Struct secmem_proc::config::Config
source · pub struct Config { /* private fields */ }
Expand description
Configuration for the hardening procedure. The configuration allows to enable or disable certain features, such as filesystem access (e.g. for procfs), anti-tracing methods and to use a custom DACL on windows.
Implementations§
source§impl Config
impl Config
sourcepub const fn new_with_anti_tracing(anti_tracing: bool) -> Self
pub const fn new_with_anti_tracing(anti_tracing: bool) -> Self
Create new default configuration, with anti-tracing set to
anti_tracing
.
sourcepub fn set_anti_tracing(&mut self, b: bool)
pub fn set_anti_tracing(&mut self, b: bool)
Set anti-tracing to b
(true means enabled).
sourcepub fn fs_mut(&mut self) -> &mut Fs
pub fn fs_mut(&mut self) -> &mut Fs
Get mutable reference to filesystem access configuration, allowing to modify it.
sourcepub fn set_fs_procfs(&mut self, b: bool)
pub fn set_fs_procfs(&mut self, b: bool)
Set procfs access to b
(true means enabled).
sourcepub fn set_unstable(&mut self, b: bool)
pub fn set_unstable(&mut self, b: bool)
Set unstable hardening methods to b
(true means enabled).
Default is disabled (false). Note that the unstable
crate feature is
required for this configuration to have any effect. Without that crate
feature, the value of this configuration is silently ignored, and
unstable hardening is not performed.
sourcepub fn unstable_mut(&mut self) -> &mut Unstable
pub fn unstable_mut(&mut self) -> &mut Unstable
Get mutable reference to unstable hardening configuration, allowing to modify it.
sourcepub fn set_unstable_win_ntapi(&mut self, b: bool)
pub fn set_unstable_win_ntapi(&mut self, b: bool)
Set use of unstable windows native API to b
(true means enabled).
Default is disabled (false). Note that the unstable
crate feature is
required for this configuration to have any effect. Without that crate
feature, the value of this configuration is silently ignored, and
unstable hardening is not performed.
sourcepub fn set_unstable_win_kernelmem(&mut self, b: bool)
pub fn set_unstable_win_kernelmem(&mut self, b: bool)
Set use of unstable windows hardening relying on shared kernel memory to
b
(true means enabled).
Default is disabled (false). Note that the unstable
crate feature is
required for this configuration to have any effect. Without that crate
feature, the value of this configuration is silently ignored, and
unstable hardening is not performed.
sourcepub fn set_win_dacl(&mut self, dacl: WinDacl)
pub fn set_win_dacl(&mut self, dacl: WinDacl)
Configure a custom windows DACL dacl
(for the process).
sourcepub fn set_win_dacl_default(&mut self)
pub fn set_win_dacl_default(&mut self)
Configure the windows DAC (for the process)L as the default.
sourcepub fn set_win_dacl_empty(&mut self)
pub fn set_win_dacl_empty(&mut self)
Configure the windows DACL (for the process) as an empty DACL. This means giving no access to any user at all. This is extremely strict. Use with caution.
sourcepub fn set_win_dacl_custom_user_perm(&mut self, access: WinDaclProcessAccess)
pub fn set_win_dacl_custom_user_perm(&mut self, access: WinDaclProcessAccess)
Configure the windows DACL (for the process) as a DACL which gives
precisely the accesses specified by access
to the current user, and no
access to any other user.
sourcepub fn set_win_dacl_custom_fn(&mut self, fnptr: fn() -> Result)
pub fn set_win_dacl_custom_fn(&mut self, fnptr: fn() -> Result)
Configure to, instead of setting a DACL (for the process) on windows,
call the function fnptr
. This callback function fnptr
can then be
used to set a custom DACL yourself, using the API in
crate::win_acl
.
sourcepub fn harden_process(self) -> Result
pub fn harden_process(self) -> Result
Use the configuration self
to harden the current process.