endpointsecurity_rs

Struct EsClient

Source 
pub struct EsClient {
    pub rx: Receiver<EsMessage>,
    /* private fields */
}
Expand description

Create a new client to connect to Endpoint Security.

Fields§

§rx: Receiver<EsMessage>

Implementations§

Source§

impl EsClient

Source

pub fn new() -> Result<EsClient>

Create a new client that connects to the ES subsystem.

§Example
    let client = endpointsecurity_rs::EsClient::new();
    assert!(client.is_ok());
Examples found in repository?
examples/session_events.rs (line 4)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client
6        .add_event(EsEventType::NotifyLWSessionLock)
7        .add_event(EsEventType::NotifyLWSessionUnlock)
8        .subscribe();
9
10    loop {
11        let evt = client.recv_msg().unwrap();
12        println!("{:?}", evt);
13    }
14}
More examples
Hide additional examples
examples/process_monitor.rs (line 4)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client.add_event(EsEventType::NotifyExec).subscribe();
6
7    loop {
8        let msg = client.recv_msg().unwrap();
9        if let Some(ref data) = msg.event_data {
10            match data {
11                EsEventData::NotifyExec(proc) => {
12                    println!("{:?}", proc);
13                }
14                _ => {}
15            }
16        }
17    }
18}
examples/disallow_rename.rs (line 4)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client.add_event(EsEventType::AuthRename).subscribe();
6
7    loop {
8        let ev = client.rx.recv().unwrap();
9        if let Some(ref data) = ev.event_data {
10            match data {
11                EsEventData::AuthRename(info) => {
12                    if info.source.path.contains("/Users/idipot/subcom.tech/test") {
13                        println!("{:?}", ev);
14                        ev.deny(&client);
15                    } else {
16                    }
17                }
18                _ => {}
19            }
20        }
21    }
22}
examples/ssh.rs (line 4)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client
6        .add_event(EsEventType::NotifyOpenSSHLogin)
7        .subscribe();
8
9    loop {
10        let msg = client.rx.recv().unwrap();
11        if let Some(ref data) = msg.event_data {
12            match data {
13                EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
14                    let addr = match &ssh_deets.source_address {
15                        EsAddressType::None => panic!("Sadge"),
16                        EsAddressType::Ipv4(addr) => addr.to_string(),
17                        EsAddressType::Ipv6(addr) => addr.to_string(),
18                        EsAddressType::NamedSocket(addr) => addr.clone(),
19                    };
20                    println!(
21                        "Someone from {} is trying to connect as {}",
22                        addr, ssh_deets.username
23                    );
24                }
25                _ => {}
26            }
27        }
28    }
29}
Source

pub fn add_event(&mut self, event: EsEventType) -> &mut Self

Add a new event to subscribe

Examples found in repository?
examples/session_events.rs (line 6)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client
6        .add_event(EsEventType::NotifyLWSessionLock)
7        .add_event(EsEventType::NotifyLWSessionUnlock)
8        .subscribe();
9
10    loop {
11        let evt = client.recv_msg().unwrap();
12        println!("{:?}", evt);
13    }
14}
More examples
Hide additional examples
examples/process_monitor.rs (line 5)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client.add_event(EsEventType::NotifyExec).subscribe();
6
7    loop {
8        let msg = client.recv_msg().unwrap();
9        if let Some(ref data) = msg.event_data {
10            match data {
11                EsEventData::NotifyExec(proc) => {
12                    println!("{:?}", proc);
13                }
14                _ => {}
15            }
16        }
17    }
18}
examples/disallow_rename.rs (line 5)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client.add_event(EsEventType::AuthRename).subscribe();
6
7    loop {
8        let ev = client.rx.recv().unwrap();
9        if let Some(ref data) = ev.event_data {
10            match data {
11                EsEventData::AuthRename(info) => {
12                    if info.source.path.contains("/Users/idipot/subcom.tech/test") {
13                        println!("{:?}", ev);
14                        ev.deny(&client);
15                    } else {
16                    }
17                }
18                _ => {}
19            }
20        }
21    }
22}
examples/ssh.rs (line 6)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client
6        .add_event(EsEventType::NotifyOpenSSHLogin)
7        .subscribe();
8
9    loop {
10        let msg = client.rx.recv().unwrap();
11        if let Some(ref data) = msg.event_data {
12            match data {
13                EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
14                    let addr = match &ssh_deets.source_address {
15                        EsAddressType::None => panic!("Sadge"),
16                        EsAddressType::Ipv4(addr) => addr.to_string(),
17                        EsAddressType::Ipv6(addr) => addr.to_string(),
18                        EsAddressType::NamedSocket(addr) => addr.clone(),
19                    };
20                    println!(
21                        "Someone from {} is trying to connect as {}",
22                        addr, ssh_deets.username
23                    );
24                }
25                _ => {}
26            }
27        }
28    }
29}
Source

pub fn subscribe(&self)

Subscribe to all the events added using Self::add_event

Examples found in repository?
examples/session_events.rs (line 8)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client
6        .add_event(EsEventType::NotifyLWSessionLock)
7        .add_event(EsEventType::NotifyLWSessionUnlock)
8        .subscribe();
9
10    loop {
11        let evt = client.recv_msg().unwrap();
12        println!("{:?}", evt);
13    }
14}
More examples
Hide additional examples
examples/process_monitor.rs (line 5)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client.add_event(EsEventType::NotifyExec).subscribe();
6
7    loop {
8        let msg = client.recv_msg().unwrap();
9        if let Some(ref data) = msg.event_data {
10            match data {
11                EsEventData::NotifyExec(proc) => {
12                    println!("{:?}", proc);
13                }
14                _ => {}
15            }
16        }
17    }
18}
examples/disallow_rename.rs (line 5)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client.add_event(EsEventType::AuthRename).subscribe();
6
7    loop {
8        let ev = client.rx.recv().unwrap();
9        if let Some(ref data) = ev.event_data {
10            match data {
11                EsEventData::AuthRename(info) => {
12                    if info.source.path.contains("/Users/idipot/subcom.tech/test") {
13                        println!("{:?}", ev);
14                        ev.deny(&client);
15                    } else {
16                    }
17                }
18                _ => {}
19            }
20        }
21    }
22}
examples/ssh.rs (line 7)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client
6        .add_event(EsEventType::NotifyOpenSSHLogin)
7        .subscribe();
8
9    loop {
10        let msg = client.rx.recv().unwrap();
11        if let Some(ref data) = msg.event_data {
12            match data {
13                EsEventData::NotifyOpenSSHLogin(ssh_deets) => {
14                    let addr = match &ssh_deets.source_address {
15                        EsAddressType::None => panic!("Sadge"),
16                        EsAddressType::Ipv4(addr) => addr.to_string(),
17                        EsAddressType::Ipv6(addr) => addr.to_string(),
18                        EsAddressType::NamedSocket(addr) => addr.clone(),
19                    };
20                    println!(
21                        "Someone from {} is trying to connect as {}",
22                        addr, ssh_deets.username
23                    );
24                }
25                _ => {}
26            }
27        }
28    }
29}
Source

pub fn unsubscribe_all(&self) -> bool

returns true if call to unsubscribe is successful, otherwise false

Source

pub fn unsubscribe(&mut self, event: EsEventType) -> bool

returns true if call to unsubscribe is successful, otherwise false/

Source

pub fn subscriptions(&self) -> Option<Vec<EsEventType>>

Get the events that the user subscribed to. Returns None on error

Source

pub fn recv_msg(&self) -> Result<EsMessage, RecvError>

This function blocks

Examples found in repository?
examples/session_events.rs (line 11)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client
6        .add_event(EsEventType::NotifyLWSessionLock)
7        .add_event(EsEventType::NotifyLWSessionUnlock)
8        .subscribe();
9
10    loop {
11        let evt = client.recv_msg().unwrap();
12        println!("{:?}", evt);
13    }
14}
More examples
Hide additional examples
examples/process_monitor.rs (line 8)
3fn main() {
4    let mut client = EsClient::new().unwrap();
5    client.add_event(EsEventType::NotifyExec).subscribe();
6
7    loop {
8        let msg = client.recv_msg().unwrap();
9        if let Some(ref data) = msg.event_data {
10            match data {
11                EsEventData::NotifyExec(proc) => {
12                    println!("{:?}", proc);
13                }
14                _ => {}
15            }
16        }
17    }
18}
Source

pub fn try_recv_msg(&self) -> Result<EsMessage, TryRecvError>

This function doesn’t block

Source

pub fn mute_path(&self, path: &Path, ty: EsMutePath) -> bool

Suppresses events from executables that match a given path. Returns true if muting was succesful.

Source

pub fn unmute_path(&self, path: &Path, ty: EsMutePath) -> bool

Restores event delivery from a previously-muted path. Returns true if muting was succesful.

Source

pub fn unmute_path_events( &self, path: &Path, ty: EsMutePath, events: &[EsEventType], ) -> bool

Restores event delivery of a subset of events from a previously-muted path.

Source

pub fn unmute_all_paths(&self) -> bool

Restores event delivery from previously-muted paths.

Source

pub fn destroy_client(self)

Deletes the client

Trait Implementations§

Source§

impl Drop for EsClient

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.