Scheck Funcs支持清单¶
- 版本:1.0.7-7-g251eead
- 发布日期:2023-04-06 11:17:57
- 操作系统支持:windows/amd64,windows/386,linux/arm,linux/arm64,linux/386,linux/amd64
介绍¶
原来的形式是初始化lua虚拟机时 将所有的函数注册进去,而lua脚本并没有用到这些方法,造成了虚拟机的冗余。
随着函数的增多 这样的冗余的情况会越来越来越严重,所以就做了分包及模块化处理。
如何使用这些模块¶
go的函数按包的形式分成多个module,在lua脚本使用module的时候 需要先导入包(trigger除外)
lua代码:
-- 使用file模块
local file = require("file")
local info = file.file_info("./example.exe")
print(info['size'])
-- do something ...
-- 使用cache模块
local cache = require("cache")
cache.set_cache({"123","abc"})
print(cache.get_cache("123")) -- "abc"
-- trigger 无需声明引用
local current = "123"
trigger({Content=current})
模块及funcs列表¶
注意 不同操作系统下的方法集不同,不可跨系统调用!all_os是所有操作系统共有的方法
file¶
file_all_os¶
ls¶
ls(dir[, rescue])
list files in specified directory.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| dir | string |
path of dir | true |
| rescue | boolean |
if recursively traverse the dir, default is false | false |
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| path | string | file's full path |
| filename | string | name of file |
| size | number | Size of file in bytes |
| block_size | number | Block size of filesystem |
| mode | string | Permission bits |
| uid | number | Owning user ID |
| gid | number | Owning group ID |
| device | number | Device ID (optional) |
| inode | number | Filesystem inode number |
| hard_links | number | Number of hard links |
| ctime | number | Last status change time |
| mtime | number | Last modification time |
| atime | number | Last access time |
file_exist¶
file_exist(filepath)
check if a file exists.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| filepath | string |
absolute file path | true |
Return value(s):
| Type | Description |
|---|---|
boolean |
true if exists, otherwise is false |
Example:
file_info¶
file_info(filepath)
read file attributes and metadata.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| filepath | string |
absolute file path | true |
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table |
contains details of file as below |
| Name | Type | Description |
|---|---|---|
| size | number | Size of file in bytes |
| block_size | number | Block size of filesystem |
| mode | string | Permission string |
| perm | string | Permission bits |
| uid | number | Owning user ID |
| gid | number | Owning group ID |
| device | number | Device ID (optional) |
| inode | number | Filesystem inode number |
| hard_links | number | Number of hard links |
| ctime | number | Last status change time |
| mtime | number | Last modification time |
| atime | number | Last access time |
Example:
read_file¶
read_file(filepath)
reads the file content.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| filepath | string |
absolute file path | true |
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
string |
file content |
Examples:
file_hash¶
file_hash(filepath)
calculate the md5 sum of file content.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| filepath | string |
absolute file path | true |
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
string |
md5 of file content |
Examples:
sc_path_watch¶
sc_path_watch(dir,chan)
watch whether the file or directory has changed.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| dir | string |
dir or filename | true |
| chan | lua.LChannel |
lua channel | true |
Return value(s):
No return value and never stop. If the dir or file changes, it will be notified through to lua.LChannel.
the lua.LChannel:
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| path | string | file's full path |
| status | int | file status |
| file status: |
| status | name | Description |
|---|---|---|
| 1 | CREATE | create file in dir |
| 2 | WRITE | write file |
| 4 | REMOVE | when file is del |
| 8 | RENAME | file rename |
| 16 | CHMOD | chmod is change |
grep¶
grep(option, pattern, file)
run grep command
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| option | string |
option(s) for grep | false |
| pattern | string |
pattern for grep | true |
| file | string |
file to search by grep | true |
Return value(s):
| Type | Description |
|---|---|
string |
result of grep, empty if not found |
string |
error info if failed |
system¶
system_all_os¶
hostname¶
hostname()
get current hostname.
Return value(s):
it issues an error when fail to get.
| Type | Description |
|---|---|
string |
hostname |
uptime¶
uptime()
time passed since last boot.
Return value(s):
| Type | Description |
|---|---|
number |
Total uptime seconds |
time_zone¶
time_zone()
current timezone in the system
Return value(s):
| Type | Description |
|---|---|
string |
current timezone in the system |
mounts¶
mounts()
System mounted devices and filesystems (not process specific)
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item corresponding to a mounted device describe as below |
| Name | Type | Description |
|---|---|---|
| device | string | Mounted device |
| path | string | Mounted device path |
| type | string | Mounted device type |
| flags | string | Mounted device flags |
uname¶
uname()
the operating system name and version
Return value(s):
it issues an error when failed.
| Type | Description |
|---|---|
table |
see below |
| Name | Type | Description |
|---|---|---|
| platform | string | OS Platform or ID, eg., centos |
| platform_version | string | OS Platform version, eg., 7.7.1908 |
| family | string | OS Platform family, eg., rhel |
| os | string | os name, eg., Linux |
| arch | string | OS Architecture, eg., x86_64 |
| kernel_version | string | os kernel version |
sc_sleep¶
sc_sleep(time)
Thread sleeps for a certain number of seconds
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| time | int |
second sleep time | true |
Return value(s):
it issues an error when failed.
sc_ticker¶
sc_ticker(channel,time)
Send signals to the lua.LChannel regularly
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| chan | lua.LChannel |
lua channel | true |
| time | int |
second time | true |
Return value(s):
No return value sent Lua.LString to lua.LChannel.
system_linux¶
kernel_info¶
kernel_info()
linux kernel modules both loaded and within the load search path
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table |
details as below |
| Name | Type | Description |
|---|---|---|
| version | string | Kernel version |
| arguments | string | Kernel arguments |
| path | string | Kernel path |
| device | string | Kernel device identifier |
kernel_modules¶
kernel_modules()
linux kernel modules both loaded and within the load search path
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item corresponding to a module describe as below |
| Name | Type | Description |
|---|---|---|
| name | string | Module name |
| size | string | Size of module content |
| used_by | string | Module reverse dependencies |
| status | string | Kernel module status |
| address | string | Kernel module address |
ulimit_info¶
ulimit_info()
System resource usage limits.
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table |
see below |
| Name | Type | Description |
|---|---|---|
| type | string | System resource to be limited |
| soft_limit | string | Current limit value |
| hard_limit | string | Maximum limit value |
processes¶
processes()
All running processes on the host system
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item corresponding to a process describe as below |
| Name | Type | Description |
|---|---|---|
| pid | number | Process (or thread) ID |
| name | string | The process path or shorthand argv[0] |
| path | string | Path to executed binary |
| cmdline | string | Complete argv |
| state | string | Process state |
| cwd | string | Process current working directory |
| root | string | Process virtual root directory |
| uid | number | Unsigned user ID |
| gid | number | Unsigned group ID |
| euid | number | Unsigned effective user ID |
| egid | number | Unsigned effective group ID |
| suid | number | Unsigned saved user ID |
| sgid | number | Unsigned saved group ID |
| on_disk | number | The process path exists yes=1, no=0, unknown=-1 |
| resident_size | number | Bytes of private memory used by process |
| total_size | number | Total virtual memory size |
| system_time | number | CPU time in milliseconds spent in kernel space |
| user_time | number | CPU time in milliseconds spent in user space |
| disk_bytes_read | number | Bytes read from disk |
| disk_bytes_written | number | Bytes written to disk |
| start_time | number | Process start time in seconds since Epoch, in case of error -1 |
| parent | number | Process parent's PID |
| pgroup | number | Process group |
| threads | number | Number of threads used by process |
| nice | number | Process nice level (-20 to 20, default 0) |
process_open_files¶
process_open_files()
File descriptors for each process.
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item corresponding to a processe which have open file, describe as below |
| Name | Type | Description |
|---|---|---|
| pid | number | Process (or thread) ID |
| fd | number | Process-specific file descriptor numbe |
| path | string | Filesystem path of descriptor |
users¶
users()
Local user accounts (including domain accounts that have logged on locally (Windows))
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| username | string | Username |
| uid | number | User ID |
| gid | number | Group ID (unsigned) |
| directory | string | User's home directory |
| shell | string | User's configured default shell |
logged_in_users¶
logged_in_users()
Users with an active shell on the system.
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| pid | number | Process (or thread) ID |
| username | string | Username |
| type | number | Login type, see utmp.h |
| tty | number | Device name |
| host | string | Remote hostname |
| time | string | Time entry was made, unix timestamp in seconds |
last¶
last()
System logins and logouts.
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| pid | number | Process (or thread) ID |
| username | string | Username |
| type | number | Login type, see utmp.h |
| tty | number | Device name |
| host | string | Remote hostname |
| time | string | Time entry was made, unix timestamp in seconds |
lastb¶
lastb()
Failed logins.
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| pid | number | Process (or thread) ID |
| username | string | Username |
| type | number | Login type, see utmp.h |
| tty | number | Device name |
| host | string | Remote hostname |
| time | string | Time entry was made, unix timestamp in seconds |
shadow¶
shadow()
Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access /etc/shadow.
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| username | string | Username |
| password_status | string | Password status |
| last_change | number | Date of last password change (starting from UNIX epoch date) |
| expire | number | Number of days since UNIX epoch date until account is disabled |
shell_history¶
shell_history()
A line-delimited (command) table of per-user .*_history data.
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| uid | number | Shell history owner |
| history_file | string | Path to the .*_history for this user |
| command | string | Unparsed date/line/command history line |
| time | number | Entry timestamp. It could be absent, default value is 0. |
crontab¶
crontab()
Line parsed values from system and user cron/tab.
Return value(s):
it issues an error when failed.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| minute | string | The exact minute for the job |
| hour | string | The hour of the day for the job |
| day_of_monthmand | string | The day of the month for the job |
| month | string | The month of the year for the job |
| day_of_week | string | The day of the week for the job |
| command | string | Raw command string |
| path | string | File parsed |
sysctl¶
sysctl([key])
the operating system sysctl info
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
specify a key to get back, otherwise return all key-values | false |
Return value(s):
it issues an error when failed.
| Type | Description |
|---|---|
table |
same as run linux command 'sysctl -a' |
rpm_list¶
rpm_list()
list all current rpm packages
Return value(s):
it issues an error when failed.
| Type | Description |
|---|---|
string |
same as run linux command 'rpm -qa' |
rpm_query¶
rpm_query(pkg)
check a package is installed
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| package | string |
the package name, eg. yum | false |
Return value(s):
| Type | Description |
|---|---|
string |
package's fullname, or empty if not found |
system_windows¶
net¶
net_all_os¶
interface_addresses¶
interface_addresses()
Network interfaces and relevant metadata.
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item corresponding to a net interface describe as below |
| Name | Type | Description |
|---|---|---|
| interface | string | Interface name |
| ip4 | string | ip4 addr |
| ip6 | string | ip6 addr |
| mtu | number | MTU |
| mac | string | MAC address |
net_linux¶
iptables¶
iptables()
Linux IP packet filtering and NAT tool
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item corresponding to a filtering describe as below |
| Name | Type | Description |
|---|---|---|
| filter_name | string | Packet matching filter table name. |
process_open_sockets¶
process_open_sockets()
Processes which have open network sockets on the system
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item corresponding to a processe which have open network describe as below |
| Name | Type | Description |
|---|---|---|
| pid | number | Process (or thread) ID |
| process_name | string | The process name |
| cmdline | string | Complete argv |
| fd | number | Socket file descriptor number |
| socket | number | Socket handle or inode number |
| family | string | Network protocol (AF_INET, AF_INET6, AF_UNIX) |
| protocol | string | Transport protocol (tcp, udp...) |
| local_address | string | Socket local address |
| remote_address | string | Socket remote address |
| local_port | number | Socket local port |
| remote_port | number | Socket remote port |
| path | string | For UNIX sockets (family=AF_UNIX), the domain path |
| net_namespace | number | The inode number of the network namespace |
| state | string | TCP socket state |
listening_ports¶
listening_ports()
Processes with listening (bound) network sockets/ports
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table(array) |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| pid | number | Process (or thread) ID |
| process_name | string | The process name |
| cmdline | string | Complete argv |
| socket | number | Socket handle or inode number |
| fd | number | Socket file descriptor number |
| address | string | Specific address for bind |
| port | number | Transport layer port |
| family | string | Network protocol (AF_INET, AF_INET6, AF_UNIX) |
| protocol | string | Transport protocol (tcp, udp...) |
| path | string | For UNIX sockets (family=AF_UNIX), the domain path |
net_windows¶
cache¶
cache_all_os¶
get_cache¶
get_cache(key)
get value for cache key.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
name of cache key | true |
Return value(s):
| Type | Description |
|---|---|
string/boolean/number |
cache value |
set_cache¶
set_cache(key, value)
set a cache key-value pair.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
name of cache key | true |
| value | string/boolean/number |
cache value by key | true |
Return value(s):
| Type | Description |
|---|---|
string |
error detail if failed |
clean_cache¶
clean_cache()
clean this rule cache .
Parameters:
Return value(s):
del_cache¶
del_cache(key)
delete cache by key.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
name of cache key | true |
Return value(s):
no return
del_cache_all¶
del_cache()
delete all cache.
Parameters:
Return value(s):
get_global_cache¶
get_global_cache(key)
get value for global cache key.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
name of cache key | true |
Return value(s):
| Type | Description |
|---|---|
string/boolean/number |
cache value |
set_global_cache¶
set_global_cache(key, value)
set a key-value to global cache.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
name of cache key | true |
| value | string/boolean/number |
cache value by key | true |
Return value(s):
| Type | Description |
|---|---|
string |
error detail if failed |
json¶
json_all_os¶
json_encode¶
json_encode(object)
encode a lua table to json string
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| object | table |
a lua table | true |
Return value(s):
it issues an error if fail to encode
| Type | Description |
|---|---|
string |
json string |
json_decode¶
json_decode(str)
decode a json string to lua table
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| str | string |
a json string | true |
Return value(s):
it issues an error if fail to encode
| Type | Description |
|---|---|
table |
a lua table |
mysql¶
mysql_all_os¶
mysql_weak_psw¶
mysql_weak_psw(host, port [,username])
check mysql weak password
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| host | string |
url of mysql | true |
| port | string |
mysql port | true |
| username | string |
mysql username, default is 'root' | false |
Return value(s):
it issues an error when failed.
| Type | Description |
|---|---|
boolean |
true means found some weak password |
string |
the weak password if found |
mysql_ports_list¶
mysql_ports_list()
list the host MySQL ports
Return value(s):
it issues an error when fail to read.
| Type | Description |
|---|---|
table() |
each item describe as below |
| Name | Type | Description |
|---|---|---|
| pid | number | Process (or thread) ID |
| cmdline | string | Complete argv |
| port | number | Transport layer port |
| protocolversion | string | Mysql protocol version |
| statusflags | string | Socket file descriptor number |
| authpluginname | string | Auth plugin name |
| s️erverversion | string | Mysql S️erver Version |
| state | string | Process state |
output example:
port 3307
protocolversion 10
statusflags 2
authpluginname mysql_native_password
s️erverversion 5.7.34
state LISTEN
cmdline /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 3307 -container-ip 172.18.0.4 -container-port 3306
pid 7062
容器相关(container)¶
sc_docker_exist¶
sc_docker_exist()
check docker run at host
Return value(s):
it issues an error when failed.
| Type | Description |
|---|---|
boolean |
true docker service exists on the host |
sc_docker_containers¶
sc_docker_containers()
check mysql weak password
before other docker funcs ,sc_docker_exist must at first !!!
Return value(s):
it issues an error when failed.
| Type | Description |
|---|---|
[]string |
the containerName list |
sc_docker_runlike¶
sc_docker_runlike(containerName)
check mysql weak password
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| containerName | string |
image ID | true |
Return value(s):
it issues an error when failed.
| Type | Description |
|---|---|
string |
the containerName run command |
其他¶
trigger¶
trigger([template_vals])
trigger an event and send it to target with line protocol.
Parameters:
| Name | Type | Description | Required |
|---|---|---|---|
| template_vals | table |
if you use template in manifest, the values of this table will replace the template variables | false |
Return value(s):
it issues an error when failed.