Struct endpointsecurity_rs::EsClient

source · 
pub struct EsClient {
    pub rx: Receiver<EsMessage>,
    /* private fields */
}
Expand description

Create a new client to connect to Endpoint Security.

Fields§

§rx: Receiver<EsMessage>

Implementations§

source§

impl EsClient

source

pub fn new() -> Result<EsClient>

Create a new client that connects to the ES subsystem.

Example
    let client = endpointsecurity_rs::EsClient::new();
    assert!(client.is_ok());
Examples found in repository?
examples/session_events.rs (line 4)
3
4
5
6
7
8
9
10
11
12
13
14

fn main() {
    let mut client = EsClient::new().unwrap();
    client
        .add_event(EsEventType::NotifyLWSessionLock)
        .add_event(EsEventType::NotifyLWSessionUnlock)
        .subscribe();

    loop {
        let evt = client.recv_msg().unwrap();
        println!("{:?}", evt);
    }
}
More examples
Hide additional examples
examples/process_monitor.rs (line 4)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

fn main() {
    let mut client = EsClient::new().unwrap();
    client.add_event(EsEventType::NotifyExec).subscribe();

    loop {
        let msg = client.recv_msg().unwrap();
        if let Some(ref data) = msg.event_data {
            match data {
                EsEventData::NotifyExec(proc) => {
                    println!("{:?}", proc);
                }
                _ => {}
            }
        }
    }
}
examples/disallow_rename.rs (line 4)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

fn main() {
    let mut client = EsClient::new().unwrap();
    client.add_event(EsEventType::AuthRename).subscribe();

    loop {
        let ev = client.rx.recv().unwrap();
        if let Some(ref data) = ev.event_data {
            match data {
                EsEventData::AuthRename(info) => {
                    if info.source.path.contains("/Users/idipot/subcom.tech/test") {
                        println!("{:?}", ev);
                        ev.deny(&client);
                    } else {
                    }
                }
                _ => {}
            }
        }
    }
}
examples/ssh.rs (line 4)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

fn main() {
    let mut client = EsClient::new().unwrap();
    client
        .add_event(EsEventType::NotifyOpenSSHLogin)
        .subscribe();

    loop {
        let msg = client.rx.recv().unwrap();
        if let Some(ref data) = msg.event_data {
            match data {
                EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
                    let addr = match &ssh_deets.source_address {
                        EsAddressType::None => panic!("Sadge"),
                        EsAddressType::Ipv4(addr) => addr.to_string(),
                        EsAddressType::Ipv6(addr) => addr.to_string(),
                        EsAddressType::NamedSocket(addr) => addr.clone(),
                    };
                    println!(
                        "Someone from {} is trying to connect as {}",
                        addr, ssh_deets.username
                    );
                }
                _ => {}
            }
        }
    }
}
source

pub fn add_event(&mut self, event: EsEventType) -> &mut Self

Add a new event to subscribe

Examples found in repository?
examples/session_events.rs (line 6)
3
4
5
6
7
8
9
10
11
12
13
14

fn main() {
    let mut client = EsClient::new().unwrap();
    client
        .add_event(EsEventType::NotifyLWSessionLock)
        .add_event(EsEventType::NotifyLWSessionUnlock)
        .subscribe();

    loop {
        let evt = client.recv_msg().unwrap();
        println!("{:?}", evt);
    }
}
More examples
Hide additional examples
examples/process_monitor.rs (line 5)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

fn main() {
    let mut client = EsClient::new().unwrap();
    client.add_event(EsEventType::NotifyExec).subscribe();

    loop {
        let msg = client.recv_msg().unwrap();
        if let Some(ref data) = msg.event_data {
            match data {
                EsEventData::NotifyExec(proc) => {
                    println!("{:?}", proc);
                }
                _ => {}
            }
        }
    }
}
examples/disallow_rename.rs (line 5)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

fn main() {
    let mut client = EsClient::new().unwrap();
    client.add_event(EsEventType::AuthRename).subscribe();

    loop {
        let ev = client.rx.recv().unwrap();
        if let Some(ref data) = ev.event_data {
            match data {
                EsEventData::AuthRename(info) => {
                    if info.source.path.contains("/Users/idipot/subcom.tech/test") {
                        println!("{:?}", ev);
                        ev.deny(&client);
                    } else {
                    }
                }
                _ => {}
            }
        }
    }
}
examples/ssh.rs (line 6)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

fn main() {
    let mut client = EsClient::new().unwrap();
    client
        .add_event(EsEventType::NotifyOpenSSHLogin)
        .subscribe();

    loop {
        let msg = client.rx.recv().unwrap();
        if let Some(ref data) = msg.event_data {
            match data {
                EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
                    let addr = match &ssh_deets.source_address {
                        EsAddressType::None => panic!("Sadge"),
                        EsAddressType::Ipv4(addr) => addr.to_string(),
                        EsAddressType::Ipv6(addr) => addr.to_string(),
                        EsAddressType::NamedSocket(addr) => addr.clone(),
                    };
                    println!(
                        "Someone from {} is trying to connect as {}",
                        addr, ssh_deets.username
                    );
                }
                _ => {}
            }
        }
    }
}
source

pub fn subscribe(&self)

Subscribe to all the events added using Self::add_event

Examples found in repository?
examples/session_events.rs (line 8)
3
4
5
6
7
8
9
10
11
12
13
14

fn main() {
    let mut client = EsClient::new().unwrap();
    client
        .add_event(EsEventType::NotifyLWSessionLock)
        .add_event(EsEventType::NotifyLWSessionUnlock)
        .subscribe();

    loop {
        let evt = client.recv_msg().unwrap();
        println!("{:?}", evt);
    }
}
More examples
Hide additional examples
examples/process_monitor.rs (line 5)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

fn main() {
    let mut client = EsClient::new().unwrap();
    client.add_event(EsEventType::NotifyExec).subscribe();

    loop {
        let msg = client.recv_msg().unwrap();
        if let Some(ref data) = msg.event_data {
            match data {
                EsEventData::NotifyExec(proc) => {
                    println!("{:?}", proc);
                }
                _ => {}
            }
        }
    }
}
examples/disallow_rename.rs (line 5)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

fn main() {
    let mut client = EsClient::new().unwrap();
    client.add_event(EsEventType::AuthRename).subscribe();

    loop {
        let ev = client.rx.recv().unwrap();
        if let Some(ref data) = ev.event_data {
            match data {
                EsEventData::AuthRename(info) => {
                    if info.source.path.contains("/Users/idipot/subcom.tech/test") {
                        println!("{:?}", ev);
                        ev.deny(&client);
                    } else {
                    }
                }
                _ => {}
            }
        }
    }
}
examples/ssh.rs (line 7)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

fn main() {
    let mut client = EsClient::new().unwrap();
    client
        .add_event(EsEventType::NotifyOpenSSHLogin)
        .subscribe();

    loop {
        let msg = client.rx.recv().unwrap();
        if let Some(ref data) = msg.event_data {
            match data {
                EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
                    let addr = match &ssh_deets.source_address {
                        EsAddressType::None => panic!("Sadge"),
                        EsAddressType::Ipv4(addr) => addr.to_string(),
                        EsAddressType::Ipv6(addr) => addr.to_string(),
                        EsAddressType::NamedSocket(addr) => addr.clone(),
                    };
                    println!(
                        "Someone from {} is trying to connect as {}",
                        addr, ssh_deets.username
                    );
                }
                _ => {}
            }
        }
    }
}
source

pub fn unsubscribe_all(&self) -> bool

returns true if call to unsubscribe is successful, otherwise false

source

pub fn unsubscribe(&mut self, event: EsEventType) -> bool

returns true if call to unsubscribe is successful, otherwise false/

source

pub fn subscriptions(&self) -> Option<Vec<EsEventType>>

Get the events that the user subscribed to. Returns None on error

source

pub fn recv_msg(&self) -> Result<EsMessage, RecvError>

This function blocks

Examples found in repository?
examples/session_events.rs (line 11)
3
4
5
6
7
8
9
10
11
12
13
14

fn main() {
    let mut client = EsClient::new().unwrap();
    client
        .add_event(EsEventType::NotifyLWSessionLock)
        .add_event(EsEventType::NotifyLWSessionUnlock)
        .subscribe();

    loop {
        let evt = client.recv_msg().unwrap();
        println!("{:?}", evt);
    }
}
More examples
Hide additional examples
examples/process_monitor.rs (line 8)
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

fn main() {
    let mut client = EsClient::new().unwrap();
    client.add_event(EsEventType::NotifyExec).subscribe();

    loop {
        let msg = client.recv_msg().unwrap();
        if let Some(ref data) = msg.event_data {
            match data {
                EsEventData::NotifyExec(proc) => {
                    println!("{:?}", proc);
                }
                _ => {}
            }
        }
    }
}
source

pub fn try_recv_msg(&self) -> Result<EsMessage, TryRecvError>

This function doesn’t block

source

pub fn mute_path(&self, path: &Path, ty: EsMutePath) -> bool

Suppresses events from executables that match a given path. Returns true if muting was succesful.

source

pub fn unmute_path(&self, path: &Path, ty: EsMutePath) -> bool

Restores event delivery from a previously-muted path. Returns true if muting was succesful.

source

pub fn unmute_path_events( &self, path: &Path, ty: EsMutePath, events: &[EsEventType] ) -> bool

Restores event delivery of a subset of events from a previously-muted path.

source

pub fn unmute_all_paths(&self) -> bool

Restores event delivery from previously-muted paths.

source

pub fn destroy_client(self)

Deletes the client

Trait Implementations§

source§

impl Drop for EsClient

source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize = mem::align_of::<T>()

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.