ysrc / yulong-hids-archived Goto Github PK
View Code? Open in Web Editor NEW[archived] 一款实验性质的主机入侵检测系统
License: Other
[archived] 一款实验性质的主机入侵检测系统
License: Other
使用命令daemon -uninstall后,查看进程,还是会有daemon和agent,只有syshook_execve是卸载了
[root@localhost ~]# ps -ef | grep 192.168
root 7610 1 0 07:45 ? 00:00:00 /usr/yulong-hids/daemon -netloc 192.168.47.104
root 7616 7610 2 07:45 ? 00:04:45 /usr/yulong-hids/agent 192.168.47.104
root 8619 8578 0 11:35 pts/0 00:00:00 grep --color=auto 192.168
[root@localhost ~]# /usr/yulong-hids/daemon -uninstall
2018/11/01 11:35:20 Uninstall completed
[root@localhost ~]# ps -ef | grep 192.168
root 7610 1 0 07:45 ? 00:00:00 /usr/yulong-hids/daemon -netloc 192.168.47.104
root 7616 7610 2 07:45 ? 00:04:45 /usr/yulong-hids/agent 192.168.47.104
root 8643 8578 0 11:35 pts/0 00:00:00 grep --color=auto 192.168
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# lsmod| grep syshook_execve
[root@localhost ~]#
正常安装好agent后,此时执行python s5.py在web端看到告警(功能正常),重启后,再次执行命令发现没有告警(功能异常),手动执行agent ip debug,发现出现如下错误:
connect syshook netlink error
此时查看65530端口是open的,通过对比安装完agent和重启后的端口情况发现:重启后agent少开放了一个随机端口
刚安装完agent的端口情况(功能正常):
udp 0 0 127.0.0.1:65530 0.0.0.0:* 1780/agent
udp 0 0 0.0.0.0:59142 0.0.0.0:* 1780/agent
重启后(功能异常):
udp 0 0 127.0.0.1:65530 0.0.0.0:* 1186/agent
此现象在centos7和6.x都存在
import (
"crypto/tls"
"net/http"
"os"
"os/exec"
"runtime"
"strings"
"sync"
"time"
"net"
"strings"
"fmt"
"github.com/axgle/mahonia"
"github.com/kardianos/service"
)
两个strings,编译会出错
Apr 12 19:25:59 test kernel: [ 148.067042] Start found sys_call_table.
Apr 12 19:25:59 test kernel: [ 148.068545] Found the sys_call_table!!! __NR_close[3] sys_close[ffffffff81210e40]
Apr 12 19:25:59 test kernel: [ 148.068545] __NR_execve[59] sct[__NR_execve][0xffffffff8184f320]
Apr 12 19:25:59 test kernel: [ 148.068602] syshook: create netlink success.
Apr 12 19:25:59 test kernel: [ 148.070779] Loading module monitor_execve, sys_call_table at ffffffff81a00200
Apr 12 19:26:01 test kernel: [ 150.712893] BUG: unable to handle kernel paging request at fffffffdc3bd36a0
Apr 12 19:26:01 test kernel: [ 150.712964] IP: [<ffffffffc06a5881>] monitor_stub_execve_hook+0x21/0x28 [syshook_execve]
Apr 12 19:26:01 test kernel: [ 150.713034] PGD 1e0f067 PUD 0
Apr 12 19:26:01 test kernel: [ 150.713067] Oops: 0000 [#1] SMP
Apr 12 19:26:01 test kernel: [ 150.713100] Modules linked in: syshook_execve(OE) xt_nat xt_tcpudp ipt_MASQUERADE nf_nat_masquerade_ipv4 xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc aufs nfnetlink_queue nfnetlink_log nfnetlink tcp_diag bluetooth inet_diag vmw_vsock_vmci_transport vsock ppdev vmw_balloon snd_ens1371 snd_ac97_codec gameport snd_rawmidi snd_seq_device ac97_bus snd_pcm snd_timer snd coretemp soundcore joydev input_leds serio_raw parport_pc 8250_fintek parport i2c_piix4 shpchp vmw_vmci mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd vmwgfx ttm drm_kms_helper syscopyarea psmouse sysfillrect sysimgblt fb_sys_fops drm mptspi mptscsih ahci libahci e1000 mptbase scsi_transport_spi pata_acpi fjes
Apr 12 19:26:01 test kernel: [ 150.714242] CPU: 0 PID: 1762 Comm: bash Tainted: G OE 4.4.0-116-generic #140-Ubuntu
Apr 12 19:26:01 test kernel: [ 150.714317] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/30/2014
Apr 12 19:26:01 test kernel: [ 150.714401] task: ffff8800303d4600 ti: ffff880039d80000 task.ti: ffff880039d80000
Apr 12 19:26:01 test kernel: [ 150.714512] RIP: 0010:[<ffffffffc06a5881>] [<ffffffffc06a5881>] monitor_stub_execve_hook+0x21/0x28 [syshook_execve]
Apr 12 19:26:01 test kernel: [ 150.714703] RSP: 0018:ffff880039d83f50 EFLAGS: 00010246
Apr 12 19:26:01 test kernel: [ 150.714751] RAX: ffffffffc06a5860 RBX: 0000000001e0edc8 RCX: 0000000000000598
Apr 12 19:26:01 test kernel: [ 150.714804] RDX: 0000000001dea008 RSI: 0000000001e0ee48 RDI: 0000000001e0edc8
Apr 12 19:26:01 test kernel: [ 150.714857] RBP: 0000000000000001 R08: 00007ffd9af80a90 R09: 0000000000000000
Apr 12 19:26:01 test kernel: [ 150.714910] R10: 0000000000000598 R11: 0000000000000206 R12: 0000000001e0edc8
Apr 12 19:26:01 test kernel: [ 150.714963] R13: 0000000001e0ee48 R14: 0000000001dea008 R15: 0000000001e0ed68
Apr 12 19:26:01 test kernel: [ 150.715017] FS: 00007f98fcd8c700(0000) GS:ffff88003c600000(0000) knlGS:0000000000000000
Apr 12 19:26:01 test kernel: [ 150.716734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 12 19:26:01 test kernel: [ 150.718464] CR2: fffffffdc3bd36a0 CR3: 000000003a000000 CR4: 0000000000360670
Apr 12 19:26:01 test kernel: [ 150.720287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Apr 12 19:26:01 test kernel: [ 150.722047] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Apr 12 19:26:01 test kernel: [ 150.723165] Stack:
Apr 12 19:26:01 test kernel: [ 150.724100] ffffffff8184efc8 00000000fc2c9fc5 00007f98fc37d0cc 0000000000000001
Apr 12 19:26:01 test kernel: [ 150.725069] 00007f98fcd8e9d8 00007f98fcd8d030 00007f98fc3863c0 0000000000000206
Apr 12 19:26:01 test kernel: [ 150.726000] 0000000000000598 0000000000000000 00007ffd9af80a90 ffffffffffffffda
Apr 12 19:26:01 test kernel: [ 150.726965] Call Trace:
Apr 12 19:26:01 test kernel: [ 150.727879] [<ffffffff8184efc8>] ? entry_SYSCALL_64_fastpath+0x1c/0xbb
Apr 12 19:26:01 test kernel: [ 150.728816] Code: e8 ae bd ae c0 e9 7b ff ff ff 53 57 56 52 51 50 41 50 41 51 41 52 41 53 e8 ad f8 ff ff 41 5b 41 5a 41 59 41 58 58 59 5a 5e 5f 5b <ff> 24 c5 a0 73 6a c0 55 48 8b 3d 08 1b 00 00 48 89 e5 e8 78 d2
Apr 12 19:26:01 test kernel: [ 150.731763] RIP [<ffffffffc06a5881>] monitor_stub_execve_hook+0x21/0x28 [syshook_execve]
Apr 12 19:26:01 test kernel: [ 150.732700] RSP <ffff880039d83f50>
Apr 12 19:26:01 test kernel: [ 150.733621] CR2: fffffffdc3bd36a0
Apr 12 19:26:01 test kernel: [ 150.734541] ---[ end trace 7e834cbd3143b047 ]---
如题,es6出来好久了
加载syshook后出现异常
uname -r
版本为 2.6.32-696.23.1.el6.x86_64
版本与data.zip中编译好的ko并不完全一致,导致异常。编译指南中有说明版本要完全一致,但是不一定每个人都会看。
最好在代码中进行判断,如果版本不完全一致则拒绝加载syshook模块,并给出提示自行编译。
/agent/collect/crontab_linux.go
ubuntu的crontab在/var/spool/cron/crontabs/,这里没有覆盖到。
在告警列表中将一些进程点击加入到白名单中,以为不会在告警了,但之后几天仍然会出现在危险告警中
用的是release里面data.zip带的驱动
kernel版本 Linux mt-pi.office.mos 2.6.32-431.20.3.el6.mt20140703.x86_64
insmod syshook_execve.ko
返回
insmod: error inserting 'syshook_execve.ko': -1 Unknown symbol in module
驱动无法正常加载。
mac的编译方式呢。。。。。
[root@192 yulong]# ./server -db 192.168.136.134:27017 -es 0.0.0.0:9200
2018/05/03 17:17:03 Get Config
2018/05/03 17:17:03 {false false {[] [] [] []} {[] [] [] []} {false } {false false}}
2018/05/03 17:17:03 cert error!
在开发机上编译运行web.exe,在127.0.0.1/login/可以看到登录界面,但是登录之后看不到监控面板(已在服务器上启动了MongoDB, Elasticsearch并能连接)
下面是app.config
appname = yulong-hids-analyze-dashboard
runmode = prod
sessionon = true
apihost = ""
TemplateLeft = "<<<"
TemplateRight = ">>>"
ApiVer = "json"
copyrequestbody = true
perloadcount = 500
# Alert : 1
# Critical : 2
# Error : 3
# Warning : 4
# Notice : 5
# Informational : 6
# Debug : 7
loglevel=7
# 设置hostname, 如果没设置则不会验证
# 如果设置了,只有该host可以访问web页面,多个host以逗号隔开
ylhostname = ""
# 后台登录用户名
username = "yulong"
# passwordhex为登录密码的32位md5,默认密码为(带句号): All_life_is_a_game_of_luck.
passwordhex = "0c885bb124969eead759a4c2b512ed52"
# 日志文件路径
logfile = "logs.log"
OnlyHTTPS = true
EnableHTTPS = true
EnableHttpTLS = true
HTTPSPort = 443
EnableHTTP = true
HTTPPort = 80
HTTPSCertFile = "https_cert/cert.pem"
HTTPSKeyFile = "https_cert/private.pem"
FilePath = "upload_files/"
# 是否开启二次验证,推荐开启
TwoFactorAuth = true
# base32格式的二次验证秘钥,请务必修改默认值
# 可使用命令: python2 -c "import base64, random, string;print(base64.b32encode(''.join([random.choice(string.printable) for _ in range(35)]).encode()));"
# 命令可直接生成随机秘钥,直接在 Google Authenticator app内填入秘钥即可
TwoFactorAuthKey = "IVFHGS2OGYTXIVDGEIZWCNC2MVMHYWDRK44GOQALPNJHGRS6FE2QUCT4"
[mongodb]
# mongodb url 数据库名固定为agent
# mongodb 的 ip 地址请设置内网ip,请勿设置 127.0.0.1
url = "${IDS_MONGODB_URL||mongodb://*.*.*.*:27017/agent}"
[elastic_search]
# elastic_search web接口
baseurl = "${IDS_ELASTICSEARCH_URL||http://*.*.*.*:9200/}"
忽略
打开web页面,登陆后点击“统计信息”提示:“服务端响应格式错误,请检查输入是否合理”。
如题,测试的话想手工制造一些触发策略的告警,然后看看是否会被记录
只在部分 CentOS 6.5 的机器上观察到这种情况.
第一次安装
/tmp/daemon -install -netloc xxx:443
2018/05/15 13:40:18 Download dependent environment package
2018/05/15 13:40:18 Use syshook_2.6.32-431
2018/05/15 13:40:18 Install dependency, service error: exit status 1
第二次安装
/tmp/daemon -install -netloc xxx:443
2018/05/15 13:40:22 Download Agent
2018/05/15 13:40:53 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/15 13:40:53 Agent download finished, hash check passed
2018/05/15 13:40:53 Copy the daemon to the installation directory
2018/05/15 13:40:53 Start the service
2018/05/15 13:40:53 Installed!
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
Release: 6.5
Codename: Final
uname -r
2.6.32-431.11.2.el6.toa.2.x86_64
Download dependent environment package
Install dependency, service error: open /usr/yulong-hids/data.zip: no such file or directory
windows:
如下
在3.10.0-862.14.4.el7.x86_64 下,因没有驱动所以自行编译驱动并加载后,系统自动重启。编译过程中没有报错
[root@localhost test]# uname -a
Linux localhost 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]# gcc -v
使用内建 specs。
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/local/libexec/gcc/x86_64-pc-linux-gnu/7.3.0/lto-wrapper
目标:x86_64-pc-linux-gnu
配置为:../configure --enable-checking=release --enable-languages=c,c++ --disable-multilib
线程模型:posix
gcc 版本 7.3.0 (GCC)
日志:
Nov 6 16:12:59 localhost kernel: syshook_execve: loading out-of-tree module taints kernel.
Nov 6 16:12:59 localhost kernel: syshook_execve: module verification failed: signature and/or required key missing - tainting kernel
Nov 6 16:12:59 localhost kernel: Start found sys_call_table.
Nov 6 16:12:59 localhost kernel: Found the sys_call_table!!! __NR_close[3] sys_close[ffffffffa7e1e240]#12 __NR_execve[59] sct[__NR_execve][0xffffffffa8325ce0]
Nov 6 16:12:59 localhost kernel: syshook: create netlink success.
Nov 6 16:12:59 localhost kernel: Loading module monitor_execve, sys_call_table at ffffffffa8403300
C:\Go\src>go build -o yulong-hids\bin\win-32\agent.exe --ldflags="-w -s" yulong
hids\agent\agent.go
In file included from C:/WpdPack/Include/pcap/pcap.h:54:0,
from C:/WpdPack/Include/pcap.h:45,
from yulong-hids\agent\vendor\github.com\akrennmair\gopcap\pca
.go:12:
c:\mingw\include\stdio.h:345:12: error: expected '=', ',', ';', 'asm' or 'att
ibute' before '__mingw__snprintf'
extern int mingw_stdio_redirect(snprintf)(char*, size_t, const char*, ...)
^
c:\mingw\include\stdio.h:349:12: error: expected '=', ',', ';', 'asm' or 'att
ibute' before '__mingw__vsnprintf'
extern int mingw_stdio_redirect(vsnprintf)(char*, size_t, const char*, __V
LIST);
^
C:\Go\src>
bufio.(*Reader).Read(0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0x60, 0x60, 0x994020)
/usr/local/go/src/bufio/bufio.go:216 +0x238
io.ReadAtLeast(0xa09080, 0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0xc, 0x2, 0xc420020a00, 0x2)
/usr/local/go/src/io/io.go:309 +0x86
io.ReadFull(0xa09080, 0xc42021b620, 0xc42032a6c0, 0xc, 0xc, 0x813f53, 0x994020, 0xc420206660)
/usr/local/go/src/io/io.go:327 +0x58
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0xc420206660, 0xa09080, 0xc42021b620, 0x0, 0x0)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/message.go:359 +0x71
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest(0xc4200f0420, 0xa0d780, 0xc4201cf200, 0xa09080, 0xc42021b620, 0xa0d780, 0xc4201cf200, 0xc4200f0420)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:335 +0x7f
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0xc4200f0420, 0xa0eac0, 0xc42055a700)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:258 +0x248
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:189 +0x1de
goroutine 37239 [select]:
net/http.(*persistConn).writeLoop(0xc4204930e0)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 37238 [IO wait]:
internal/poll.runtime_pollWait(0x7f32e32707b0, 0x72, 0xc42052f9a8)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4200ced98, 0x72, 0xffffffffffffff00, 0xa0a640, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4200ced98, 0xc4203a6000, 0x1000, 0x1000)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4200ced80, 0xc4203a6000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4200ced80, 0xc4203a6000, 0x1000, 0x1000, 0x453530, 0xc420399b00, 0x4)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42009c158, 0xc4203a6000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
net/http.(*persistConn).Read(0xc4204930e0, 0xc4203a6000, 0x1000, 0x1000, 0xc42052fb98, 0x404fa5, 0xc42019e600)
/usr/local/go/src/net/http/transport.go:1453 +0x136
bufio.(*Reader).fill(0xc4205864e0)
/usr/local/go/src/bufio/bufio.go:100 +0x11e
bufio.(*Reader).Peek(0xc4205864e0, 0x1, 0x0, 0x0, 0x1, 0xc42007c120, 0x0)
/usr/local/go/src/bufio/bufio.go:132 +0x3a
net/http.(*persistConn).readLoop(0xc4204930e0)
/usr/local/go/src/net/http/transport.go:1601 +0x185
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 37597 [runnable]:
yulong-hids/server/action.ResultStat(0xc4202e3070, 0xe, 0xc4202e3084, 0xa, 0xc4202e3096, 0x5, 0xc42000e068, 0x1, 0x1, 0xbea93c80fb68c6e4, ...)
/home/neargle/gopath/src/yulong-hids/server/action/statistics.go:34 +0x564
main.(*Watcher).PutInfo(0xc420099a60, 0xa0d780, 0xc4201ce420, 0xc4202b5260, 0xc4202e30d8, 0x0, 0x0)
/home/neargle/gopath/src/yulong-hids/server/server.go:44 +0x1c9
reflect.Value.call(0xc4200ce800, 0xc42009c260, 0x13, 0x9af758, 0x4, 0xc4204c9c50, 0x4, 0x4, 0xc4202b0040, 0x92e760, ...)
/usr/local/go/src/reflect/value.go:447 +0x969
reflect.Value.Call(0xc4200ce800, 0xc42009c260, 0x13, 0xc4204c9c50, 0x4, 0x4, 0x8b2101, 0x8b21e0, 0xc4202e30d8)
/usr/local/go/src/reflect/value.go:308 +0xa4
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*service).call(0xc42009ec80, 0xa0d780, 0xc4201ce420, 0xc4200ce880, 0x8bc2e0, 0xc4202b5260, 0x16, 0x8b21e0, 0xc4202e30d8, 0x16, ...)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/service.go:315 +0x1b5
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).handleRequest(0xc4200f0420, 0xa0d780, 0xc4201ce420, 0xc4202f50e0, 0x903420, 0xc4201ce3c0, 0xa0d780)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:387 +0x3b0
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn.func2(0xc4202f50e0, 0xa0eac0, 0xc4200d4a80, 0xa0d780, 0xc4205cf290, 0xc4200f0420)
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:302 +0x17e
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn
/home/neargle/gopath/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:290 +0x4f4
在kali上安装
root@kali:/tmp# ./daemon -install -netloc 192.168.84.161:443
2018/05/14 15:40:37 Download Agent
2018/05/14 15:40:46 Install agent error: Agent Download Error
root@kali:/tmp# wget -O /tmp/daemon https://192.168.84.161/json/download?type=daemon\&system=linux\&platform=64\&action=download;chmod +x /tmp/daemon;/tmp/daemon -install -netloc 192.168.84.161:443
--2018-05-14 16:49:05-- https://192.168.84.161/json/download?type=daemon&system=linux&platform=64&action=download
Connecting to 192.168.84.161:443... failed: No route to host.
后来我在本机安装
[root@localhost tmp]# ./daemon -install -netloc 127.0.0.1:443
2018/05/14 00:45:28 Download Agent
2018/05/14 00:45:29 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:46:29 Agent is broken, retry the downloader again
2018/05/14 00:46:29 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:47:29 Agent is broken, retry the downloader again
2018/05/14 00:47:29 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
[root@localhost tmp]# /tmp/daemon -install -netloc 127.0.0.1:443
2018/05/14 00:47:49 Download Agent
2018/05/14 00:47:49 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:48:49 Agent is broken, retry the downloader again
2018/05/14 00:48:49 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:49:49 Agent is broken, retry the downloader again
2018/05/14 00:49:49 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f
2018/05/14 00:50:49 Agent is broken, retry the downloader again
2018/05/14 00:50:49 Install agent error: Agent Download Error
找了好久问题还是找不到,服务器是没问题的,能打开啊
服务器能够正常访问,后面显示了这个
2018/05/13 18:37:37 [server.go:2921] [HTTP] http: TLS handshake error from 192.168.84.1:60451: read tcp 192.168.84.161:443->192.168.84.1:60451: read: connection reset by peer
2018/05/13 18:39:38 [h2_bundle.go:4294] [HTTP] http2: server: error reading preface from client 192.168.84.135:36746: remote error: tls: unknown certificate authority
在一台 CentOS 5.4 的机器上成功安装后服务没起来, 手动启动时发现如下提示:
./daemon -netloc xxxx:443
2018/05/15 13:52:35 Start Agent
2018/05/15 13:52:35 Start Agent successful
2018/05/15 13:52:35 Agent to exit: exit status 127
2018/05/15 13:52:35 Start the task listener thread
2018/05/15 13:52:45 Start Agent
2018/05/15 13:52:45 Start Agent successful
2018/05/15 13:52:45 Agent to exit: exit status 127
lsb_release -a
LSB Version: :core-3.1-amd64:core-3.1-ia32:core-3.1-noarch:graphics-3.1-amd64:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: CentOS
Description: CentOS release 5.4 (Final)
Release: 5.4
Codename: Final
uname -r
2.6.18-164.el5
agent在某一时段会dir /proc并发读取打开过高,引起内存异常报警,持续大概5-10分钟左右,根据zabbix监控瞬间占用达3.5个G,应该怎么限制同时读取的并发或者限制agent使用最大使用内存?
环境:win server 2008 r2
先安装了agent,而后安装的iis7.5 出现了w3wp.exe的进程,在主机的详细信息里的进程列表里也出现了w3wp.exe的进程。
但是面板的上没有对这台服务器打上web的标签。我看了下代码,如果不打web标签的话,是不会监控web目录的。
test
agent启动后segment fault,
`panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x6ad0f6]
goroutine 62 [running]:
yulong-hids/agent/vendor/github.com/akrennmair/gopcap.sockaddr_to_IP(0x0, 0x0, 0x1, 0xc4203681e0, 0x0, 0x1)
/usr/local/go/src/yulong-hids/agent/vendor/github.com/akrennmair/gopcap/pcap.go:234 +0x26
yulong-hids/agent/vendor/github.com/akrennmair/gopcap.findalladdresses(0x7f88680021a0, 0x0, 0x0, 0x10)
/usr/local/go/src/yulong-hids/agent/vendor/github.com/akrennmair/gopcap/pcap.go:222 +0xbd
yulong-hids/agent/vendor/github.com/akrennmair/gopcap.Findalldevs(0xc420020400, 0x9, 0x9, 0x0, 0x0)
/usr/local/go/src/yulong-hids/agent/vendor/github.com/akrennmair/gopcap/pcap.go:208 +0x1ec
yulong-hids/agent/monitor.getPcapHandle(0xc420252120, 0xc, 0x0, 0x0, 0x0)
/usr/local/go/src/yulong-hids/agent/monitor/lib.go:73 +0x37
yulong-hids/agent/monitor.StartNetSniff(0xc4200ca720)
/usr/local/go/src/yulong-hids/agent/monitor/connection_linux.go:207 +0x4e
created by yulong-hids/agent/client.(*Agent).monitor
/usr/local/go/src/yulong-hids/agent/client/agent.go:209 +0x5c`
ifconfig结果
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.2.1 netmask 255.255.255.0 broadcast 0.0.0.0
ether 02:42:84:0f:24:bb txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.89.101.12 netmask 255.255.255.128 broadcast 10.89.101.127
ether 24:6e:96:2c:9d:20 txqueuelen 1000 (Ethernet)
RX packets 54826197140 bytes 17925574214592 (16.3 TiB)
RX errors 0 dropped 37 overruns 0 frame 0
TX packets 54952405014 bytes 17911656172103 (16.2 TiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
flannel0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1472
inet 172.17.2.0 netmask 255.255.0.0 destination 172.17.2.0
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 260154 bytes 19102156 (18.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 0 (Local Loopback)
RX packets 14128613 bytes 895492725 (854.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14128613 bytes 895492725 (854.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
centos7.2.15系统,web正常配置启动之后。启动./server -db mongodbIP:27017 -es elasticIP:9200 报错: 2018/04/09 17:33:19 Get Config
2018/04/09 17:33:19 {false false {[] [] [] []} {[] [] [] []} {false } {false false}}
2018/04/09 17:33:19 Start Task Thread
2018/04/09 17:33:19 cert error!
` C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:535 +0x5a
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).readLoop(0xc04372e9a0
)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:551 +0x609
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newSocket
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:194 +0x1fc
goroutine 417 [IO wait]:
internal/poll.runtime_pollWait(0x3a80820, 0x72, 0xa16060)
C:/Go/src/runtime/netpoll.go:173 +0x5e
internal/poll.(*pollDesc).wait(0xc0420d6a08, 0x72, 0xc9d400, 0x0, 0x0)
C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2
internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc0420d6858, 0x9d7908, 0x3fb, 0xc0423ca
00d, 0xfc)
C:/Go/src/internal/poll/fd_windows.go:223 +0x13a
internal/poll.(*FD).Read(0xc0420d6840, 0xc0423ca000, 0x400, 0x400, 0x0, 0x0, 0x0
)
C:/Go/src/internal/poll/fd_windows.go:484 +0x248
net.(*netFD).Read(0xc0420d6840, 0xc0423ca000, 0x400, 0x400, 0x8, 0x8, 0x3f3)
C:/Go/src/net/fd_windows.go:151 +0x56
net.(*conn).Read(0xc04207c440, 0xc0423ca000, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/net/net.go:176 +0x71
crypto/tls.(*block).readFromUntil(0xc04282a990, 0x33a4020, 0xc04207c440, 0x5, 0x
c04207c440, 0x0)
C:/Go/src/crypto/tls/conn.go:493 +0x9d
crypto/tls.(*Conn).readRecord(0xc0423b4700, 0x9d8117, 0xc0423b4820, 0x0)
C:/Go/src/crypto/tls/conn.go:595 +0xe7
crypto/tls.(*Conn).Read(0xc0423b4700, 0xc0423ca400, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/crypto/tls/conn.go:1156 +0x107
bufio.(*Reader).Read(0xc04297b680, 0xc0488a6f80, 0xc, 0xc, 0xc042ce7cc8, 0x81bd7
e, 0x90efc0)
C:/Go/src/bufio/bufio.go:216 +0x23f
io.ReadAtLeast(0xa14ba0, 0xc04297b680, 0xc0488a6f80, 0xc, 0xc, 0xc, 0xc0448900fe
, 0x6, 0xbe)
C:/Go/src/io/io.go:309 +0x8d
io.ReadFull(0xa14ba0, 0xc04297b680, 0xc0488a6f80, 0xc, 0xc, 0x0, 0x46bb79, 0x3)
C:/Go/src/io/io.go:327 +0x5f
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0
xc04203c660, 0xa14ba0, 0xc04297b680, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/m
essage.go:359 +0x78
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest
(0xc0422c4160, 0xa18f80, 0xc04282aae0, 0xa14ba0, 0xc04297b680, 0xa18f80, 0xc0428
2aae0, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:335 +0x86
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0
xc0422c4160, 0xa1a2c0, 0xc0423b4700)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:258 +0x24f
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveListener
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:189 +0x1e5
goroutine 57002 [semacquire]:
sync.runtime_SemacquireMutex(0xc0488a7524, 0x8dd500)
C:/Go/src/runtime/sema.go:71 +0x44
sync.(*Mutex).Lock(0xc0488a7520)
C:/Go/src/sync/mutex.go:134 +0x10f
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).SimpleQuery(0xc04215a
000, 0xc04212bce0, 0x5, 0x9badfe, 0x5, 0xc0488a7510, 0xa)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:367 +0x1fd
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Database).run(0xc0421e53c0, 0xc042
15a000, 0x95a7c0, 0xc043854450, 0x8c6060, 0xc0488a74f8, 0xc0421e53f0, 0xc0438544
50)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:3261 +0x1
ae
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Database).Run(0xc0421e53c0, 0x95a7
c0, 0xc043854450, 0x8c6060, 0xc0488a74f8, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:656 +0xc2
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Query).Count(0xc042a27d00, 0x91b06
0, 0xc043854420, 0xc042a27d00)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:3970 +0x2
6d
yulong-hids/server/action.ResultStat(0xc0488a7470, 0xb, 0xc0488a7480, 0xa, 0xc04
88a7490, 0x5, 0xc04207c3c8, 0x1, 0x1, 0xbeb40f235e5f77ec, ...)
C:/Go/src/yulong-hids/server/action/statistics.go:34 +0x6fe
main.(*Watcher).PutInfo(0xc042008b88, 0xa18f80, 0xc043854390, 0xc0427a9f80, 0xc0
488a74f0, 0x0, 0x0)
C:/Go/src/yulong-hids/server/server.go:44 +0x1d0
reflect.Value.call(0xc0422da180, 0xc0420040a0, 0x13, 0x9baae6, 0x4, 0xc0421b7c50
, 0x4, 0x4, 0xc04699d080, 0x939ae0, ...)
C:/Go/src/reflect/value.go:447 +0x970
reflect.Value.Call(0xc0422da180, 0xc0420040a0, 0x13, 0xc0421b7c50, 0x4, 0x4, 0x8
bde01, 0x8bdea0, 0xc0488a74f0)
C:/Go/src/reflect/value.go:308 +0xab
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*service).call(0xc04
211e550, 0xa18f80, 0xc043854390, 0xc0422da200, 0x8c8160, 0xc0427a9f80, 0x16, 0x8
bdea0, 0xc0488a74f0, 0x16, ...)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
vice.go:315 +0x1bc
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).handleReque
st(0xc0422c4160, 0xa18f80, 0xc043854390, 0xc04214e060, 0x90efc0, 0xc043854330, 0
xa18f80)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:387 +0x3b7
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn.f
unc2(0xc04214e060, 0xa1a2c0, 0xc0420ad500, 0xa18f80, 0xc04211cc90, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:302 +0x185
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveConn
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:290 +0x4fb
goroutine 11281 [IO wait]:
internal/poll.runtime_pollWait(0x3a80680, 0x72, 0xa16060)
C:/Go/src/runtime/netpoll.go:173 +0x5e
internal/poll.(*pollDesc).wait(0xc042f8d7c8, 0x72, 0xc9d400, 0x0, 0x0)
C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2
internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc042f8d618, 0x9d7908, 0x411e72, 0xc046
b5cb60, 0x10)
C:/Go/src/internal/poll/fd_windows.go:223 +0x13a
internal/poll.(*FD).Read(0xc042f8d600, 0xc043d38000, 0x1000, 0x1000, 0x0, 0x0, 0
x0)
C:/Go/src/internal/poll/fd_windows.go:484 +0x248
net.(*netFD).Read(0xc042f8d600, 0xc043d38000, 0x1000, 0x1000, 0x452000, 0xc04213
6a80, 0x4)
C:/Go/src/net/fd_windows.go:151 +0x56
net.(*conn).Read(0xc047917630, 0xc043d38000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
C:/Go/src/net/net.go:176 +0x71
net/http.(*persistConn).Read(0xc047aa6ea0, 0xc043d38000, 0x1000, 0x1000, 0xc0463
b3b98, 0x4035c5, 0xc042044ea0)
C:/Go/src/net/http/transport.go:1453 +0x13d
bufio.(*Reader).fill(0xc04b0b33e0)
C:/Go/src/bufio/bufio.go:100 +0x125
bufio.(*Reader).Peek(0xc04b0b33e0, 0x1, 0x0, 0x0, 0x1, 0xc0422a68a0, 0x0)
C:/Go/src/bufio/bufio.go:132 +0x41
net/http.(*persistConn).readLoop(0xc047aa6ea0)
C:/Go/src/net/http/transport.go:1601 +0x18c
created by net/http.(*Transport).dialConn
C:/Go/src/net/http/transport.go:1237 +0x961
goroutine 11282 [select]:
net/http.(*persistConn).writeLoop(0xc047aa6ea0)
C:/Go/src/net/http/transport.go:1822 +0x152
created by net/http.(*Transport).dialConn
C:/Go/src/net/http/transport.go:1238 +0x986
goroutine 21116 [IO wait, 3 minutes]:
internal/poll.runtime_pollWait(0x3a809c0, 0x72, 0xa16060)
C:/Go/src/runtime/netpoll.go:173 +0x5e
internal/poll.(*pollDesc).wait(0xc042149248, 0x72, 0xc9d400, 0x0, 0x0)
C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2
internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc042149098, 0x9d7908, 0x3fb, 0xc0423ca
80d, 0x9a)
C:/Go/src/internal/poll/fd_windows.go:223 +0x13a
internal/poll.(*FD).Read(0xc042149080, 0xc0423ca800, 0x400, 0x400, 0x0, 0x0, 0x0
)
C:/Go/src/internal/poll/fd_windows.go:484 +0x248
net.(*netFD).Read(0xc042149080, 0xc0423ca800, 0x400, 0x400, 0x8, 0x8, 0x3f3)
C:/Go/src/net/fd_windows.go:151 +0x56
net.(*conn).Read(0xc04207c2d8, 0xc0423ca800, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/net/net.go:176 +0x71
crypto/tls.(*block).readFromUntil(0xc04ecf3860, 0x33a4020, 0xc04207c2d8, 0x5, 0x
c04207c2d8, 0x0)
C:/Go/src/crypto/tls/conn.go:493 +0x9d
crypto/tls.(*Conn).readRecord(0xc0420ac380, 0x9d8117, 0xc0420ac4a0, 0x0)
C:/Go/src/crypto/tls/conn.go:595 +0xe7
crypto/tls.(*Conn).Read(0xc0420ac380, 0xc0423cb400, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/crypto/tls/conn.go:1156 +0x107
bufio.(*Reader).Read(0xc0427a8480, 0xc04caa4450, 0xc, 0xc, 0xc042387cc8, 0x81bd7
e, 0x90efc0)
C:/Go/src/bufio/bufio.go:216 +0x23f
io.ReadAtLeast(0xa14ba0, 0xc0427a8480, 0xc04caa4450, 0xc, 0xc, 0xc, 0xc042838a9e
, 0x6, 0x5c)
C:/Go/src/io/io.go:309 +0x8d
io.ReadFull(0xa14ba0, 0xc0427a8480, 0xc04caa4450, 0xc, 0xc, 0x0, 0x46bb79, 0x2)
C:/Go/src/io/io.go:327 +0x5f
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0
xc04b0b24e0, 0xa14ba0, 0xc0427a8480, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/m
essage.go:359 +0x78
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest
(0xc0422c4160, 0xa18f80, 0xc04ecf3a70, 0xa14ba0, 0xc0427a8480, 0xa18f80, 0xc04ec
f3a70, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:335 +0x86
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0
xc0422c4160, 0xa1a2c0, 0xc0420ac380)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:258 +0x24f
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveListener
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:189 +0x1e5
goroutine 57001 [runnable]:
sync.runtime_SemacquireMutex(0xc043872f9c, 0x8dd500)
C:/Go/src/runtime/sema.go:71 +0x44
sync.(*Mutex).Lock(0xc043872f98)
C:/Go/src/sync/mutex.go:134 +0x10f
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).SimpleQuery(0xc04215a
000, 0xc04212fa40, 0x5, 0x9badfe, 0x5, 0xc043872fa0, 0xa)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:367 +0x1fd
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Database).run(0xc044d613c0, 0xc042
15a000, 0x95a7c0, 0xc04372bf50, 0x8c6060, 0xc043872f90, 0xc044d613f0, 0xc04372bf
50)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:3261 +0x1
ae
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Database).Run(0xc044d613c0, 0x95a7
c0, 0xc04372bf50, 0x8c6060, 0xc043872f90, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:656 +0xc2
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*Query).Count(0xc04371e900, 0x91b06
0, 0xc04372bf20, 0xc04371e900)
C:/Go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/session.go:3970 +0x2
6d
yulong-hids/server/action.ResultStat(0xc043872f00, 0xb, 0xc043872f10, 0xa, 0xc04
3872f20, 0x5, 0xc047916270, 0x1, 0x1, 0xbeb40f235e5090b0, ...)
C:/Go/src/yulong-hids/server/action/statistics.go:34 +0x6fe
main.(*Watcher).PutInfo(0xc042008b88, 0xa18f80, 0xc04372be90, 0xc04297a3c0, 0xc0
43872f78, 0x0, 0x0)
C:/Go/src/yulong-hids/server/server.go:44 +0x1d0
reflect.Value.call(0xc0422da180, 0xc0420040a0, 0x13, 0x9baae6, 0x4, 0xc04276bc50
, 0x4, 0x4, 0xc0439c9f00, 0x939ae0, ...)
C:/Go/src/reflect/value.go:447 +0x970
reflect.Value.Call(0xc0422da180, 0xc0420040a0, 0x13, 0xc04276bc50, 0x4, 0x4, 0x8
bde01, 0x8bdea0, 0xc043872f78)
C:/Go/src/reflect/value.go:308 +0xab
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*service).call(0xc04
211e550, 0xa18f80, 0xc04372be90, 0xc0422da200, 0x8c8160, 0xc04297a3c0, 0x16, 0x8
bdea0, 0xc043872f78, 0x16, ...)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
vice.go:315 +0x1bc
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).handleReque
st(0xc0422c4160, 0xa18f80, 0xc04372be90, 0xc04d2f2ba0, 0x90efc0, 0xc04372be30, 0
xa18f80)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:387 +0x3b7
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn.f
unc2(0xc04d2f2ba0, 0xa1a2c0, 0xc0420ad500, 0xa18f80, 0xc04211cc90, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:302 +0x185
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveConn
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:290 +0x4fb
goroutine 37156 [IO wait]:
internal/poll.runtime_pollWait(0x3a80750, 0x72, 0xa16060)
C:/Go/src/runtime/netpoll.go:173 +0x5e
internal/poll.(*pollDesc).wait(0xc042007d48, 0x72, 0xc9d400, 0x0, 0x0)
C:/Go/src/internal/poll/fd_poll_runtime.go:85 +0xa2
internal/poll.(*ioSrv).ExecIO(0xcd4c80, 0xc042007b98, 0x9d7908, 0x1ffb, 0xc04216
400d, 0xd9)
C:/Go/src/internal/poll/fd_windows.go:223 +0x13a
internal/poll.(*FD).Read(0xc042007b80, 0xc042164000, 0x2000, 0x2000, 0x0, 0x0, 0
x0)
C:/Go/src/internal/poll/fd_windows.go:484 +0x248
net.(*netFD).Read(0xc042007b80, 0xc042164000, 0x2000, 0x2000, 0x8, 0x8, 0x1ff3)
C:/Go/src/net/fd_windows.go:151 +0x56
net.(*conn).Read(0xc0430f0f58, 0xc042164000, 0x2000, 0x2000, 0x0, 0x0, 0x0)
C:/Go/src/net/net.go:176 +0x71
crypto/tls.(*block).readFromUntil(0xc0432e68d0, 0x33a4020, 0xc0430f0f58, 0x5, 0x
c0430f0f58, 0x0)
C:/Go/src/crypto/tls/conn.go:493 +0x9d
crypto/tls.(*Conn).readRecord(0xc0420ac700, 0x9d8117, 0xc0420ac820, 0x0)
C:/Go/src/crypto/tls/conn.go:595 +0xe7
crypto/tls.(*Conn).Read(0xc0420ac700, 0xc047e50000, 0x400, 0x400, 0x0, 0x0, 0x0)
C:/Go/src/crypto/tls/conn.go:1156 +0x107
bufio.(*Reader).Read(0xc045a61c20, 0xc046ca3de0, 0xc, 0xc, 0x60, 0x60, 0x99ec20)
C:/Go/src/bufio/bufio.go:216 +0x23f
io.ReadAtLeast(0xa14ba0, 0xc045a61c20, 0xc046ca3de0, 0xc, 0xc, 0xc, 0xc042ed431e
, 0x6, 0x9b)
C:/Go/src/io/io.go:309 +0x8d
io.ReadFull(0xa14ba0, 0xc045a61c20, 0xc046ca3de0, 0xc, 0xc, 0x81c82a, 0x99ec20,
0xc044f86c00)
C:/Go/src/io/io.go:327 +0x5f
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0
xc044f86c00, 0xa14ba0, 0xc045a61c20, 0x0, 0x0)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/m
essage.go:359 +0x78
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest
(0xc0422c4160, 0xa18f80, 0xc0432e75c0, 0xa14ba0, 0xc045a61c20, 0xa18f80, 0xc0432
e75c0, 0xc0422c4160)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:335 +0x86
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0
xc0422c4160, 0xa1a2c0, 0xc0420ac700)
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:258 +0x24f
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).
serveListener
C:/Go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/ser
ver.go:189 +0x1e5
C:\yulong-hids>
`
运行一会儿就报错了
Hello,
I compile succes, but execute is error:
`./web flag redefined: graceful
panic: ./web flag redefined: graceful
goroutine 1 [running]:
flag.(*FlagSet).Var(0xc420068120, 0xae4860, 0xdf1c91, 0xa6e982, 0x8, 0xa7ff73, 0x21)
/usr/local/go/src/flag/flag.go:810 +0x540
flag.BoolVar(0xdf1c91, 0xa6e982, 0x8, 0xc420190200, 0xa7ff73, 0x21)
/usr/local/go/src/flag/flag.go:589 +0x72
github.com/astaxie/beego/grace.init.0()
/home/exam/src/github.com/astaxie/beego/grace/grace.go:93 +0x60`
C:\hids_server>server -db 10.192.9.231:27017 -es 10.192.9.231:9200
2018/05/08 14:26:04 Get Config
2018/05/08 14:26:05 {true false {[] [] [mssecsvc.exe tasksche.exe] []} {[] []
[] []} -----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDC5AAi+XJE8whsKkB3bO1hPuApgAvvIDodReAO5GbSo73a63rc
EgIGZaWm/3EJIRvG1yXYd0dWsI1NWvuhQPvwWmegkSsvBiSUgiIBn0NxJ4K5UwAs
8ducHQKtgdXaoanOVWBIFBaiYOcsW1iPWLb3HYQgLCLrkR2z7kGFEG4VawIDAQAB
AoGBAIN0YLc2hCIHv92dnkAvo+odC/xSFzqjBS/ritbgro5TzeKVRRiduOnxtAtx
byAWSfMT+b4Jrn/FtHnB7cp117i4/z5Qp0hA/CgQJyP9HOSezHSk/gP8Yekll+dk
AdV6Lz7Hq64m6oLuBqisxgfeINXf2Pzm4SqpOnCaqrvgltG5AkEA5dAz5Rhx0PoT
OIMzkul7Bcmt9ZlAMXUivKFSTC3zANH0IZ8llXC4uVQNPBQiaSJ8S45hr4LD6pQO
I14XilW63wJBANkZFPWQ3EIwJTegOot/dgVFLWKz9aCOGamTMgjghEqu7RfyvkHW
LuoK7QUcMjZQwG0qNrxuwjQsJ8xuxEkjgvUCQEHtjcWuUpCB/VucAAKoanuJlRc9
BLZrhTCaExL5p5nXoXK3xj9t3ACGxVkz6X9BvmiqiwmfuPalzLyGtLghyf8CQQCM
ovHv7qqw+e1yLoseiTCUU28GTNwm6Ub4klFMbN1mYBFZfTgBAFYd6XwH3m8svn0Z
espAoWOPVrdleLARTT7tAkABbp0phHSfuyBweH3rCkupiLXqvsrnD03SPh/kEcz1
Pa+QBLFPmdzaBQJzHuDiAyBNcg22+rpKXPjxY6aTsfdX
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwIBAgIJAMg9QxmYuWArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTgwNTA4MDI1MTIxWhcNMjgwNTA1MDI1MTIxWjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDYXb/rdx5Z+gMK91FvE+hLngP5chvGuuM/Ttxet79mn3vQik6dGGweUyvIFPCj
HO0jh4MuK59rMnMN3h7EBU7PPuqaVAzqqp++UYCoicE8JUn41+AsC78PUiMaCVrs
UzC6neCbdGqNYLfqXKLUC3xjlt4yHB5d846FGPaPfWo37QIDAQABo1AwTjAdBgNV
HQ4EFgQUugEVVgrxDz9kDtjwLIBRRdeeiBUwHwYDVR0jBBgwFoAUugEVVgrxDz9k
DtjwLIBRRdeeiBUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBIEbjX
8J7/zCmY8B6GhZGnB+ioeXYXny8mNhlkxaoyE624VqHtslY9jKl7SxYs1Uas9ZdN
B/4kBixr3PyFc4jYmuL/M4ZxPTIDniqMzED0i3Jg3SD18QPgIEMwHCfoF49Rh3fP
flOQ67BTdEHB2x+ZRA0WYTpJQp+psUUkcpgvgA==
-----END CERTIFICATE----- {false http://127.0.0.1/api/?ip={$ip} http://127.0.0.1
/api/?hash={$hash} black} {false http://127.0.0.1/test/?text={$info} true}}
2018/05/08 14:26:05 Start heartbeat thread
2018/05/08 14:26:05 Start Task Thread
2018/05/08 14:26:05 Start Scan Thread
2018/05/08 14:26:05 Start Health Check Thread
2018/05/08 14:26:05 cert error!
mongodb和es配置应该没问题 web也初始化了 启动server的时候报错
udp 0 0 0.0.0.0:54632 0.0.0.0:* 30178/agent
你好,客户端启动后默认会对外开放一个随机端口,如何将其限制在内网ip?
是需要开放那个端口和IP吗, SERVER 主动连接,还是AGENT 上报
2018/07/25 11:42:54 Download dependent environment package 2018/07/25 11:42:55 Download Agent 2018/07/25 11:42:56 Agent file MD5: 087c9064c2040b5c74642d4c79e7f94f 2018/07/25 11:42:56 Agent download finished, hash check passed 2018/07/25 11:42:56 Copy the daemon to the installation directory 2018/07/25 11:42:56 Start the service 2018/07/25 11:42:56 Start service successfully 2018/07/25 11:42:56 Installed!
主机列表中每台主机的最后更新时间总是按1分钟的频率更新, 无论我在设置里将 client 的间隔设置为多少.
下午在群里提问,大佬说我配置文件有问题,以下就修改完之后的配置文件
[mongodb]
url = "${IDS_MONGODB_URL||mongodb://192.168.25.71:27017/agent}"
[elastic_search]
url = "${IDS_ELASTICSEARCH_URL||http://192.168.25.71:9200/}"
配置完之后重启web,还是显示响应格式错误
debian9 GCE环境
cat /boot/config-uname -r
| grep CONFIG_RETPOLINE
CONFIG_RETPOLINE=y
gcc-6 (6.3.0-18+deb9u1)
uname -r
4.9.0-6-amd64
insmod syshook_execve.ko
加载之后执行任意命令都返回
killed
部署三台agent 两个server端
ES、m都是单台部署的 按说客户端不多日志量应该不至于导致崩溃吧
我查到有其它go程序存在类似问题golang/go#18137
以下为报错日志
fatal error: concurrent map iteration and map write
goroutine 16 [running]:
runtime.throw(0x9bde28, 0x26)
/usr/local/go/src/runtime/panic.go:619 +0x81 fp=0xc420285480 sp=0xc420285460 pc=0x42b2a1
runtime.mapiternext(0xc4200ca300)
/usr/local/go/src/runtime/hashmap.go:747 +0x55c fp=0xc420285510 sp=0xc420285480 pc=0x40a48c
runtime.mapiterinit(0x903420, 0xc42028e0f0, 0xc4200ca300)
/usr/local/go/src/runtime/hashmap.go:737 +0x1f1 fp=0xc420285538 sp=0xc420285510 pc=0x409e41
reflect.mapiterinit(0x903420, 0xc42028e0f0, 0x95)
/usr/local/go/src/runtime/hashmap.go:1217 +0x54 fp=0xc420285568 sp=0xc420285538 pc=0x40b564
reflect.Value.MapKeys(0x903420, 0xc42026c0d0, 0x95, 0x0, 0xc4202856f0, 0x68b1eb)
/usr/local/go/src/reflect/value.go:1114 +0xdd fp=0xc420285610 sp=0xc420285568 pc=0x4abe2d
encoding/json.(*mapEncoder).encode(0xc42000e280, 0xc4201a00b0, 0x903420, 0xc42026c0d0, 0x95, 0x100)
/usr/local/go/src/encoding/json/encode.go:668 +0xad fp=0xc420285770 sp=0xc420285610 pc=0x5f690d
encoding/json.(*mapEncoder).(encoding/json.encode)-fm(0xc4201a00b0, 0x903420, 0xc42026c0d0, 0x95, 0x100)
/usr/local/go/src/encoding/json/encode.go:700 +0x64 fp=0xc4202857b0 sp=0xc420285770 pc=0x6007d4
encoding/json.(*structEncoder).encode(0xc42028e5a0, 0xc4201a00b0, 0x93ac80, 0xc42026c0c0, 0x99, 0x930100)
/usr/local/go/src/encoding/json/encode.go:639 +0x255 fp=0xc420285910 sp=0xc4202857b0 pc=0x5f64d5
encoding/json.(*structEncoder).(encoding/json.encode)-fm(0xc4201a00b0, 0x93ac80, 0xc42026c0c0, 0x99, 0xc420260100)
/usr/local/go/src/encoding/json/encode.go:653 +0x64 fp=0xc420285950 sp=0xc420285910 pc=0x600754
encoding/json.(*encodeState).reflectValue(0xc4201a00b0, 0x93ac80, 0xc42026c0c0, 0x99, 0x100)
/usr/local/go/src/encoding/json/encode.go:325 +0x82 fp=0xc420285988 sp=0xc420285950 pc=0x5f4332
encoding/json.(*encodeState).marshal(0xc4201a00b0, 0x93ac80, 0xc42026c0c0, 0x9b0100, 0x0, 0x0)
/usr/local/go/src/encoding/json/encode.go:298 +0xa5 fp=0xc4202859c0 sp=0xc420285988 pc=0x5f4025
encoding/json.Marshal(0x93ac80, 0xc42026c0c0, 0xc42026c1e0, 0x9b1df7, 0xc, 0x9b3795, 0x10)
/usr/local/go/src/encoding/json/encode.go:161 +0x5f fp=0xc420285a08 sp=0xc4202859c0 pc=0x5f3cbf
yulong-hids/server/vendor/github.com/olivere/elastic.(*Request).setBodyJson(0xc420526000, 0x93ac80, 0xc42026c0c0, 0xc420526000, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/request.go:58 +0x39 fp=0xc420285a68 sp=0xc420285a08 pc=0x788e89
yulong-hids/server/vendor/github.com/olivere/elastic.(*Request).SetBody(0xc420526000, 0x93ac80, 0xc42026c0c0, 0x0, 0xc420526000, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/request.go:51 +0x153 fp=0xc420285ab0 sp=0xc420285a68 pc=0x788df3
yulong-hids/server/vendor/github.com/olivere/elastic.(*Client).PerformRequest(0xc4201b2000, 0xa0d780, 0xc42009a010, 0x9af7b0, 0x4, 0xc420022240, 0x1b, 0xc42026c1b0, 0x93ac80, 0xc42026c0c0, ...)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:1257 +0xe76 fp=0xc420285cb8 sp=0xc420285ab0 pc=0x73bc46
yulong-hids/server/vendor/github.com/olivere/elastic.(*IndexService).Do(0xc420285ec0, 0xa0d780, 0xc42009a010, 0xc42026c0c0, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/index.go:267 +0x155 fp=0xc420285df0 sp=0xc420285cb8 pc=0x75b005
yulong-hids/server/models.InsertThread()
/usr/local/go/src/yulong-hids/server/models/es.go:240 +0x192 fp=0xc420285fe0 sp=0xc420285df0 pc=0x802ec2
runtime.goexit()
/usr/local/go/src/runtime/asm_amd64.s:2361 +0x1 fp=0xc420285fe8 sp=0xc420285fe0 pc=0x457311
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:74 +0x1d5
goroutine 1 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1fd60, 0x72, 0x0)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201ae918, 0x72, 0xc420072100, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201ae918, 0xffffffffffffff00, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Accept(0xc4201ae900, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:372 +0x1a8
net.(*netFD).accept(0xc4201ae900, 0x10, 0x0, 0x0)
/usr/local/go/src/net/fd_unix.go:238 +0x42
net.(*TCPListener).accept(0xc42000e218, 0xc4201b41c8, 0xc420287d50, 0x9a8aa0)
/usr/local/go/src/net/tcpsock_posix.go:136 +0x2e
net.(*TCPListener).Accept(0xc42000e218, 0x434544, 0xc420287c98, 0x453d70, 0xc420287cd8)
/usr/local/go/src/net/tcpsock.go:259 +0x49
crypto/tls.(*listener).Accept(0xc42024e640, 0x9cc900, 0xc4201a0160, 0xa0eb40, 0xc4200d4a80)
/usr/local/go/src/crypto/tls/tls.go:52 +0x37
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener(0xc4201a0160, 0xa0ce40, 0xc42024e640, 0x9afdb1, 0x6)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:148 +0xca
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).Serve(0xc4201a0160, 0x9af651, 0x3, 0x9afdb1, 0x6, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:127 +0xa5
main.main()
/usr/local/go/src/yulong-hids/server/server.go:87 +0x2c1
goroutine 19 [select]:
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoCluster).syncServersLoop(0xc420140000)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/cluster.go:394 +0x31a
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newCluster
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/cluster.go:78 +0x181
goroutine 54626 [select, 349 minutes]:
net/http.(*persistConn).writeLoop(0xc420390480)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 21 [sleep]:
time.Sleep(0x37e11d600)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoServer).pinger(0xc4201440e0, 0xc42009c401)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/server.go:301 +0x4b6
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newServer
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/server.go:89 +0x12d
goroutine 5 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1ff00, 0x72, 0xc4201d7d18)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4200ce198, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4200ce198, 0xc42002c000, 0x24, 0x24)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4200ce180, 0xc42002c030, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4200ce180, 0xc42002c030, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42000e018, 0xc42002c030, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.fill(0xa0ec00, 0xc42000e018, 0xc42002c030, 0x24, 0x24, 0x0, 0xda)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:535 +0x53
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).readLoop(0xc420162000)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:551 +0x602
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newSocket
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:194 +0x1f5
goroutine 6 [chan receive, 28 minutes]:
yulong-hids/server/models.esCheckThread()
/usr/local/go/src/yulong-hids/server/models/es.go:254 +0xa2
created by yulong-hids/server/models.init.0
/usr/local/go/src/yulong-hids/server/models/common.go:137 +0x2f3
goroutine 10 [select, 13 minutes]:
yulong-hids/server/vendor/github.com/olivere/elastic.(*Client).sniffer(0xc4201b2000)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:813 +0x17c
created by yulong-hids/server/vendor/github.com/olivere/elastic.NewClient
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:282 +0x7c6
goroutine 11 [select]:
yulong-hids/server/vendor/github.com/olivere/elastic.(*Client).healthchecker(0xc4201b2000)
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:1000 +0x181
created by yulong-hids/server/vendor/github.com/olivere/elastic.NewClient
/usr/local/go/src/yulong-hids/server/vendor/github.com/olivere/elastic/client.go:285 +0x7a2
goroutine 12 [sleep]:
time.Sleep(0x6fc23ac00)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/models.Heartbeat()
/usr/local/go/src/yulong-hids/server/models/common.go:196 +0x84
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:66 +0x175
goroutine 13 [sleep]:
time.Sleep(0x2540be400)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/action.TaskThread()
/usr/local/go/src/yulong-hids/server/action/task.go:45 +0x22c
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:68 +0x18d
goroutine 14 [chan receive]:
yulong-hids/server/safecheck.ScanMonitorThread()
/usr/local/go/src/yulong-hids/server/safecheck/check.go:292 +0x28d
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:70 +0x1a5
goroutine 15 [chan receive]:
yulong-hids/server/safecheck.firewallCheckThread()
/usr/local/go/src/yulong-hids/server/safecheck/health.go:108 +0x800
yulong-hids/server/safecheck.HealthCheckThread()
/usr/local/go/src/yulong-hids/server/safecheck/health.go:19 +0x96
created by main.init.0
/usr/local/go/src/yulong-hids/server/server.go:72 +0x1bd
goroutine 28 [chan receive]:
yulong-hids/server/safecheck.ScanMonitorThread.func1()
/usr/local/go/src/yulong-hids/server/safecheck/check.go:287 +0x6c
created by yulong-hids/server/safecheck.ScanMonitorThread
/usr/local/go/src/yulong-hids/server/safecheck/check.go:285 +0x254
goroutine 29 [sleep]:
time.Sleep(0x6fc23ac00)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/safecheck.offlineCheckThread()
/usr/local/go/src/yulong-hids/server/safecheck/health.go:98 +0xc2a
created by yulong-hids/server/safecheck.HealthCheckThread
/usr/local/go/src/yulong-hids/server/safecheck/health.go:17 +0x79
goroutine 30 [sleep]:
time.Sleep(0xdf8475800)
/usr/local/go/src/runtime/time.go:102 +0x166
yulong-hids/server/safecheck.cleanThread()
/usr/local/go/src/yulong-hids/server/safecheck/health.go:42 +0x39f
created by yulong-hids/server/safecheck.HealthCheckThread
/usr/local/go/src/yulong-hids/server/safecheck/health.go:18 +0x91
goroutine 31 [chan receive, 448 minutes]:
yulong-hids/server/safecheck.offlineCheckThread.func1(0xc42012ad60)
/usr/local/go/src/yulong-hids/server/safecheck/health.go:55 +0x6c
created by yulong-hids/server/safecheck.offlineCheckThread
/usr/local/go/src/yulong-hids/server/safecheck/health.go:53 +0x154
goroutine 34 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1fc90, 0x72, 0xc42050d860)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201ae998, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201ae998, 0xc42042e000, 0x2000, 0x2000)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4201ae980, 0xc42042e000, 0x2000, 0x2000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4201ae980, 0xc42042e000, 0x2000, 0x2000, 0x8, 0x8, 0x1ff3)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42000e220, 0xc42042e000, 0x2000, 0x2000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
crypto/tls.(*block).readFromUntil(0xc420161da0, 0x7f9d9807e3a0, 0xc42000e220, 0x5, 0xc42000e220, 0x0)
/usr/local/go/src/crypto/tls/conn.go:493 +0x96
crypto/tls.(*Conn).readRecord(0xc420186a80, 0x9cbf17, 0xc420186ba0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:595 +0xe0
crypto/tls.(*Conn).Read(0xc420186a80, 0xc420237000, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:1156 +0x100
bufio.(*Reader).Read(0xc4200753e0, 0xc42027c084, 0xc, 0xc, 0xc42050dcc8, 0x813507, 0x903420)
/usr/local/go/src/bufio/bufio.go:216 +0x238
io.ReadAtLeast(0xa09100, 0xc4200753e0, 0xc42027c084, 0xc, 0xc, 0xc, 0xc42012c47e, 0x6, 0xbd)
/usr/local/go/src/io/io.go:309 +0x86
io.ReadFull(0xa09100, 0xc4200753e0, 0xc42027c084, 0xc, 0xc, 0x0, 0x46d172, 0x1)
/usr/local/go/src/io/io.go:327 +0x58
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0xc4202d0060, 0xa09100, 0xc4200753e0, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/message.go:359 +0x71
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest(0xc4201a0160, 0xa0d800, 0xc420161fb0, 0xa09100, 0xc4200753e0, 0xa0d800, 0xc420161fb0, 0xc4201a0160)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:335 +0x7f
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0xc4201a0160, 0xa0eb40, 0xc420186a80)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:258 +0x248
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:189 +0x1de
goroutine 160819 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc4202ff8c0)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 88802 [select, 289 minutes]:
net/http.(*persistConn).readLoop(0xc420390240)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 73 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1faf0, 0x72, 0xc420253d18)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4200ce918, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4200ce918, 0xc42002c200, 0x24, 0x24)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4200ce900, 0xc42002c2a0, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4200ce900, 0xc42002c2a0, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42000e0f8, 0xc42002c2a0, 0x24, 0x24, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.fill(0xa0ec00, 0xc42000e0f8, 0xc42002c2a0, 0x24, 0x24, 0x0, 0x11)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:535 +0x53
yulong-hids/server/vendor/gopkg.in/mgo%2ev2.(*mongoSocket).readLoop(0xc420144460)
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:551 +0x602
created by yulong-hids/server/vendor/gopkg.in/mgo%2ev2.newSocket
/usr/local/go/src/yulong-hids/server/vendor/gopkg.in/mgo.v2/socket.go:194 +0x1f5
goroutine 160735 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc42024b560)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160821 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc4202ffb00)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 88833 [select, 289 minutes]:
net/http.(*persistConn).writeLoop(0xc4202ff560)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 160785 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc4200b5560)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 473 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1fa20, 0x72, 0xc420062860)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201afb98, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201afb98, 0xc4201f8000, 0x8000, 0x8000)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4201afb80, 0xc4201f8000, 0x8000, 0x8000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4201afb80, 0xc4201f8000, 0x8000, 0x8000, 0x8, 0x8, 0x7ff3)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42009e450, 0xc4201f8000, 0x8000, 0x8000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
crypto/tls.(*block).readFromUntil(0xc42040dcb0, 0x7f9d9807e3a0, 0xc42009e450, 0x5, 0xc42009e450, 0x0)
/usr/local/go/src/crypto/tls/conn.go:493 +0x96
crypto/tls.(*Conn).readRecord(0xc4200d4380, 0x9cbf17, 0xc4200d44a0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:595 +0xe0
crypto/tls.(*Conn).Read(0xc4200d4380, 0xc4200f9000, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:1156 +0x100
bufio.(*Reader).Read(0xc42048fc80, 0xc42027cad0, 0xc, 0xc, 0xc420062cc8, 0x813507, 0x903420)
/usr/local/go/src/bufio/bufio.go:216 +0x238
io.ReadAtLeast(0xa09100, 0xc42048fc80, 0xc42027cad0, 0xc, 0xc, 0xc, 0xc42012c55e, 0x6, 0xbe)
/usr/local/go/src/io/io.go:309 +0x86
io.ReadFull(0xa09100, 0xc42048fc80, 0xc42027cad0, 0xc, 0xc, 0x0, 0x46d172, 0x1)
/usr/local/go/src/io/io.go:327 +0x58
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0xc4202a2a20, 0xa09100, 0xc42048fc80, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/message.go:359 +0x71
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest(0xc4201a0160, 0xa0d800, 0xc42040de00, 0xa09100, 0xc42048fc80, 0xa0d800, 0xc42040de00, 0xc4201a0160)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:335 +0x7f
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0xc4201a0160, 0xa0eb40, 0xc4200d4380)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:258 +0x248
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:189 +0x1de
goroutine 160760 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc420176240)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160761 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc420176240)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 160686 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc420390c60)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160736 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc42024b560)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 54593 [select, 349 minutes]:
net/http.(*persistConn).readLoop(0xc420390480)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160818 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc4202ff8c0)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 88803 [select, 289 minutes]:
net/http.(*persistConn).writeLoop(0xc420390240)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 260141 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1f7b0, 0x72, 0xc4201d9860)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201af918, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201af918, 0xc4200f8400, 0x400, 0x400)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4201af900, 0xc4200f8400, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4201af900, 0xc4200f8400, 0x400, 0x400, 0x8, 0x8, 0x3f3)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42009e358, 0xc4200f8400, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
crypto/tls.(*block).readFromUntil(0xc4202e3650, 0x7f9d9807e3a0, 0xc42009e358, 0x5, 0xc42009e358, 0x0)
/usr/local/go/src/crypto/tls/conn.go:493 +0x96
crypto/tls.(*Conn).readRecord(0xc4200d4a80, 0x9cbf17, 0xc4200d4ba0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:595 +0xe0
crypto/tls.(*Conn).Read(0xc4200d4a80, 0xc4200f9800, 0x400, 0x400, 0x0, 0x0, 0x0)
/usr/local/go/src/crypto/tls/conn.go:1156 +0x100
bufio.(*Reader).Read(0xc4202d1320, 0xc420202f30, 0xc, 0xc, 0xc4201d9cc8, 0x813507, 0x903420)
/usr/local/go/src/bufio/bufio.go:216 +0x238
io.ReadAtLeast(0xa09100, 0xc4202d1320, 0xc420202f30, 0xc, 0xc, 0xc, 0xc42027601e, 0x6, 0xc6)
/usr/local/go/src/io/io.go:309 +0x86
io.ReadFull(0xa09100, 0xc4202d1320, 0xc420202f30, 0xc, 0xc, 0x0, 0x46d172, 0x0)
/usr/local/go/src/io/io.go:327 +0x58
yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol.(*Message).Decode(0xc420302960, 0xa09100, 0xc4202d1320, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/protocol/message.go:359 +0x71
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).readRequest(0xc4201a0160, 0xa0d800, 0xc4202e3860, 0xa09100, 0xc4202d1320, 0xa0d800, 0xc4202e3860, 0xc4201a0160)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:335 +0x7f
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn(0xc4201a0160, 0xa0eb40, 0xc4200d4a80)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:258 +0x248
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveListener
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:189 +0x1de
goroutine 160788 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc42024bd40)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 241293 [IO wait]:
internal/poll.runtime_pollWait(0x7f9d98c1f060, 0x72, 0xc4204339a8)
/usr/local/go/src/runtime/netpoll.go:173 +0x57
internal/poll.(*pollDesc).wait(0xc4201afa18, 0x72, 0xffffffffffffff00, 0xa0a6c0, 0xc965d8)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:85 +0x9b
internal/poll.(*pollDesc).waitRead(0xc4201afa18, 0xc4202fc000, 0x1000, 0x1000)
/usr/local/go/src/internal/poll/fd_poll_runtime.go:90 +0x3d
internal/poll.(*FD).Read(0xc4201afa00, 0xc4202fc000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/internal/poll/fd_unix.go:157 +0x17d
net.(*netFD).Read(0xc4201afa00, 0xc4202fc000, 0x1000, 0x1000, 0x453530, 0xc4201b0f00, 0x4)
/usr/local/go/src/net/fd_unix.go:202 +0x4f
net.(*conn).Read(0xc42000e418, 0xc4202fc000, 0x1000, 0x1000, 0x0, 0x0, 0x0)
/usr/local/go/src/net/net.go:176 +0x6a
net/http.(*persistConn).Read(0xc4203910e0, 0xc4202fc000, 0x1000, 0x1000, 0xc420433b98, 0x404fa5, 0xc420341620)
/usr/local/go/src/net/http/transport.go:1453 +0x136
bufio.(*Reader).fill(0xc4202d1ec0)
/usr/local/go/src/bufio/bufio.go:100 +0x11e
bufio.(*Reader).Peek(0xc4202d1ec0, 0x1, 0x0, 0x0, 0x1, 0xc420340ea0, 0x0)
/usr/local/go/src/bufio/bufio.go:132 +0x3a
net/http.(*persistConn).readLoop(0xc4203910e0)
/usr/local/go/src/net/http/transport.go:1601 +0x185
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160687 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc420390c60)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 241294 [select]:
net/http.(*persistConn).writeLoop(0xc4203910e0)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 88832 [select, 289 minutes]:
net/http.(*persistConn).readLoop(0xc4202ff560)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160786 [select, 169 minutes]:
net/http.(*persistConn).writeLoop(0xc4200b5560)
/usr/local/go/src/net/http/transport.go:1822 +0x14b
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1238 +0x97f
goroutine 160787 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc42024bd40)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 160820 [select, 169 minutes]:
net/http.(*persistConn).readLoop(0xc4202ffb00)
/usr/local/go/src/net/http/transport.go:1717 +0x743
created by net/http.(*Transport).dialConn
/usr/local/go/src/net/http/transport.go:1237 +0x95a
goroutine 260236 [runnable]:
yulong-hids/server/action.ResultStat(0xc42037c154, 0xc, 0xc42037c164, 0xa, 0xc42037c176, 0x5, 0xc42009e028, 0x1, 0x1, 0xbeb47de7d1447a35, ...)
/usr/local/go/src/yulong-hids/server/action/statistics.go:34 +0x564
main.(*Watcher).PutInfo(0xc420202580, 0xa0d800, 0xc42028e090, 0xc4202c6000, 0xc42037c1b8, 0x0, 0x0)
/usr/local/go/src/yulong-hids/server/server.go:44 +0x1c9
reflect.Value.call(0xc4201ae800, 0xc42000e210, 0x13, 0x9af758, 0x4, 0xc420510c50, 0x4, 0x4, 0xc420073140, 0x92e760, ...)
/usr/local/go/src/reflect/value.go:447 +0x969
reflect.Value.Call(0xc4201ae800, 0xc42000e210, 0x13, 0xc420510c50, 0x4, 0x4, 0x8b2101, 0x8b21e0, 0xc42037c1b8)
/usr/local/go/src/reflect/value.go:308 +0xa4
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*service).call(0xc42001e820, 0xa0d800, 0xc42028e090, 0xc4201ae880, 0x8bc2e0, 0xc4202c6000, 0x16, 0x8b21e0, 0xc42037c1b8, 0x16, ...)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/service.go:315 +0x1b5
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).handleRequest(0xc4201a0160, 0xa0d800, 0xc42028e090, 0xc4200cb980, 0x903420, 0xc42028e030, 0xa0d800)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:387 +0x3b0
yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn.func2(0xc4200cb980, 0xa0eb40, 0xc4200d4a80, 0xa0d800, 0xc4202e3860, 0xc4201a0160)
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:302 +0x17e
created by yulong-hids/server/vendor/github.com/smallnest/rpcx/server.(*Server).serveConn
/usr/local/go/src/yulong-hids/server/vendor/github.com/smallnest/rpcx/server/server.go:290 +0x4f4
你好, 我新建用户后发现 userlist 中看不到新用户.
reload agent 过了一段时间后仍看不到, 但同时该主机的 crontab/listening/process 信息能正确更新.
我对比了另外一台机器的 /etc/passwd 和web界面中的 userlist, 发现 userlist 少了3个用户.
在win10上安装agent时提示“此应用无法在您的电脑上运行”
[root@yulong-hids]# ./agent 17..*.*8 debug
2018/06/28 11:13:29 DEBUG MODE
2018/06/28 11:13:29 Web API: https://17.**.***.*8/json/serverlist
2018/06/28 11:13:29 Available server node: []
2018/06/28 11:13:59 No server node available
panic: 1
goroutine 1 [running]:
yulong-hids/agent/client.(*Agent).init(0xc4200dc370)
/usr/local/go/src/yulong-hids/agent/client/agent.go:61 +0x6cc
yulong-hids/agent/client.(*Agent).Run(0xc4200dc370)
/usr/local/go/src/yulong-hids/agent/client/agent.go:82 +0x2b
main.main()
/usr/local/go/src/yulong-hids/agent/agent.go:22 +0xb9
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.