon https://192.168.84.161/json/download?type=daemon\&system=linux\&platform=64\&action=download;chmod +x /tmp/daemon;/tmp/daemon -install -netloc 192.168.84.161:443
--2018-05-14 16:49:05-- https://192.168.84.161/json/download?type=daemon&system=linux&platform=64&action=download
Connecting to 192.168.84.161:443... failed: No route to host.
后来我在本机安装
[root@localhost tmp]# ./daemon -install -netloc 127.0.0.1:443
2018/05/14 00:45:28 Download Agent
2018/05/14 00:45:29 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:46:29 Agent is broken, retry the downloader again
2018/05/14 00:46:29 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:47:29 Agent is broken, retry the downloader again
2018/05/14 00:47:29 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
[root@localhost tmp]# /tmp/daemon -install -netloc 127.0.0.1:443
2018/05/14 00:47:49 Download Agent
2018/05/14 00:47:49 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:48:49 Agent is broken, retry the downloader again
2018/05/14 00:48:49 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:49:49 Agent is broken, retry the downloader again
2018/05/14 00:49:49 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:50:49 Agent is broken, retry the downloader again
2018/05/14 00:50:49 Install agent error: Agent Download Error
找了好久问题还是找不到,服务器是没问题的,能打开啊
服务器能够正常访问,后面显示了这个
2018/05/13 18:37:37 [server.go:2921] [HTTP] http: TLS handshake error from 192.168.84.1:60451: read tcp 192.168.84.161:443->192.168.84.1:60451: read: connection reset by peer
2018/05/13 18:39:38 [h2_bundle.go:4294] [HTTP] http2: server: error reading preface from client 192.168.84.135:36746: remote error: tls: unknown certificate authority
Agent无法启动, 提示信息: exit status 127
在一台 CentOS 5.4 的机器上成功安装后服务没起来, 手动启动时发现如下提示:
./daemon -netloc xxxx:443
2018/05/15 13:52:35 Start Agent
2018/05/15 13:52:35 Start Agent successful
2018/05/15 13:52:35 Agent to exit: exit status 127
2018/05/15 13:52:35 Start the task listener thread
2018/05/15 13:52:45 Start Agent
2018/05/15 13:52:45 Start Agent successful
2018/05/15 13:52:45 Agent to exit: exit status 127
lsb_release -a
LSB Version: :core-3.1-amd64:core-3.1-ia32:core-3.1-noarch:graphics-3.1-amd64:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: CentOS
Description: CentOS release 5.4 (Final)
Release: 5.4
Codename: Final
uname -r
2.6.18-164.el5
agent在某时段内存过高引起机器异常
agent在某一时段会dir /proc并发读取打开过高,引起内存异常报警,持续大概5-10分钟左右,根据zabbix监控瞬间占用达3.5个G,应该怎么限制同时读取的并发或者限制agent使用最大使用内存?
agent安装之后再安装iis服务web标签不能自动记录
环境:win server 2008 r2
先安装了agent,而后安装的iis7.5 出现了w3wp.exe的进程,在主机的详细信息里的进程列表里也出现了w3wp.exe的进程。
但是面板的上没有对这台服务器打上web的标签。我看了下代码,如果不打web标签的话,是不会监控web目录的。
windows 可疑登陆告警信息错误问题
分析windows日志的部分可不可以单独使用
启动web报错
test
agent segment 崩溃
agent启动后segment fault,
`panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6ad0f6]
goroutine 62 [running]:
yulong-hids/agent/vendor/github.com/akrennmair/gopcap.sockaddr_to_IP(0x0, 0x0, 0x1, 0xc4203681e0, 0x0, 0x1)
/usr/local/go/src/yulong-hids/agent/vendor/github.com/akrennmair/gopcap/pcap.go:234 +0x26
yulong-hids/agent/vendor/github.com/akrennmair/gopcap.findalladdresses(0x7f88680021a0, 0x0, 0x0, 0x10)
/usr/local/go/src/yulong-hids/agent/vendor/github.com/akrennmair/gopcap/pcap.go:222 +0xbd
yulong-hids/agent/vendor/github.com/akrennmair/gopcap.Findalldevs(0xc420020400, 0x9, 0x9, 0x0, 0x0)
/usr/local/go/src/yulong-hids/agent/vendor/github.com/akrennmair/gopcap/pcap.go:208 +0x1ec
yulong-hids/agent/monitor.getPcapHandle(0xc420252120, 0xc, 0x0, 0x0, 0x0)
/usr/local/go/src/yulong-hids/agent/monitor/lib.go:73 +0x37
yulong-hids/agent/monitor.StartNetSniff(0xc4200ca720)
/usr/local/go/src/yulong-hids/agent/monitor/connection_linux.go:207 +0x4e
created by yulong-hids/agent/client.(*Agent).monitor
/usr/local/go/src/yulong-hids/agent/client/agent.go:209 +0x5c`
ifconfig结果
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.2.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 02:42:84:0f:24:bb txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.89.101.12 netmask 255.255.255.128 broadcast 10.89.101.127
ether 24:6e:96:2c:9d:20 txqueuelen 1000 (Ethernet)
RX packets 54826197140 bytes 17925574214592 (16.3 TiB)
RX errors 0 dropped 37 overruns 0 frame 0
TX packets 54952405014 bytes 17911656172103 (16.2 TiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
inet 172.17.2.0 netmask 255.255.0.0 destination 172.17.2.0
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 260154 bytes 19102156 (18.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 0 (Local Loopback)
RX packets 14128613 bytes 895492725 (854.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14128613 bytes 895492725 (854.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
server启动报错
centos7.2.15系统,web正常配置启动之后。启动./server -db mongodbIP:27017 -es elasticIP:9200 报错: 2018/04/09 17:33:19 Get Config
2018/04/09 17:33:19 {false false {[] [] [] []} {[] [] [] []} {false } {false false}}
2018/04/09 17:33:19 Start Task Thread
2018/04/09 17:33:19 cert error!
Windows server.exe error
` C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:535 +0x5a
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).readLoop(0xc04372e9a0
)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:551 +0x609
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newSocket
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:194 +0x1fc
goroutine 417 [IO wait]:
internal/poll.runtime_pollWait(0x3a80820, 0x72, 0xa16060)
C:/Go/src/runtime/netpoll.go:173 +0x5e
internal/poll.(*pollDesc).wait(0xc0420d6a08, 0x72, 0xc9d400, 0x0, 0x0)
C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2
internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc0420d6858, 0x9d7908, 0x3fb, 0xc0423ca
00d, 0xfc)
C:/Go/src/internal/poll/fd_windows.go:223 +0x13a
internal/poll.(*FD).Read(0xc0420d6840, 0xc0423ca000, 0x400, 0x400, 0x0, 0x0, 0x0
)
C:/Go/src/internal/poll/fd_windows.go:484 +0x248
net.(*netFD).Read(0xc0420d6840, 0xc0423ca000, 0x400, 0x400, 0x8, 0x8, 0x3f3)
C:/Go/src/net/fd_windows.go:151 +0x56
net.(*conn).Read(0xc04207c440, 0xc0423ca000, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/net/net.go:176 +0x71
crypto/tls.(*block).readFromUntil(0xc04282a990, 0x33a4020, 0xc04207c440, 0x5, 0x
c04207c440, 0x0)
C:/Go/src/crypto/tls/conn.go:493 +0x9d
crypto/tls.(*Conn).readRecord(0xc0423b4700, 0x9d8117, 0xc0423b4820, 0x0)
C:/Go/src/crypto/tls/conn.go:595 +0xe7
crypto/tls.(*Conn).Read(0xc0423b4700, 0xc0423ca400, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/crypto/tls/conn.go:1156 +0x107
bufio.(*Reader).Read(0xc04297b680, 0xc0488a6f80, 0xc, 0xc, 0xc042ce7cc8, 0x81bd7
e, 0x90efc0)
C:/Go/src/bufio/bufio.go:216 +0x23f
io.ReadAtLeast(0xa14ba0, 0xc04297b680, 0xc0488a6f80, 0xc, 0xc, 0xc, 0xc0448900fe
, 0x6, 0xbe)
C:/Go/src/io/io.go:309 +0x8d
io.ReadFull(0xa14ba0, 0xc04297b680, 0xc0488a6f80, 0xc, 0xc, 0x0, 0x46bb79, 0x3)
C:/Go/src/io/io.go:327 +0x5f
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0
xc04203c660, 0xa14ba0, 0xc04297b680, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/m
essage.go:359 +0x78
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest
(0xc0422c4160, 0xa18f80, 0xc04282aae0, 0xa14ba0, 0xc04297b680, 0xa18f80, 0xc0428
2aae0, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:335 +0x86
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0
xc0422c4160, 0xa1a2c0, 0xc0423b4700)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:258 +0x24f
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveListener
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:189 +0x1e5
goroutine 57002 [semacquire]:
sync.runtime_SemacquireMutex(0xc0488a7524, 0x8dd500)
C:/Go/src/runtime/sema.go:71 +0x44
sync.(*Mutex).Lock(0xc0488a7520)
C:/Go/src/sync/mutex.go:134 +0x10f
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).SimpleQuery(0xc04215a
000, 0xc04212bce0, 0x5, 0x9badfe, 0x5, 0xc0488a7510, 0xa)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:367 +0x1fd
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Database).run(0xc0421e53c0, 0xc042
15a000, 0x95a7c0, 0xc043854450, 0x8c6060, 0xc0488a74f8, 0xc0421e53f0, 0xc0438544
50)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:3261 +0x1
ae
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Database).Run(0xc0421e53c0, 0x95a7
c0, 0xc043854450, 0x8c6060, 0xc0488a74f8, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:656 +0xc2
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Query).Count(0xc042a27d00, 0x91b06
0, 0xc043854420, 0xc042a27d00)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:3970 +0x2
6d
yulong-hids/server/action.ResultStat(0xc0488a7470, 0xb, 0xc0488a7480, 0xa, 0xc04
88a7490, 0x5, 0xc04207c3c8, 0x1, 0x1, 0xbeb40f235e5f77ec, ...)
C:/Go/src/yulong-hids/server/action/statistics.go:34 +0x6fe
main.(*Watcher).PutInfo(0xc042008b88, 0xa18f80, 0xc043854390, 0xc0427a9f80, 0xc0
488a74f0, 0x0, 0x0)
C:/Go/src/yulong-hids/server/server.go:44 +0x1d0
reflect.Value.call(0xc0422da180, 0xc0420040a0, 0x13, 0x9baae6, 0x4, 0xc0421b7c50
, 0x4, 0x4, 0xc04699d080, 0x939ae0, ...)
C:/Go/src/reflect/value.go:447 +0x970
reflect.Value.Call(0xc0422da180, 0xc0420040a0, 0x13, 0xc0421b7c50, 0x4, 0x4, 0x8
bde01, 0x8bdea0, 0xc0488a74f0)
C:/Go/src/reflect/value.go:308 +0xab
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*service).call(0xc04
211e550, 0xa18f80, 0xc043854390, 0xc0422da200, 0x8c8160, 0xc0427a9f80, 0x16, 0x8
bdea0, 0xc0488a74f0, 0x16, ...)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
vice.go:315 +0x1bc
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).handleReque
st(0xc0422c4160, 0xa18f80, 0xc043854390, 0xc04214e060, 0x90efc0, 0xc043854330, 0
xa18f80)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:387 +0x3b7
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn.f
unc2(0xc04214e060, 0xa1a2c0, 0xc0420ad500, 0xa18f80, 0xc04211cc90, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:302 +0x185
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveConn
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:290 +0x4fb
goroutine 11281 [IO wait]:
internal/poll.runtime_pollWait(0x3a80680, 0x72, 0xa16060)
C:/Go/src/runtime/netpoll.go:173 +0x5e
internal/poll.(*pollDesc).wait(0xc042f8d7c8, 0x72, 0xc9d400, 0x0, 0x0)
C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2
internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc042f8d618, 0x9d7908, 0x411e72, 0xc046
b5cb60, 0x10)
C:/Go/src/internal/poll/fd_windows.go:223 +0x13a
internal/poll.(*FD).Read(0xc042f8d600, 0xc043d38000, 0x1000, 0x1000, 0x0, 0x0, 0
x0)
C:/Go/src/internal/poll/fd_windows.go:484 +0x248
net.(*netFD).Read(0xc042f8d600, 0xc043d38000, 0x1000, 0x1000, 0x452000, 0xc04213
6a80, 0x4)
C:/Go/src/net/fd_windows.go:151 +0x56
net.(*conn).Read(0xc047917630, 0xc043d38000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
C:/Go/src/net/net.go:176 +0x71
net/http.(*persistConn).Read(0xc047aa6ea0, 0xc043d38000, 0x1000, 0x1000, 0xc0463
b3b98, 0x4035c5, 0xc042044ea0)
C:/Go/src/net/http/transport.go:1453 +0x13d
bufio.(*Reader).fill(0xc04b0b33e0)
C:/Go/src/bufio/bufio.go:100 +0x125
bufio.(*Reader).Peek(0xc04b0b33e0, 0x1, 0x0, 0x0, 0x1, 0xc0422a68a0, 0x0)
C:/Go/src/bufio/bufio.go:132 +0x41
net/http.(*persistConn).readLoop(0xc047aa6ea0)
C:/Go/src/net/http/transport.go:1601 +0x18c
created by net/http.(*Transport).dialConn
C:/Go/src/net/http/transport.go:1237 +0x961
goroutine 11282 [select]:
net/http.(*persistConn).writeLoop(0xc047aa6ea0)
C:/Go/src/net/http/transport.go:1822 +0x152
created by net/http.(*Transport).dialConn
C:/Go/src/net/http/transport.go:1238 +0x986
goroutine 21116 [IO wait, 3 minutes]:
internal/poll.runtime_pollWait(0x3a809c0, 0x72, 0xa16060)
C:/Go/src/runtime/netpoll.go:173 +0x5e
internal/poll.(*pollDesc).wait(0xc042149248, 0x72, 0xc9d400, 0x0, 0x0)
C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2
internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc042149098, 0x9d7908, 0x3fb, 0xc0423ca
80d, 0x9a)
C:/Go/src/internal/poll/fd_windows.go:223 +0x13a
internal/poll.(*FD).Read(0xc042149080, 0xc0423ca800, 0x400, 0x400, 0x0, 0x0, 0x0
)
C:/Go/src/internal/poll/fd_windows.go:484 +0x248
net.(*netFD).Read(0xc042149080, 0xc0423ca800, 0x400, 0x400, 0x8, 0x8, 0x3f3)
C:/Go/src/net/fd_windows.go:151 +0x56
net.(*conn).Read(0xc04207c2d8, 0xc0423ca800, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/net/net.go:176 +0x71
crypto/tls.(*block).readFromUntil(0xc04ecf3860, 0x33a4020, 0xc04207c2d8, 0x5, 0x
c04207c2d8, 0x0)
C:/Go/src/crypto/tls/conn.go:493 +0x9d
crypto/tls.(*Conn).readRecord(0xc0420ac380, 0x9d8117, 0xc0420ac4a0, 0x0)
C:/Go/src/crypto/tls/conn.go:595 +0xe7
crypto/tls.(*Conn).Read(0xc0420ac380, 0xc0423cb400, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/crypto/tls/conn.go:1156 +0x107
bufio.(*Reader).Read(0xc0427a8480, 0xc04caa4450, 0xc, 0xc, 0xc042387cc8, 0x81bd7
e, 0x90efc0)
C:/Go/src/bufio/bufio.go:216 +0x23f
io.ReadAtLeast(0xa14ba0, 0xc0427a8480, 0xc04caa4450, 0xc, 0xc, 0xc, 0xc042838a9e
, 0x6, 0x5c)
C:/Go/src/io/io.go:309 +0x8d
io.ReadFull(0xa14ba0, 0xc0427a8480, 0xc04caa4450, 0xc, 0xc, 0x0, 0x46bb79, 0x2)
C:/Go/src/io/io.go:327 +0x5f
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0
xc04b0b24e0, 0xa14ba0, 0xc0427a8480, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/m
essage.go:359 +0x78
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest
(0xc0422c4160, 0xa18f80, 0xc04ecf3a70, 0xa14ba0, 0xc0427a8480, 0xa18f80, 0xc04ec
f3a70, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:335 +0x86
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0
xc0422c4160, 0xa1a2c0, 0xc0420ac380)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:258 +0x24f
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveListener
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:189 +0x1e5
goroutine 57001 [runnable]:
sync.runtime_SemacquireMutex(0xc043872f9c, 0x8dd500)
C:/Go/src/runtime/sema.go:71 +0x44
sync.(*Mutex).Lock(0xc043872f98)
C:/Go/src/sync/mutex.go:134 +0x10f
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).SimpleQuery(0xc04215a
000, 0xc04212fa40, 0x5, 0x9badfe, 0x5, 0xc043872fa0, 0xa)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:367 +0x1fd
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Database).run(0xc044d613c0, 0xc042
15a000, 0x95a7c0, 0xc04372bf50, 0x8c6060, 0xc043872f90, 0xc044d613f0, 0xc04372bf
50)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:3261 +0x1
ae
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Database).Run(0xc044d613c0, 0x95a7
c0, 0xc04372bf50, 0x8c6060, 0xc043872f90, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:656 +0xc2
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Query).Count(0xc04371e900, 0x91b06
0, 0xc04372bf20, 0xc04371e900)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:3970 +0x2
6d
yulong-hids/server/action.ResultStat(0xc043872f00, 0xb, 0xc043872f10, 0xa, 0xc04
3872f20, 0x5, 0xc047916270, 0x1, 0x1, 0xbeb40f235e5090b0, ...)
C:/Go/src/yulong-hids/server/action/statistics.go:34 +0x6fe
main.(*Watcher).PutInfo(0xc042008b88, 0xa18f80, 0xc04372be90, 0xc04297a3c0, 0xc0
43872f78, 0x0, 0x0)
C:/Go/src/yulong-hids/server/server.go:44 +0x1d0
reflect.Value.call(0xc0422da180, 0xc0420040a0, 0x13, 0x9baae6, 0x4, 0xc04276bc50
, 0x4, 0x4, 0xc0439c9f00, 0x939ae0, ...)
C:/Go/src/reflect/value.go:447 +0x970
reflect.Value.Call(0xc0422da180, 0xc0420040a0, 0x13, 0xc04276bc50, 0x4, 0x4, 0x8
bde01, 0x8bdea0, 0xc043872f78)
C:/Go/src/reflect/value.go:308 +0xab
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*service).call(0xc04
211e550, 0xa18f80, 0xc04372be90, 0xc0422da200, 0x8c8160, 0xc04297a3c0, 0x16, 0x8
bdea0, 0xc043872f78, 0x16, ...)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
vice.go:315 +0x1bc
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).handleReque
st(0xc0422c4160, 0xa18f80, 0xc04372be90, 0xc04d2f2ba0, 0x90efc0, 0xc04372be30, 0
xa18f80)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:387 +0x3b7
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn.f
unc2(0xc04d2f2ba0, 0xa1a2c0, 0xc0420ad500, 0xa18f80, 0xc04211cc90, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:302 +0x185
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveConn
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:290 +0x4fb
goroutine 37156 [IO wait]:
internal/poll.runtime_pollWait(0x3a80750, 0x72, 0xa16060)
C:/Go/src/runtime/netpoll.go:173 +0x5e
internal/poll.(*pollDesc).wait(0xc042007d48, 0x72, 0xc9d400, 0x0, 0x0)
C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2
internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc042007b98, 0x9d7908, 0x1ffb, 0xc04216
400d, 0xd9)
C:/Go/src/internal/poll/fd_windows.go:223 +0x13a
internal/poll.(*FD).Read(0xc042007b80, 0xc042164000, 0x2000, 0x2000, 0x0, 0x0, 0
x0)
C:/Go/src/internal/poll/fd_windows.go:484 +0x248
net.(*netFD).Read(0xc042007b80, 0xc042164000, 0x2000, 0x2000, 0x8, 0x8, 0x1ff3)
C:/Go/src/net/fd_windows.go:151 +0x56
net.(*conn).Read(0xc0430f0f58, 0xc042164000, 0x2000, 0x2000, 0x0, 0x0, 0x0)
C:/Go/src/net/net.go:176 +0x71
crypto/tls.(*block).readFromUntil(0xc0432e68d0, 0x33a4020, 0xc0430f0f58, 0x5, 0x
c0430f0f58, 0x0)
C:/Go/src/crypto/tls/conn.go:493 +0x9d
crypto/tls.(*Conn).readRecord(0xc0420ac700, 0x9d8117, 0xc0420ac820, 0x0)
C:/Go/src/crypto/tls/conn.go:595 +0xe7
crypto/tls.(*Conn).Read(0xc0420ac700, 0xc047e50000, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/crypto/tls/conn.go:1156 +0x107
bufio.(*Reader).Read(0xc045a61c20, 0xc046ca3de0, 0xc, 0xc, 0x60, 0x60, 0x99ec20)
C:/Go/src/bufio/bufio.go:216 +0x23f
io.ReadAtLeast(0xa14ba0, 0xc045a61c20, 0xc046ca3de0, 0xc, 0xc, 0xc, 0xc042ed431e
, 0x6, 0x9b)
C:/Go/src/io/io.go:309 +0x8d
io.ReadFull(0xa14ba0, 0xc045a61c20, 0xc046ca3de0, 0xc, 0xc, 0x81c82a, 0x99ec20,
0xc044f86c00)
C:/Go/src/io/io.go:327 +0x5f
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0
xc044f86c00, 0xa14ba0, 0xc045a61c20, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/m
essage.go:359 +0x78
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest
(0xc0422c4160, 0xa18f80, 0xc0432e75c0, 0xa14ba0, 0xc045a61c20, 0xa18f80, 0xc0432
e75c0, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:335 +0x86
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0
xc0422c4160, 0xa1a2c0, 0xc0420ac700)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:258 +0x24f
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveListener
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:189 +0x1e5
C:\yulong-hids>
`
运行一会儿就报错了
can process monitor support Darwin plarform?
Error compile web binary
Hello,
I compile succes, but execute is error:
`./web flag redefined: graceful
panic: ./web flag redefined: graceful
goroutine 1 [running]:
flag.(*FlagSet).Var(0xc420068120, 0xae4860, 0xdf1c91, 0xa6e982, 0x8, 0xa7ff73, 0x21)
/usr/local/go/src/flag/flag.go:810 +0x540
flag.BoolVar(0xdf1c91, 0xa6e982, 0x8, 0xc420190200, 0xa7ff73, 0x21)
/usr/local/go/src/flag/flag.go:589 +0x72
github.com/astaxie/beego/grace.init.0()
/home/exam/src/github.com/astaxie/beego/grace/grace.go:93 +0x60`
windows - server cert error
C:\hids_server>server -db 10.192.9.231:27017 -es 10.192.9.231:9200
2018/05/08 14:26:04 Get Config
2018/05/08 14:26:05 {true false {[] [] [mssecsvc.exe tasksche.exe] []} {[] []
[] []} -----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDC5AAi+XJE8whsKkB3bO1hPuApgAvvIDodReAO5GbSo73a63rc
EgIGZaWm/3EJIRvG1yXYd0dWsI1NWvuhQPvwWmegkSsvBiSUgiIBn0NxJ4K5UwAs
8ducHQKtgdXaoanOVWBIFBaiYOcsW1iPWLb3HYQgLCLrkR2z7kGFEG4VawIDAQAB
AoGBAIN0YLc2hCIHv92dnkAvo+odC/xSFzqjBS/ritbgro5TzeKVRRiduOnxtAtx
byAWSfMT+b4Jrn/FtHnB7cp117i4/z5Qp0hA/CgQJyP9HOSezHSk/gP8Yekll+dk
AdV6Lz7Hq64m6oLuBqisxgfeINXf2Pzm4SqpOnCaqrvgltG5AkEA5dAz5Rhx0PoT
OIMzkul7Bcmt9ZlAMXUivKFSTC3zANH0IZ8llXC4uVQNPBQiaSJ8S45hr4LD6pQO
I14XilW63wJBANkZFPWQ3EIwJTegOot/dgVFLWKz9aCOGamTMgjghEqu7RfyvkHW
LuoK7QUcMjZQwG0qNrxuwjQsJ8xuxEkjgvUCQEHtjcWuUpCB/VucAAKoanuJlRc9
BLZrhTCaExL5p5nXoXK3xj9t3ACGxVkz6X9BvmiqiwmfuPalzLyGtLghyf8CQQCM
ovHv7qqw+e1yLoseiTCUU28GTNwm6Ub4klFMbN1mYBFZfTgBAFYd6XwH3m8svn0Z
espAoWOPVrdleLARTT7tAkABbp0phHSfuyBweH3rCkupiLXqvsrnD03SPh/kEcz1
Pa+QBLFPmdzaBQJzHuDiAyBNcg22+rpKXPjxY6aTsfdX
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwIBAgIJAMg9QxmYuWArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTgwNTA4MDI1MTIxWhcNMjgwNTA1MDI1MTIxWjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDYXb/rdx5Z+gMK91FvE+hLngP5chvGuuM/Ttxet79mn3vQik6dGGweUyvIFPCj
HO0jh4MuK59rMnMN3h7EBU7PPuqaVAzqqp++UYCoicE8JUn41+AsC78PUiMaCVrs
UzC6neCbdGqNYLfqXKLUC3xjlt4yHB5d846FGPaPfWo37QIDAQABo1AwTjAdBgNV
HQ4EFgQUugEVVgrxDz9kDtjwLIBRRdeeiBUwHwYDVR0jBBgwFoAUugEVVgrxDz9k
DtjwLIBRRdeeiBUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBIEbjX
8J7/zCmY8B6GhZGnB+ioeXYXny8mNhlkxaoyE624VqHtslY9jKl7SxYs1Uas9ZdN
B/4kBixr3PyFc4jYmuL/M4ZxPTIDniqMzED0i3Jg3SD18QPgIEMwHCfoF49Rh3fP
flOQ67BTdEHB2x+ZRA0WYTpJQp+psUUkcpgvgA==
-----END CERTIFICATE----- {false http://127.0.0.1/api/?ip={$ip} http://127.0.0.1
/api/?hash={$hash} black} {false http://127.0.0.1/test/?text={$info} true}}
2018/05/08 14:26:05 Start heartbeat thread
2018/05/08 14:26:05 Start Task Thread
2018/05/08 14:26:05 Start Scan Thread
2018/05/08 14:26:05 Start Health Check Thread
2018/05/08 14:26:05 cert error!
mongodb和es配置应该没问题 web也初始化了 启动server的时候报错
如何更改agent 监听地址?默认在0.0.0.0 上监听一个随机端口
udp 0 0 0.0.0.0:54632 0.0.0.0:* 30178/agent
你好,客户端启动后默认会对外开放一个随机端口,如何将其限制在内网ip?
主机列表为空,agent运行正常
是需要开放那个端口和IP吗, SERVER 主动连接,还是AGENT 上报
我的主机列表没有数据
2018/07/25 11:42:54 Download dependent environment package 2018/07/25 11:42:55 Download Agent 2018/07/25 11:42:56 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f 2018/07/25 11:42:56 Agent download finished, hash check passed 2018/07/25 11:42:56 Copy the daemon to the installation directory 2018/07/25 11:42:56 Start the service 2018/07/25 11:42:56 Start service successfully 2018/07/25 11:42:56 Installed!
Agent 回传时间间隔没有生效
主机列表中每台主机的最后更新时间总是按1分钟的频率更新, 无论我在设置里将 client 的间隔设置为多少.
服务端响应格式错误,请检查输入是否合理
下午在群里提问,大佬说我配置文件有问题,以下就修改完之后的配置文件
[mongodb]
url = "${IDS_MONGODB_URL||mongodb://192.168.25.71:27017/agent}"
[elastic_search]
url = "${IDS_ELASTICSEARCH_URL||http://192.168.25.71:9200/}"
配置完之后重启web,还是显示响应格式错误
debian9 编译加载sys_hook后异常
debian9 GCE环境
cat /boot/config-uname -r | grep CONFIG_RETPOLINE
CONFIG_RETPOLINE=y
gcc-6 (6.3.0-18+deb9u1)
uname -r
4.9.0-6-amd64
insmod syshook_execve.ko
加载之后执行任意命令都返回
killed
server端总异常崩溃
部署三台agent 两个server端
ES、m都是单台部署的 按说客户端不多日志量应该不至于导致崩溃吧
我查到有其它go程序存在类似问题golang/go#18137
以下为报错日志
fatal error: concurrent map iteration and map write
goroutine 16 [running]:
runtime.throw(0x9bde28, 0x26)
/usr/local/go/src/runtime/panic.go:619 +0x81 fp=0xc420285480 sp=0xc420285460 pc=0x42b2a1
runtime.mapiternext(0xc4200ca300)
/usr/local/go/src/runtime/hashmap.go:747 +0x55c fp=0xc420285510 sp=0xc420285480 pc=0x40a48c
runtime.mapiterinit(0x903420, 0xc42028e0f0, 0xc4200ca300)
/usr/local/go/src/runtime/hashmap.go:737 +0x1f1 fp=0xc420285538 sp=0xc420285510 pc=0x409e41
reflect.mapiterinit(0x903420, 0xc42028e0f0, 0x95)
/usr/local/go/src/runtime/hashmap.go:1217 +0x54 fp=0xc420285568 sp=0xc420285538 pc=0x40b564
reflect.Value.MapKeys(0x903420, 0xc42026c0d0, 0x95, 0x0, 0xc4202856f0, 0x68b1eb)
/usr/local/go/src/reflect/value.go:1114 +0xdd fp=0xc420285610 sp=0xc420285568 pc=0x4abe2d
encoding/json.(*mapEncoder).encode(0xc42000e280, 0xc4201a00b0, 0x903420, 0xc42026c0d0, 0x95, 0x100)
/usr/local/go/src/encoding/json/encode.go:668 +0xad fp=0xc420285770 sp=0xc420285610 pc=0x5f690d
encoding/json.(*mapEncoder).(encoding/json.encode)-fm(0xc4201a00b0, 0x903420, 0xc42026c0d0, 0x95, 0x100)
/usr/local/go/src/encoding/json/encode.go:700 +0x64 fp=0xc4202857b0 sp=0xc420285770 pc=0x6007d4
encoding/json.(*structEncoder).encode(0xc42028e5a0, 0xc4201a00b0, 0x93ac80, 0xc42026c0c0, 0x99, 0x930100)
/usr/local/go/src/encoding/json/encode.go:639 +0x255 fp=0xc420285910 sp=0xc4202857b0 pc=0x5f64d5
encoding/json.(*structEncoder).(encoding/json.encode)-fm(0xc4201a00b0, 0x93ac80, 0xc42026c0c0, 0x99, 0xc420260100)
/usr/local/go/src/encoding/json/encode.go:653 +0x64 fp=0xc420285950 sp=0xc420285910 pc=0x600754
encoding/json.(*encodeState).reflectValue(0xc4201a00b0, 0x93ac80, 0xc42026c0c0, 0x99, 0x100)
/usr/local/go/src/encoding/json/encode.go:325 +0x82 fp=0xc420285988 sp=0xc420285950 pc=0x5f4332
encoding/json.(*encodeState).marshal(0xc4201a00b0, 0x93ac80, 0xc42026c0c0, 0x9b0100, 0x0, 0x0)
/usr/local/go/src/encoding/json/encode.go:298 +0xa5 fp=0xc4202859c0 sp=0xc420285988 pc=0x5f4025
encoding/json.Marshal(0x93ac80, 0xc42026c0c0, 0xc42026c1e0, 0x9b1df7, 0xc, 0x9b3795, 0x10)
/usr/local/go/src/encoding/json/encode.go:161 +0x5f fp=0xc420285a08 sp=0xc4202859c0 pc=0x5f3cbf
yulong-hids/server/vendor/github.com/olivere/elastic.(*Request).setBodyJson(0xc420526000, 0x93ac80, 0xc42026c0c0, 0xc420526000, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/request.go:58 +0x39 fp=0xc420285a68 sp=0xc420285a08 pc=0x788e89
yulong-hids/server/vendor/github.com/olivere/elastic.(*Request).SetBody(0xc420526000, 0x93ac80, 0xc42026c0c0, 0x0, 0xc420526000, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/request.go:51 +0x153 fp=0xc420285ab0 sp=0xc420285a68 pc=0x788df3
yulong-hids/server/vendor/github.com/olivere/elastic.(*Client).PerformRequest(0xc4201b2000, 0xa0d780, 0xc42009a010, 0x9af7b0, 0x4, 0xc420022240, 0x1b, 0xc42026c1b0, 0x93ac80, 0xc42026c0c0, ...)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:1257 +0xe76 fp=0xc420285cb8 sp=0xc420285ab0 pc=0x73bc46
yulong-hids/server/vendor/github.com/olivere/elastic.(*IndexService).Do(0xc420285ec0, 0xa0d780, 0xc42009a010, 0xc42026c0c0, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/index.go:267 +0x155 fp=0xc420285df0 sp=0xc420285cb8 pc=0x75b005
yulong-hids/server/models.InsertThread()
/usr/local/go/src/yulong-hids/server/models/es.go:240 +0x192 fp=0xc420285fe0 sp=0xc420285df0 pc=0x802ec2
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:2361 +0x1 fp=0xc420285fe8 sp=0xc420285fe0 pc=0x457311
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:74 +0x1d5
goroutine 1 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1fd60, 0x72, 0x0)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201ae918, 0x72, 0xc420072100, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201ae918, 0xffffffffffffff00, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Accept(0xc4201ae900, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:372 +0x1a8
net.(*netFD).accept(0xc4201ae900, 0x10, 0x0, 0x0)
/usr/local/go/src/net/fd_unix.go:238 +0x42
net.(*TCPListener).accept(0xc42000e218, 0xc4201b41c8, 0xc420287d50, 0x9a8aa0)
/usr/local/go/src/net/tcpsock_posix.go:136 +0x2e
net.(*TCPListener).Accept(0xc42000e218, 0x434544, 0xc420287c98, 0x453d70, 0xc420287cd8)
/usr/local/go/src/net/tcpsock.go:259 +0x49
crypto/tls.(*listener).Accept(0xc42024e640, 0x9cc900, 0xc4201a0160, 0xa0eb40, 0xc4200d4a80)
/usr/local/go/src/crypto/tls/tls.go:52 +0x37
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener(0xc4201a0160, 0xa0ce40, 0xc42024e640, 0x9afdb1, 0x6)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:148 +0xca
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).Serve(0xc4201a0160, 0x9af651, 0x3, 0x9afdb1, 0x6, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:127 +0xa5
main.main()
/usr/local/go/src/yulong-hids/server/server.go:87 +0x2c1
goroutine 19 [select]:
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoCluster).syncServersLoop(0xc420140000)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/cluster.go:394 +0x31a
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newCluster
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/cluster.go:78 +0x181
goroutine 54626 [select, 349 minutes]:
net/http.(*persistConn).writeLoop(0xc420390480)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 21 [sleep]:
time.Sleep(0x37e11d600)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoServer).pinger(0xc4201440e0, 0xc42009c401)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/server.go:301 +0x4b6
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newServer
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/server.go:89 +0x12d
goroutine 5 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1ff00, 0x72, 0xc4201d7d18)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4200ce198, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4200ce198, 0xc42002c000, 0x24, 0x24)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4200ce180, 0xc42002c030, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4200ce180, 0xc42002c030, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42000e018, 0xc42002c030, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.fill(0xa0ec00, 0xc42000e018, 0xc42002c030, 0x24, 0x24, 0x0, 0xda)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:535 +0x53
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).readLoop(0xc420162000)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:551 +0x602
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newSocket
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:194 +0x1f5
goroutine 6 [chan receive, 28 minutes]:
yulong-hids/server/models.esCheckThread()
/usr/local/go/src/yulong-hids/server/models/es.go:254 +0xa2
created by yulong-hids/server/models.init.0
/usr/local/go/src/yulong-hids/server/models/common.go:137 +0x2f3
goroutine 10 [select, 13 minutes]:
yulong-hids/server/vendor/github.com/olivere/elastic.(*Client).sniffer(0xc4201b2000)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:813 +0x17c
created by yulong-hids/server/vendor/github.com/olivere/elastic.NewClient
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:282 +0x7c6
goroutine 11 [select]:
yulong-hids/server/vendor/github.com/olivere/elastic.(*Client).healthchecker(0xc4201b2000)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:1000 +0x181
created by yulong-hids/server/vendor/github.com/olivere/elastic.NewClient
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:285 +0x7a2
goroutine 12 [sleep]:
time.Sleep(0x6fc23ac00)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/models.Heartbeat()
/usr/local/go/src/yulong-hids/server/models/common.go:196 +0x84
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:66 +0x175
goroutine 13 [sleep]:
time.Sleep(0x2540be400)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/action.TaskThread()
/usr/local/go/src/yulong-hids/server/action/task.go:45 +0x22c
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:68 +0x18d
goroutine 14 [chan receive]:
yulong-hids/server/safecheck.ScanMonitorThread()
/usr/local/go/src/yulong-hids/server/safecheck/check.go:292 +0x28d
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:70 +0x1a5
goroutine 15 [chan receive]:
yulong-hids/server/safecheck.firewallCheckThread()
/usr/local/go/src/yulong-hids/server/safecheck/health.go:108 +0x800
yulong-hids/server/safecheck.HealthCheckThread()
/usr/local/go/src/yulong-hids/server/safecheck/health.go:19 +0x96
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:72 +0x1bd
goroutine 28 [chan receive]:
yulong-hids/server/safecheck.ScanMonitorThread.func1()
/usr/local/go/src/yulong-hids/server/safecheck/check.go:287 +0x6c
created by yulong-hids/server/safecheck.ScanMonitorThread
/usr/local/go/src/yulong-hids/server/safecheck/check.go:285 +0x254
goroutine 29 [sleep]:
time.Sleep(0x6fc23ac00)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/safecheck.offlineCheckThread()
/usr/local/go/src/yulong-hids/server/safecheck/health.go:98 +0xc2a
created by yulong-hids/server/safecheck.HealthCheckThread
/usr/local/go/src/yulong-hids/server/safecheck/health.go:17 +0x79
goroutine 30 [sleep]:
time.Sleep(0xdf8475800)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/safecheck.cleanThread()
/usr/local/go/src/yulong-hids/server/safecheck/health.go:42 +0x39f
created by yulong-hids/server/safecheck.HealthCheckThread
/usr/local/go/src/yulong-hids/server/safecheck/health.go:18 +0x91
goroutine 31 [chan receive, 448 minutes]:
yulong-hids/server/safecheck.offlineCheckThread.func1(0xc42012ad60)
/usr/local/go/src/yulong-hids/server/safecheck/health.go:55 +0x6c
created by yulong-hids/server/safecheck.offlineCheckThread
/usr/local/go/src/yulong-hids/server/safecheck/health.go:53 +0x154
goroutine 34 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1fc90, 0x72, 0xc42050d860)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201ae998, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201ae998, 0xc42042e000, 0x2000, 0x2000)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4201ae980, 0xc42042e000, 0x2000, 0x2000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4201ae980, 0xc42042e000, 0x2000, 0x2000, 0x8, 0x8, 0x1ff3)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42000e220, 0xc42042e000, 0x2000, 0x2000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
crypto/tls.(*block).readFromUntil(0xc420161da0, 0x7f9d9807e3a0, 0xc42000e220, 0x5, 0xc42000e220, 0x0)
/usr/local/go/src/crypto/tls/conn.go:493 +0x96
crypto/tls.(*Conn).readRecord(0xc420186a80, 0x9cbf17, 0xc420186ba0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:595 +0xe0
crypto/tls.(*Conn).Read(0xc420186a80, 0xc420237000, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:1156 +0x100
bufio.(*Reader).Read(0xc4200753e0, 0xc42027c084, 0xc, 0xc, 0xc42050dcc8, 0x813507, 0x903420)
/usr/local/go/src/bufio/bufio.go:216 +0x238
io.ReadAtLeast(0xa09100, 0xc4200753e0, 0xc42027c084, 0xc, 0xc, 0xc, 0xc42012c47e, 0x6, 0xbd)
/usr/local/go/src/io/io.go:309 +0x86
io.ReadFull(0xa09100, 0xc4200753e0, 0xc42027c084, 0xc, 0xc, 0x0, 0x46d172, 0x1)
/usr/local/go/src/io/io.go:327 +0x58
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0xc4202d0060, 0xa09100, 0xc4200753e0, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/message.go:359 +0x71
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest(0xc4201a0160, 0xa0d800, 0xc420161fb0, 0xa09100, 0xc4200753e0, 0xa0d800, 0xc420161fb0, 0xc4201a0160)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:335 +0x7f
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0xc4201a0160, 0xa0eb40, 0xc420186a80)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:258 +0x248
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:189 +0x1de
goroutine 160819 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc4202ff8c0)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 88802 [select, 289 minutes]:
net/http.(*persistConn).readLoop(0xc420390240)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 73 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1faf0, 0x72, 0xc420253d18)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4200ce918, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4200ce918, 0xc42002c200, 0x24, 0x24)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4200ce900, 0xc42002c2a0, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4200ce900, 0xc42002c2a0, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42000e0f8, 0xc42002c2a0, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.fill(0xa0ec00, 0xc42000e0f8, 0xc42002c2a0, 0x24, 0x24, 0x0, 0x11)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:535 +0x53
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).readLoop(0xc420144460)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:551 +0x602
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newSocket
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:194 +0x1f5
goroutine 160735 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc42024b560)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160821 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc4202ffb00)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 88833 [select, 289 minutes]:
net/http.(*persistConn).writeLoop(0xc4202ff560)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 160785 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc4200b5560)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 473 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1fa20, 0x72, 0xc420062860)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201afb98, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201afb98, 0xc4201f8000, 0x8000, 0x8000)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4201afb80, 0xc4201f8000, 0x8000, 0x8000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4201afb80, 0xc4201f8000, 0x8000, 0x8000, 0x8, 0x8, 0x7ff3)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42009e450, 0xc4201f8000, 0x8000, 0x8000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
crypto/tls.(*block).readFromUntil(0xc42040dcb0, 0x7f9d9807e3a0, 0xc42009e450, 0x5, 0xc42009e450, 0x0)
/usr/local/go/src/crypto/tls/conn.go:493 +0x96
crypto/tls.(*Conn).readRecord(0xc4200d4380, 0x9cbf17, 0xc4200d44a0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:595 +0xe0
crypto/tls.(*Conn).Read(0xc4200d4380, 0xc4200f9000, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:1156 +0x100
bufio.(*Reader).Read(0xc42048fc80, 0xc42027cad0, 0xc, 0xc, 0xc420062cc8, 0x813507, 0x903420)
/usr/local/go/src/bufio/bufio.go:216 +0x238
io.ReadAtLeast(0xa09100, 0xc42048fc80, 0xc42027cad0, 0xc, 0xc, 0xc, 0xc42012c55e, 0x6, 0xbe)
/usr/local/go/src/io/io.go:309 +0x86
io.ReadFull(0xa09100, 0xc42048fc80, 0xc42027cad0, 0xc, 0xc, 0x0, 0x46d172, 0x1)
/usr/local/go/src/io/io.go:327 +0x58
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0xc4202a2a20, 0xa09100, 0xc42048fc80, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/message.go:359 +0x71
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest(0xc4201a0160, 0xa0d800, 0xc42040de00, 0xa09100, 0xc42048fc80, 0xa0d800, 0xc42040de00, 0xc4201a0160)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:335 +0x7f
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0xc4201a0160, 0xa0eb40, 0xc4200d4380)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:258 +0x248
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:189 +0x1de
goroutine 160760 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc420176240)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160761 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc420176240)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 160686 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc420390c60)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160736 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc42024b560)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 54593 [select, 349 minutes]:
net/http.(*persistConn).readLoop(0xc420390480)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160818 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc4202ff8c0)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 88803 [select, 289 minutes]:
net/http.(*persistConn).writeLoop(0xc420390240)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 260141 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1f7b0, 0x72, 0xc4201d9860)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201af918, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201af918, 0xc4200f8400, 0x400, 0x400)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4201af900, 0xc4200f8400, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4201af900, 0xc4200f8400, 0x400, 0x400, 0x8, 0x8, 0x3f3)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42009e358, 0xc4200f8400, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
crypto/tls.(*block).readFromUntil(0xc4202e3650, 0x7f9d9807e3a0, 0xc42009e358, 0x5, 0xc42009e358, 0x0)
/usr/local/go/src/crypto/tls/conn.go:493 +0x96
crypto/tls.(*Conn).readRecord(0xc4200d4a80, 0x9cbf17, 0xc4200d4ba0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:595 +0xe0
crypto/tls.(*Conn).Read(0xc4200d4a80, 0xc4200f9800, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:1156 +0x100
bufio.(*Reader).Read(0xc4202d1320, 0xc420202f30, 0xc, 0xc, 0xc4201d9cc8, 0x813507, 0x903420)
/usr/local/go/src/bufio/bufio.go:216 +0x238
io.ReadAtLeast(0xa09100, 0xc4202d1320, 0xc420202f30, 0xc, 0xc, 0xc, 0xc42027601e, 0x6, 0xc6)
/usr/local/go/src/io/io.go:309 +0x86
io.ReadFull(0xa09100, 0xc4202d1320, 0xc420202f30, 0xc, 0xc, 0x0, 0x46d172, 0x0)
/usr/local/go/src/io/io.go:327 +0x58
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0xc420302960, 0xa09100, 0xc4202d1320, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/message.go:359 +0x71
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest(0xc4201a0160, 0xa0d800, 0xc4202e3860, 0xa09100, 0xc4202d1320, 0xa0d800, 0xc4202e3860, 0xc4201a0160)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:335 +0x7f
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0xc4201a0160, 0xa0eb40, 0xc4200d4a80)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:258 +0x248
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:189 +0x1de
goroutine 160788 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc42024bd40)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 241293 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1f060, 0x72, 0xc4204339a8)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201afa18, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201afa18, 0xc4202fc000, 0x1000, 0x1000)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4201afa00, 0xc4202fc000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4201afa00, 0xc4202fc000, 0x1000, 0x1000, 0x453530, 0xc4201b0f00, 0x4)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42000e418, 0xc4202fc000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
net/http.(*persistConn).Read(0xc4203910e0, 0xc4202fc000, 0x1000, 0x1000, 0xc420433b98, 0x404fa5, 0xc420341620)
/usr/local/go/src/net/http/transport.go:1453 +0x136
bufio.(*Reader).fill(0xc4202d1ec0)
/usr/local/go/src/bufio/bufio.go:100 +0x11e
bufio.(*Reader).Peek(0xc4202d1ec0, 0x1, 0x0, 0x0, 0x1, 0xc420340ea0, 0x0)
/usr/local/go/src/bufio/bufio.go:132 +0x3a
net/http.(*persistConn).readLoop(0xc4203910e0)
/usr/local/go/src/net/http/transport.go:1601 +0x185
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160687 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc420390c60)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 241294 [select]:
net/http.(*persistConn).writeLoop(0xc4203910e0)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 88832 [select, 289 minutes]:
net/http.(*persistConn).readLoop(0xc4202ff560)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160786 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc4200b5560)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 160787 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc42024bd40)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160820 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc4202ffb00)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 260236 [runnable]:
yulong-hids/server/action.ResultStat(0xc42037c154, 0xc, 0xc42037c164, 0xa, 0xc42037c176, 0x5, 0xc42009e028, 0x1, 0x1, 0xbeb47de7d1447a35, ...)
/usr/local/go/src/yulong-hids/server/action/statistics.go:34 +0x564
main.(*Watcher).PutInfo(0xc420202580, 0xa0d800, 0xc42028e090, 0xc4202c6000, 0xc42037c1b8, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/server.go:44 +0x1c9
reflect.Value.call(0xc4201ae800, 0xc42000e210, 0x13, 0x9af758, 0x4, 0xc420510c50, 0x4, 0x4, 0xc420073140, 0x92e760, ...)
/usr/local/go/src/reflect/value.go:447 +0x969
reflect.Value.Call(0xc4201ae800, 0xc42000e210, 0x13, 0xc420510c50, 0x4, 0x4, 0x8b2101, 0x8b21e0, 0xc42037c1b8)
/usr/local/go/src/reflect/value.go:308 +0xa4
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*service).call(0xc42001e820, 0xa0d800, 0xc42028e090, 0xc4201ae880, 0x8bc2e0, 0xc4202c6000, 0x16, 0x8b21e0, 0xc42037c1b8, 0x16, ...)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/service.go:315 +0x1b5
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).handleRequest(0xc4201a0160, 0xa0d800, 0xc42028e090, 0xc4200cb980, 0x903420, 0xc42028e030, 0xa0d800)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:387 +0x3b0
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn.func2(0xc4200cb980, 0xa0eb40, 0xc4200d4a80, 0xa0d800, 0xc4202e3860, 0xc4201a0160)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:302 +0x17e
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:290 +0x4f4
主机信息中 userlist 会缺失部分 user
你好, 我新建用户后发现 userlist 中看不到新用户.
reload agent 过了一段时间后仍看不到, 但同时该主机的 crontab/listening/process 信息能正确更新.
我对比了另外一台机器的 /etc/passwd 和web界面中的 userlist, 发现 userlist 少了3个用户.
win10 agent无法安装
在win10上安装agent时提示“此应用无法在您的电脑上运行”
No server node available
[root@yulong-hids]# ./agent 17..*.*8 debug
2018/06/28 11:13:29 DEBUG MODE
2018/06/28 11:13:29 Web API: https://17.**.***.*8/json/serverlist
2018/06/28 11:13:29 Available server node: []
2018/06/28 11:13:59 No server node available
panic: 1
goroutine 1 [running]:
yulong-hids/agent/client.(*Agent).init(0xc4200dc370)
/usr/local/go/src/yulong-hids/agent/client/agent.go:61 +0x6cc
yulong-hids/agent/client.(*Agent).Run(0xc4200dc370)
/usr/local/go/src/yulong-hids/agent/client/agent.go:82 +0x2b
main.main()
/usr/local/go/src/yulong-hids/agent/agent.go:22 +0xb9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.