Struct endpointsecurity_rs::EsClient
source · pub struct EsClient {
pub rx: Receiver<EsMessage>,
/* private fields */
}
Expand description
Create a new client to connect to Endpoint Security.
Fields§
§rx: Receiver<EsMessage>
Implementations§
source§impl EsClient
impl EsClient
sourcepub fn new() -> Result<EsClient>
pub fn new() -> Result<EsClient>
Create a new client that connects to the ES subsystem.
Example
let client = endpointsecurity_rs::EsClient::new();
assert!(client.is_ok());
Examples found in repository?
3 4 5 6 7 8 9 10 11 12 13 14
fn main() {
let mut client = EsClient::new().unwrap();
client
.add_event(EsEventType::NotifyLWSessionLock)
.add_event(EsEventType::NotifyLWSessionUnlock)
.subscribe();
loop {
let evt = client.recv_msg().unwrap();
println!("{:?}", evt);
}
}
More examples
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
fn main() {
let mut client = EsClient::new().unwrap();
client.add_event(EsEventType::NotifyExec).subscribe();
loop {
let msg = client.recv_msg().unwrap();
if let Some(ref data) = msg.event_data {
match data {
EsEventData::NotifyExec(proc) => {
println!("{:?}", proc);
}
_ => {}
}
}
}
}
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
fn main() {
let mut client = EsClient::new().unwrap();
client.add_event(EsEventType::AuthRename).subscribe();
loop {
let ev = client.rx.recv().unwrap();
if let Some(ref data) = ev.event_data {
match data {
EsEventData::AuthRename(info) => {
if info.source.path.contains("/Users/idipot/subcom.tech/test") {
println!("{:?}", ev);
ev.deny(&client);
} else {
}
}
_ => {}
}
}
}
}
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
fn main() {
let mut client = EsClient::new().unwrap();
client
.add_event(EsEventType::NotifyOpenSSHLogin)
.subscribe();
loop {
let msg = client.rx.recv().unwrap();
if let Some(ref data) = msg.event_data {
match data {
EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
let addr = match &ssh_deets.source_address {
EsAddressType::None => panic!("Sadge"),
EsAddressType::Ipv4(addr) => addr.to_string(),
EsAddressType::Ipv6(addr) => addr.to_string(),
EsAddressType::NamedSocket(addr) => addr.clone(),
};
println!(
"Someone from {} is trying to connect as {}",
addr, ssh_deets.username
);
}
_ => {}
}
}
}
}
sourcepub fn add_event(&mut self, event: EsEventType) -> &mut Self
pub fn add_event(&mut self, event: EsEventType) -> &mut Self
Add a new event to subscribe
Examples found in repository?
3 4 5 6 7 8 9 10 11 12 13 14
fn main() {
let mut client = EsClient::new().unwrap();
client
.add_event(EsEventType::NotifyLWSessionLock)
.add_event(EsEventType::NotifyLWSessionUnlock)
.subscribe();
loop {
let evt = client.recv_msg().unwrap();
println!("{:?}", evt);
}
}
More examples
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
fn main() {
let mut client = EsClient::new().unwrap();
client.add_event(EsEventType::NotifyExec).subscribe();
loop {
let msg = client.recv_msg().unwrap();
if let Some(ref data) = msg.event_data {
match data {
EsEventData::NotifyExec(proc) => {
println!("{:?}", proc);
}
_ => {}
}
}
}
}
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
fn main() {
let mut client = EsClient::new().unwrap();
client.add_event(EsEventType::AuthRename).subscribe();
loop {
let ev = client.rx.recv().unwrap();
if let Some(ref data) = ev.event_data {
match data {
EsEventData::AuthRename(info) => {
if info.source.path.contains("/Users/idipot/subcom.tech/test") {
println!("{:?}", ev);
ev.deny(&client);
} else {
}
}
_ => {}
}
}
}
}
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
fn main() {
let mut client = EsClient::new().unwrap();
client
.add_event(EsEventType::NotifyOpenSSHLogin)
.subscribe();
loop {
let msg = client.rx.recv().unwrap();
if let Some(ref data) = msg.event_data {
match data {
EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
let addr = match &ssh_deets.source_address {
EsAddressType::None => panic!("Sadge"),
EsAddressType::Ipv4(addr) => addr.to_string(),
EsAddressType::Ipv6(addr) => addr.to_string(),
EsAddressType::NamedSocket(addr) => addr.clone(),
};
println!(
"Someone from {} is trying to connect as {}",
addr, ssh_deets.username
);
}
_ => {}
}
}
}
}
sourcepub fn subscribe(&self)
pub fn subscribe(&self)
Subscribe to all the events added using Self::add_event
Examples found in repository?
3 4 5 6 7 8 9 10 11 12 13 14
fn main() {
let mut client = EsClient::new().unwrap();
client
.add_event(EsEventType::NotifyLWSessionLock)
.add_event(EsEventType::NotifyLWSessionUnlock)
.subscribe();
loop {
let evt = client.recv_msg().unwrap();
println!("{:?}", evt);
}
}
More examples
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
fn main() {
let mut client = EsClient::new().unwrap();
client.add_event(EsEventType::NotifyExec).subscribe();
loop {
let msg = client.recv_msg().unwrap();
if let Some(ref data) = msg.event_data {
match data {
EsEventData::NotifyExec(proc) => {
println!("{:?}", proc);
}
_ => {}
}
}
}
}
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
fn main() {
let mut client = EsClient::new().unwrap();
client.add_event(EsEventType::AuthRename).subscribe();
loop {
let ev = client.rx.recv().unwrap();
if let Some(ref data) = ev.event_data {
match data {
EsEventData::AuthRename(info) => {
if info.source.path.contains("/Users/idipot/subcom.tech/test") {
println!("{:?}", ev);
ev.deny(&client);
} else {
}
}
_ => {}
}
}
}
}
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
fn main() {
let mut client = EsClient::new().unwrap();
client
.add_event(EsEventType::NotifyOpenSSHLogin)
.subscribe();
loop {
let msg = client.rx.recv().unwrap();
if let Some(ref data) = msg.event_data {
match data {
EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
let addr = match &ssh_deets.source_address {
EsAddressType::None => panic!("Sadge"),
EsAddressType::Ipv4(addr) => addr.to_string(),
EsAddressType::Ipv6(addr) => addr.to_string(),
EsAddressType::NamedSocket(addr) => addr.clone(),
};
println!(
"Someone from {} is trying to connect as {}",
addr, ssh_deets.username
);
}
_ => {}
}
}
}
}
sourcepub fn unsubscribe_all(&self) -> bool
pub fn unsubscribe_all(&self) -> bool
returns true if call to unsubscribe is successful, otherwise false
sourcepub fn unsubscribe(&mut self, event: EsEventType) -> bool
pub fn unsubscribe(&mut self, event: EsEventType) -> bool
returns true if call to unsubscribe is successful, otherwise false/
sourcepub fn subscriptions(&self) -> Option<Vec<EsEventType>>
pub fn subscriptions(&self) -> Option<Vec<EsEventType>>
Get the events that the user subscribed to. Returns None
on error
sourcepub fn recv_msg(&self) -> Result<EsMessage, RecvError>
pub fn recv_msg(&self) -> Result<EsMessage, RecvError>
This function blocks
Examples found in repository?
3 4 5 6 7 8 9 10 11 12 13 14
fn main() {
let mut client = EsClient::new().unwrap();
client
.add_event(EsEventType::NotifyLWSessionLock)
.add_event(EsEventType::NotifyLWSessionUnlock)
.subscribe();
loop {
let evt = client.recv_msg().unwrap();
println!("{:?}", evt);
}
}
More examples
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
fn main() {
let mut client = EsClient::new().unwrap();
client.add_event(EsEventType::NotifyExec).subscribe();
loop {
let msg = client.recv_msg().unwrap();
if let Some(ref data) = msg.event_data {
match data {
EsEventData::NotifyExec(proc) => {
println!("{:?}", proc);
}
_ => {}
}
}
}
}
sourcepub fn try_recv_msg(&self) -> Result<EsMessage, TryRecvError>
pub fn try_recv_msg(&self) -> Result<EsMessage, TryRecvError>
This function doesn’t block
sourcepub fn mute_path(&self, path: &Path, ty: EsMutePath) -> bool
pub fn mute_path(&self, path: &Path, ty: EsMutePath) -> bool
Suppresses events from executables that match a given path.
Returns true
if muting was succesful.
sourcepub fn unmute_path(&self, path: &Path, ty: EsMutePath) -> bool
pub fn unmute_path(&self, path: &Path, ty: EsMutePath) -> bool
Restores event delivery from a previously-muted path.
Returns true
if muting was succesful.
sourcepub fn unmute_path_events(
&self,
path: &Path,
ty: EsMutePath,
events: &[EsEventType]
) -> bool
pub fn unmute_path_events( &self, path: &Path, ty: EsMutePath, events: &[EsEventType] ) -> bool
Restores event delivery of a subset of events from a previously-muted path.
sourcepub fn unmute_all_paths(&self) -> bool
pub fn unmute_all_paths(&self) -> bool
Restores event delivery from previously-muted paths.
sourcepub fn destroy_client(self)
pub fn destroy_client(self)
Deletes the client