Comments (4)
@vpetersson I don't get why you call network monitoring unrealistic. There's libnetfilter_conntrack
designed just for this purpose and there are at least two Python bindings for it: https://github.com/mk-fg/conntrack-logger and https://github.com/ei-grad/python-conntrack.
I believe sampling every 60s is kind of useless in terms of security. If something spoofs data to a remote server it will do that quickly, and sampling might not catch it. And also it's a lot of data to process.
from agent.
@a-martynovich I'm open to exploring. My thinking was simply that doing real time processing will be too expensive both in terms of bandwidth and CPU. Keep in mind that the agent can consume close to no resources to not be in the way of the other workload.
from agent.
@vpetersson Unless the device is doing heavy p2p networking there shouldn't be too many connections happening. We only listen for opening/closing of connections, right?
We can delay the processing of connection list (like packing and sending to the API server), but we should gather the connections continuously. This also means that agent (or a spawned part of it) should run continuously. And I offer the same for #31 and #20 .
However I understand that what I'm offering is a bit more work, so sampling is an easier starting point. The connection list should arrive with /ping
request, right?
from agent.
@a-martynovich yeah let's start with sampling for now and view it as an area we know we need to improve. If you're curious, take a look at this paper that gives you a good overview of the problem and data points we might want to capture.
from agent.
Related Issues (20)
- Set User-Agent header
- Implement functinality to patch system based on recommended actions HOT 5
- Installation fails on Debian Jessie HOT 2
- Add audit of Docker containers HOT 2
- Add environment/cloud detection HOT 3
- "Automatic security updates" fail to detect on Debian/Aws Linux HOT 2
- Improve sshd detection/logic HOT 3
- Fix self-update script for agent HOT 2
- Detect and send kernel metapacakages HOT 1
- Detect VirtualBox and suppress heartbleed/spectre
- Add support for Ubuntu 18.10 HOT 2
- Fix installation error on Ubuntu 16.04 HOT 4
- Implement CIS Benchmarks for OpenSSH (section 5.2) the Ubuntu guide. HOT 5
- Audit/Detect SSH keys
- Self-update code is broken on AWS Linux
- Certificate renewal broken on AWS Linux HOT 2
- Resolve kernel detection
- 'python-iptables: match "state" already registered' on AWS Linux HOT 5
- Formatting issue in post-install message
- Investigate CPU usage spike on Ubuntu HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from agent.