search

appcanary / agent

The Appcanary agent
https://www.appcanary.com
GNU General Public License v3.0
47 stars 6 forks source link

Integrate libspector #141

Closed j0ni closed 7 years ago

j0ni commented 7 years ago

This introduces libspector, and supports two use cases:

  1. Configure match text in the agent.conf file, and track processes which match.
  2. Always run a periodic scan of all running processes.

There's a companion coalmine PR appcanary/coalmine#196 which adds datamodel for the second use case, as well as an endpoint. Not sure there's much point in keeping the first part of the implementation here, as configuring it will simply duplicate a subset of the data generated by the second use case.

phillmv commented 7 years ago
  1. Existing configurations files must not break!
  2. Rename to libraries ProcessLibrary to match our end.
  3. That minor todo.
  4. Split up the package-version into two attributes
  5. CRC check maybe?

Otherwise looks great.

j0ni commented 7 years ago

I implemented the CRC check in the crudest way, and because the MarshalJSON code makes calls to libspector to resolve package and package version, this results in duplicate calls occurring per run.

To continue using the CRC check, I think I should either pre-load all that data, or instead of capturing the data structure, capture the JSON blob of bytes.

phillmv commented 7 years ago

LOOKS GOOD TO PHILLIP