diff --git a/.gitignore b/.gitignore index ceaa982..474de98 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ go.work sysmonitord.code-workspace +data/ diff --git a/cmd/start/start.go b/cmd/start/start.go index 73c820a..f8cafa2 100644 --- a/cmd/start/start.go +++ b/cmd/start/start.go @@ -6,6 +6,7 @@ import ( "sysmonitord/internal/config" "sysmonitord/internal/scanner/hash" "sysmonitord/internal/scanner/process" + "sysmonitord/internal/storage" "sysmonitord/pkg/logger" "github.com/spf13/cobra" @@ -35,10 +36,20 @@ var StartCmd = &cobra.Command{ ChunkSize: cfg.Scanner.File.FastHashChunk, } + storageCfg := &storage.Storage{ + DataDir: cfg.Storage.DataDir, + ProcessSystemFile: cfg.Storage.ProcessSystemFile, + FileSystemFile: cfg.Storage.FileSystemFile, + } + procs, err := process.ScanAllProcesses(hashCfg) if err != nil { logger.Log.Error("扫描进程失败", zap.Error(err)) os.Exit(1) + } else { + if err := storage.SaveProcessSystem(procs, storageCfg.DataDir, storageCfg.ProcessSystemFile); err != nil { + logger.Log.Error("保存进程白名单失败", zap.Error(err)) + } } logger.Log.Info("进程列表:") diff --git a/config.yaml b/config.yaml index 92ea87c..03428d0 100644 --- a/config.yaml +++ b/config.yaml @@ -15,4 +15,9 @@ scanner: - /sys fast_hash: true fast_hash_size: 100MB - fast_hash_chunk: 2MB \ No newline at end of file + fast_hash_chunk: 2MB + +storage: + data_dir: "./data" + process_system_file: "process_system.data" + file_system_file: "file_system.data" \ No newline at end of file diff --git a/internal/config/config.go b/internal/config/config.go index f223f45..2f24240 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -12,6 +12,7 @@ import ( type Config struct { Audit AuditConfig `yaml:"audit"` Scanner ScannerConfig `yaml:"scanner"` + Storage StorageConfig `yaml:"storage"` } type AuditConfig struct { @@ -25,6 +26,12 @@ type ScannerConfig struct { File FileScannerConfig `yaml:"file"` } +type StorageConfig struct { + DataDir string `yaml:"data_dir"` + ProcessSystemFile string `yaml:"process_system_file"` + FileSystemFile string `yaml:"file_system_file"` +} + type FileScannerConfig struct { ExcludePaths []string `yaml:"exclude_paths"` FastHash bool `yaml:"fast_hash"` diff --git a/internal/storage/storage.go b/internal/storage/storage.go new file mode 100644 index 0000000..34748da --- /dev/null +++ b/internal/storage/storage.go @@ -0,0 +1,62 @@ +package storage + +import ( + "bufio" + "fmt" + "os" + "path/filepath" + "sysmonitord/internal/scanner/process" + "sysmonitord/pkg/logger" + "time" + + "go.uber.org/zap" +) + +type Storage struct { + DataDir string + ProcessSystemFile string + FileSystemFile string +} + +func InitDataDir(dataDir string) error { + if err := os.MkdirAll(dataDir, 0755); err != nil { + return fmt.Errorf("[storage]无法创建数据目录: %w", err) + } + return nil +} + +func SaveProcessSystem(proc []process.ProcessInfo, dataDir string, processSystemFile string) error { + filePath := filepath.Join(dataDir, processSystemFile) + + f, err := os.Create(filePath) // 覆盖 + if err != nil { + return fmt.Errorf("[storage]无法创建储存进程文件%s: %w", filePath, err) + } + defer f.Close() + + writer := bufio.NewWriter(f) + + currentTime := time.Now().Format("2006-01-02 15:04:05") + header := fmt.Sprintf("# 进程白名单 - 生成时间: %s\n", currentTime) + if _, err := writer.WriteString(header); err != nil { + return err + } + + for _, p := range proc { + line := fmt.Sprintf("%v\n", p) + if _, err := writer.WriteString(line); err != nil { + return err + } + } + + if err := writer.Flush(); err != nil { + return err + } + + logger.Log.Info("[storage]进程白名单保存成功", + zap.String("file", filePath), + zap.Int("process_count", len(proc)), + ) + + return nil +}