使用systemctl start elkeid_ac启动服务
查看 /opt/Elkeid_AC/log/svr.log 文件，有如下错误

{"level":"info","ts":1645589215.0774703,"msg":"InitComponents","info":"KAFKA Producer: [127.0.0.1:9092] - hids_svr"}
{"level":"error","ts":1645589215.8380973,"msg":"KAFKA","info":"NewClient error:kafka: client has run out of available brokers to talk to (Is your cluster reachable?)"}
{"level":"fatal","ts":1645589215.838166,"msg":"InitComponents","info":"[127.0.0.1:9092] hids_svr CONNECT_KAFKA_ERROR: kafka: client has run out of available brokers to talk to (Is your cluster reachable?)"}
请教下是因为什么原因导致的？

1、kafka是否启动成功？
使用发送消息和接受消息的方法来测试kafa是否工作正常，kafka是ok的！！
发送消息
bin/kafka-console-producer.sh --broker-list 127.0.0.1:9092 --topic hids_svr

{"info":"test"}

接收消息
bin/kafka-console-consumer.sh --bootstrap-server 127.0.0.1:9092 --topic hids_svr --from-beginning

2、agent_center配置问题？
conf/svr.yml配置文件内容如下

manage:
addrs:
- 192.168.101.84:6701

sd:
name: hids_svr
addrs:
- 192.168.101.84:8088
auth:
ak: 91728dc875a94ae2
sk: 5208f7426cf34234ba200b9111fcd4a8

############################# Kafka Settings #############################
kafka:
addrs:
- 127.0.0.1:9092
topic: hids_svr
sasl:
enable: true
username: user
password: password
logpath: ./log/sarama.log

server:
log:
applog:
path: ./log/svr.log
loglevel: 0

ssl:
keyfile: ./conf/server.key
certfile: ./conf/server.crt
cafile: ./conf/ca.crt

grpc:
port: 6751
connlimit: 1500

http:
port: 6752
auth:
enable: true
aksk:
888025e5cc0a4142: e01a7f78be1747e2bb41286cb80c3249
ssl:
enable: true

pprof:
enable: true
port: 6753

Describe the bug
scanner rust 编译报错
环境：windows10 + wsl2

To Reproduce
chmod +x ./build.sh && ./build.sh

Expected behavior
编译成功

Screenshots

Additional context

 Compiling yara-sys v0.6.2
error: failed to run custom build command for `yara-sys v0.6.2`

Caused by:
  process didn't exit successfully: `/mnt/e/S/cplugin/scanner/target/release/build/yara-sys-c4f27cafef8ededd/build-script-build` (exit code: 101)
  --- stdout
  TARGET = Some("x86_64-unknown-linux-gnu")
  OPT_LEVEL = Some("3")
  HOST = Some("x86_64-unknown-linux-gnu")
  CC_x86_64-unknown-linux-gnu = None
  CC_x86_64_unknown_linux_gnu = None
  HOST_CC = None
  CC = None
  CFLAGS_x86_64-unknown-linux-gnu = None
  CFLAGS_x86_64_unknown_linux_gnu = None
  HOST_CFLAGS = None
  CFLAGS = None
  CRATE_CC_NO_DEFAULTS = None
  DEBUG = Some("false")
  CARGO_CFG_TARGET_FEATURE = Some("crt-static,fxsr,sse,sse2")
  CC_x86_64-unknown-linux-gnu = None
  CC_x86_64_unknown_linux_gnu = None
  HOST_CC = None
  CC = None
  CFLAGS_x86_64-unknown-linux-gnu = None
  CFLAGS_x86_64_unknown_linux_gnu = None
  HOST_CFLAGS = None
  CFLAGS = None
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("crt-static,fxsr,sse,sse2")
  CC_x86_64-unknown-linux-gnu = None
  CC_x86_64_unknown_linux_gnu = None
  HOST_CC = None
  CC = None
  CFLAGS_x86_64-unknown-linux-gnu = None
  CFLAGS_x86_64_unknown_linux_gnu = None
  HOST_CFLAGS = None
  CFLAGS = None
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("crt-static,fxsr,sse,sse2")
  CC_x86_64-unknown-linux-gnu = None
  CC_x86_64_unknown_linux_gnu = None
  HOST_CC = None
  CC = None
  CFLAGS_x86_64-unknown-linux-gnu = None
  CFLAGS_x86_64_unknown_linux_gnu = None
  HOST_CFLAGS = None
  CFLAGS = None
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("crt-static,fxsr,sse,sse2")
  CC_x86_64-unknown-linux-gnu = None
  CC_x86_64_unknown_linux_gnu = None
  HOST_CC = None
  CC = None
  CFLAGS_x86_64-unknown-linux-gnu = None
  CFLAGS_x86_64_unknown_linux_gnu = None
  HOST_CFLAGS = None
  CFLAGS = None
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("crt-static,fxsr,sse,sse2")
  CC_x86_64-unknown-linux-gnu = None
  CC_x86_64_unknown_linux_gnu = None
  HOST_CC = None
  CC = None
  CFLAGS_x86_64-unknown-linux-gnu = None
  CFLAGS_x86_64_unknown_linux_gnu = None
  HOST_CFLAGS = None
  CFLAGS = None
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("crt-static,fxsr,sse,sse2")
  CC_x86_64-unknown-linux-gnu = None
  CC_x86_64_unknown_linux_gnu = None
  HOST_CC = None
  CC = None
  CFLAGS_x86_64-unknown-linux-gnu = None
  CFLAGS_x86_64_unknown_linux_gnu = None
  HOST_CFLAGS = None
  CFLAGS = None
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("crt-static,fxsr,sse,sse2")
  CC_x86_64-unknown-linux-gnu = None
  CC_x86_64_unknown_linux_gnu = None
  HOST_CC = None
  CC = None
  CFLAGS_x86_64-unknown-linux-gnu = None
  CFLAGS_x86_64_unknown_linux_gnu = None
  HOST_CFLAGS = None
  CFLAGS = None
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("crt-static,fxsr,sse,sse2")
  running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-static" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1
ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/include" "-Wall" "-Wextra" "-Wno-deprecated-declarations" "-Wno-unused-parameter" "-Wno-unused-function" "-Wno-cast-function-type" "-Wno-type-limits" "-Wno-tautological-constant-out-of-ran
ge-compare" "-Wno-sign-compare" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/mnt/e/S/cplugin/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-8beadc18cf505f1f/
out/ahocorasick.o" "-c" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c"
  exit code: 0
  running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-static" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1
ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/include" "-Wall" "-Wextra" "-Wno-deprecated-declarations" "-Wno-unused-parameter" "-Wno-unused-function" "-Wno-cast-function-type" "-Wno-type-limits" "-Wno-tautological-constant-out-of-ran
ge-compare" "-Wno-sign-compare" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/mnt/e/S/cplugin/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-8beadc18cf505f1f/
out/arena.o" "-c" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/arena.c"
  exit code: 0
  running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-static" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1
ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/include" "-Wall" "-Wextra" "-Wno-deprecated-declarations" "-Wno-unused-parameter" "-Wno-unused-function" "-Wno-cast-function-type" "-Wno-type-limits" "-Wno-tautological-constant-out-of-ran
ge-compare" "-Wno-sign-compare" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/mnt/e/S/cplugin/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-8beadc18cf505f1f/
out/atoms.o" "-c" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/atoms.c"
  exit code: 0
  running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-static" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1
ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/include" "-Wall" "-Wextra" "-Wno-deprecated-declarations" "-Wno-unused-parameter" "-Wno-unused-function" "-Wno-cast-function-type" "-Wno-type-limits" "-Wno-tautological-constant-out-of-ran
ge-compare" "-Wno-sign-compare" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/mnt/e/S/cplugin/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-8beadc18cf505f1f/
out/base64.o" "-c" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/base64.c"
  exit code: 0
  running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-static" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara" "-I" "/home/c4rp3/.cargo/registry/src/github.com-1
ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/include" "-Wall" "-Wextra" "-Wno-deprecated-declarations" "-Wno-unused-parameter" "-Wno-unused-function" "-Wno-cast-function-type" "-Wno-type-limits" "-Wno-tautological-constant-out-of-ran
ge-compare" "-Wno-sign-compare" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/mnt/e/S/cplugin/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-8beadc18cf505f1f/
out/bitmask.o" "-c" "/home/c4rp3/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/bitmask.c"
  exit code: 0

{"plugin":"scanner","level":"error","version":"1.6.0.0","time_pkg":"1626319733","in_ipv6_list":"","source":"scanner::detector","timestamp":"1626319733","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv4_list":"","ex_ipv6_list":"","data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }"}
{"in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","plugin":"scanner","source":"scanner::detector","time_pkg":"1626319735","hostname":"host-10-170-203-15","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","ex_ipv4_list":"","in_ipv6_list":"","ex_ipv6_list":"","timestamp":"1626319735","level":"error","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","version":"1.6.0.0"}
{"in_ipv6_list":"","ex_ipv4_list":"","data_type":"1002","timestamp":"1626319737","plugin":"scanner","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","version":"1.6.0.0","level":"error","time_pkg":"1626319737","ex_ipv6_list":"","source":"scanner::detector","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"level":"error","source":"scanner::detector","timestamp":"1626319739","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","in_ipv6_list":"","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","ex_ipv4_list":"","ex_ipv6_list":"","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","data_type":"1002","plugin":"scanner","time_pkg":"1626319739","hostname":"host-10-170-203-15","version":"1.6.0.0"}
{"data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","plugin":"scanner","source":"scanner::detector","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv4_list":"","timestamp":"1626319741","version":"1.6.0.0","ex_ipv6_list":"","level":"error","time_pkg":"1626319741","in_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }"}
{"hostname":"host-10-170-203-15","in_ipv6_list":"","ex_ipv6_list":"","level":"error","source":"scanner::detector","data_type":"1002","time_pkg":"1626319743","ex_ipv4_list":"","plugin":"scanner","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","timestamp":"1626319743","version":"1.6.0.0"}
{"data_type":"1000","net_type":"ac","ex_ipv6_list":"","kernel_version":"3.10.0-1160.6.1.el7.x86_64","plugins":"[{"rss":3477504,"io":0,"cpu":0.00033451808488604867,"name":"journal_watcher","version":"1.6.0.0","pid":146828,"qps":0},{"rss":53628928,"io":8192,"cpu":0.0006690361697720825,"name":"scanner","version":"0.0.0.1","pid":147132,"qps":0.5},{"rss":9437184,"io":0,"cpu":0.0010035542546581535,"name":"driver","version":"1.6.0.0","pid":146820,"qps":12.866666666666667},{"rss":12058624,"io":0,"cpu":0.00033451808488604867,"name":"collector","version":"1.6.0.0","pid":146832,"qps":0}]","time_pkg":"1626319743","platform_version":"7.9.2009","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv4_list":"","slab":"2293104","platform":"centos","io":"0","timestamp":"1626319743","in_ipv6_list":"","cpu":"0.00368","memory":"19562496","hostname":"host-10-170-203-15","version":"1.6.0.0"}
{"level":"error","source":"scanner::detector","hostname":"host-10-170-203-15","timestamp":"1626319745","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319745","ex_ipv6_list":"","in_ipv6_list":"","ex_ipv4_list":"","plugin":"scanner","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","data_type":"1002","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"hostname":"host-10-170-203-15","version":"1.6.0.0","source":"scanner::detector","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","level":"error","plugin":"scanner","data_type":"1002","ex_ipv4_list":"","timestamp":"1626319747","time_pkg":"1626319747","in_ipv6_list":"","ex_ipv6_list":""}
{"level":"error","plugin":"scanner","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","timestamp":"1626319749","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","in_ipv6_list":"","hostname":"host-10-170-203-15","source":"scanner::detector","time_pkg":"1626319749","version":"1.6.0.0","ex_ipv4_list":"","ex_ipv6_list":""}
{"ex_ipv4_list":"","level":"error","plugin":"scanner","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","in_ipv6_list":"","data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319751","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","timestamp":"1626319751","ex_ipv6_list":""}
{"timestamp":"1626319753","plugin":"scanner","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319753","version":"1.6.0.0","source":"scanner::detector","data_type":"1002","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","level":"error","ex_ipv4_list":"","in_ipv6_list":"","hostname":"host-10-170-203-15","ex_ipv6_list":""}
{"level":"error","ex_ipv4_list":"","ex_ipv6_list":"","timestamp":"1626319755","hostname":"host-10-170-203-15","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","time_pkg":"1626319755","plugin":"scanner","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv6_list":"","data_type":"1002"}
{"ex_ipv4_list":"","plugin":"scanner","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","version":"1.6.0.0","ex_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","source":"scanner::detector","level":"error","time_pkg":"1626319757","in_ipv6_list":"","timestamp":"1626319757","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"plugin":"scanner","timestamp":"1626319759","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","version":"1.6.0.0","ex_ipv4_list":"","source":"scanner::detector","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319759","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv6_list":"","level":"error","hostname":"host-10-170-203-15","in_ipv6_list":""}
{"source":"scanner::detector","timestamp":"1626319761","hostname":"host-10-170-203-15","level":"error","data_type":"1002","time_pkg":"1626319761","ex_ipv4_list":"","ex_ipv6_list":"","plugin":"scanner","in_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv6_list":"","plugin":"scanner","version":"1.6.0.0","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","level":"error","data_type":"1002","source":"scanner::detector","timestamp":"1626319763","time_pkg":"1626319763","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv4_list":"","ex_ipv6_list":""}
{"plugin":"scanner","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","source":"scanner::detector","in_ipv6_list":"","level":"error","data_type":"1002","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv4_list":"","timestamp":"1626319765","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319765","hostname":"host-10-170-203-15","ex_ipv6_list":""}
{"source":"scanner::detector","level":"error","version":"1.6.0.0","timestamp":"1626319767","plugin":"scanner","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319767","hostname":"host-10-170-203-15","ex_ipv4_list":"","ex_ipv6_list":"","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","in_ipv6_list":""}
{"data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","in_ipv6_list":"","ex_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","level":"error","time_pkg":"1626319769","source":"scanner::detector","hostname":"host-10-170-203-15","version":"1.6.0.0","plugin":"scanner","timestamp":"1626319769","ex_ipv4_list":""}
{"ex_ipv4_list":"","plugin":"scanner","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","hostname":"host-10-170-203-15","version":"1.6.0.0","in_ipv6_list":"","ex_ipv6_list":"","level":"error","source":"scanner::detector","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319771","timestamp":"1626319771"}
{"level":"error","version":"1.6.0.0","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","plugin":"scanner","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv6_list":"","ex_ipv4_list":"","source":"scanner::detector","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv6_list":"","data_type":"1002","timestamp":"1626319773","time_pkg":"1626319773"}
{"ex_ipv4_list":"","data_type":"1000","memory":"20025344","time_pkg":"1626319773","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","io":"4096","cpu":"0.00402","timestamp":"1626319773","ex_ipv6_list":"","kernel_version":"3.10.0-1160.6.1.el7.x86_64","net_type":"ac","platform":"centos","hostname":"host-10-170-203-15","version":"1.6.0.0","in_ipv6_list":"","slab":"2293548","platform_version":"7.9.2009","plugins":"[{"rss":12058624,"io":0,"cpu":0.0003346300246772439,"name":"collector","version":"1.6.0.0","pid":146832,"qps":0},{"rss":9437184,"io":0,"cpu":0.000669260049354473,"name":"driver","version":"1.6.0.0","pid":146820,"qps":13.1},{"rss":53628928,"io":8192,"cpu":0.001003890074031739,"name":"scanner","version":"0.0.0.1","pid":147132,"qps":0.5},{"rss":3477504,"io":0,"cpu":0,"name":"journal_watcher","version":"1.6.0.0","pid":146828,"qps":0}]","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2"}
{"data_type":"1002","source":"scanner::detector","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv4_list":"","ex_ipv6_list":"","version":"1.6.0.0","timestamp":"1626319775","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319775","plugin":"scanner","level":"error","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","hostname":"host-10-170-203-15","in_ipv6_list":""}
{"msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","data_type":"1002","time_pkg":"1626319777","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv4_list":"","ex_ipv6_list":"","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv6_list":"","timestamp":"1626319777","source":"scanner::detector","hostname":"host-10-170-203-15","level":"error","plugin":"scanner","version":"1.6.0.0"}
{"time_pkg":"1626319779","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv6_list":"","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","ex_ipv4_list":"","plugin":"scanner","timestamp":"1626319779","hostname":"host-10-170-203-15","level":"error","data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","version":"1.6.0.0","in_ipv6_list":"","source":"scanner::detector"}
{"data_type":"1002","version":"1.6.0.0","in_ipv6_list":"","ex_ipv6_list":"","timestamp":"1626319781","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319781","level":"error","source":"scanner::detector","ex_ipv4_list":"","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","plugin":"scanner","hostname":"host-10-170-203-15"}
{"data_type":"1002","version":"1.6.0.0","in_ipv6_list":"","plugin":"scanner","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319783","ex_ipv4_list":"","timestamp":"1626319783","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","level":"error","ex_ipv6_list":""}
{"plugin":"scanner","version":"1.6.0.0","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","in_ipv6_list":"","ex_ipv4_list":"","ex_ipv6_list":"","source":"scanner::detector","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319785","hostname":"host-10-170-203-15","level":"error","timestamp":"1626319785","data_type":"1002"}
{"plugin":"scanner","time_pkg":"1626319787","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","in_ipv6_list":"","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","data_type":"1002","ex_ipv4_list":"","ex_ipv6_list":"","timestamp":"1626319787","level":"error","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","hostname":"host-10-170-203-15","version":"1.6.0.0"}
{"time_pkg":"1626319789","hostname":"host-10-170-203-15","in_ipv6_list":"","data_type":"1002","level":"error","source":"scanner::detector","timestamp":"1626319789","plugin":"scanner","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","ex_ipv4_list":"","ex_ipv6_list":""}
{"version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","in_ipv6_list":"","ex_ipv6_list":"","timestamp":"1626319791","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319791","plugin":"scanner","ex_ipv4_list":"","data_type":"1002","source":"scanner::detector","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","level":"error","hostname":"host-10-170-203-15"}
{"agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","timestamp":"1626319793","time_pkg":"1626319793","hostname":"host-10-170-203-15","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","source":"scanner::detector","data_type":"1002","plugin":"scanner","ex_ipv4_list":"","ex_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","level":"error","in_ipv6_list":""}
{"data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","source":"scanner::detector","hostname":"host-10-170-203-15","in_ipv6_list":"","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv6_list":"","timestamp":"1626319795","level":"error","plugin":"scanner","time_pkg":"1626319795","ex_ipv4_list":""}
{"ex_ipv6_list":"","data_type":"1002","timestamp":"1626319797","time_pkg":"1626319797","version":"1.6.0.0","level":"error","source":"scanner::detector","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","in_ipv6_list":"","ex_ipv4_list":"","plugin":"scanner","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"in_ipv6_list":"","ex_ipv4_list":"","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","version":"1.6.0.0","time_pkg":"1626319799","data_type":"1002","level":"error","plugin":"scanner","timestamp":"1626319799","hostname":"host-10-170-203-15","ex_ipv6_list":""}
{"source":"scanner::detector","plugin":"scanner","ex_ipv6_list":"","time_pkg":"1626319801","level":"error","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","timestamp":"1626319801","in_ipv6_list":"","ex_ipv4_list":"","data_type":"1002"}
{"timestamp":"1626319803","version":"1.6.0.0","in_ipv6_list":"","level":"error","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","plugin":"scanner","source":"scanner::detector","time_pkg":"1626319803","ex_ipv4_list":"","ex_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }"}
{"in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","plugins":"[{"rss":3477504,"io":0,"cpu":0,"name":"journal_watcher","version":"1.6.0.0","pid":146828,"qps":0},{"rss":53628928,"io":12288,"cpu":0.0006692320562178769,"name":"scanner","version":"0.0.0.1","pid":147132,"qps":0.5},{"rss":9437184,"io":0,"cpu":0.001003848084326845,"name":"driver","version":"1.6.0.0","pid":146820,"qps":19.3},{"rss":12058624,"io":0,"cpu":0,"name":"collector","version":"1.6.0.0","pid":146832,"qps":0}]","net_type":"ac","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","version":"1.6.0.0","cpu":"0.00402","timestamp":"1626319803","hostname":"host-10-170-203-15","memory":"19582976","platform":"centos","in_ipv6_list":"","ex_ipv6_list":"","platform_version":"7.9.2009","time_pkg":"1626319803","ex_ipv4_list":"","data_type":"1000","kernel_version":"3.10.0-1160.6.1.el7.x86_64","io":"8192","slab":"2293648"}
{"source":"scanner::detector","plugin":"scanner","hostname":"host-10-170-203-15","in_ipv6_list":"","ex_ipv4_list":"","ex_ipv6_list":"","level":"error","time_pkg":"1626319805","version":"1.6.0.0","timestamp":"1626319805","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }"}
{"in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv6_list":"","timestamp":"1626319807","source":"scanner::detector","ex_ipv4_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","data_type":"1002","plugin":"scanner","version":"1.6.0.0","in_ipv6_list":"","level":"error","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319807","hostname":"host-10-170-203-15"}
{"in_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","timestamp":"1626319809","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","hostname":"host-10-170-203-15","ex_ipv4_list":"","ex_ipv6_list":"","plugin":"scanner","source":"scanner::detector","data_type":"1002","time_pkg":"1626319809","level":"error","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2"}
{"in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv6_list":"","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319811","hostname":"host-10-170-203-15","in_ipv6_list":"","source":"scanner::detector","plugin":"scanner","timestamp":"1626319811","version":"1.6.0.0","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","level":"error","ex_ipv4_list":""}
{"hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319813","ex_ipv4_list":"","timestamp":"1626319813","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv6_list":"","ex_ipv6_list":"","data_type":"1002","plugin":"scanner","version":"1.6.0.0","level":"error","source":"scanner::detector"}
{"time_pkg":"1626319815","version":"1.6.0.0","plugin":"scanner","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","in_ipv6_list":"","ex_ipv4_list":"","timestamp":"1626319815","level":"error","data_type":"1002","ex_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2"}
{"source":"scanner::detector","time_pkg":"1626319817","in_ipv6_list":"","ex_ipv6_list":"","timestamp":"1626319817","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","version":"1.6.0.0","data_type":"1002","level":"error","plugin":"scanner","ex_ipv4_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"ex_ipv6_list":"","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","time_pkg":"1626319819","in_ipv6_list":"","ex_ipv4_list":"","data_type":"1002","level":"error","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","plugin":"scanner","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","timestamp":"1626319819","hostname":"host-10-170-203-15"}
{"agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319821","ex_ipv6_list":"","ex_ipv4_list":"","level":"error","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","source":"scanner::detector","in_ipv6_list":"","data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","timestamp":"1626319821","plugin":"scanner","version":"1.6.0.0"}
{"ex_ipv6_list":"","source":"scanner::detector","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319823","hostname":"host-10-170-203-15","data_type":"1002","in_ipv6_list":"","plugin":"scanner","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","ex_ipv4_list":"","timestamp":"1626319823","level":"error","version":"1.6.0.0","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"source":"scanner::detector","hostname":"host-10-170-203-15","version":"1.6.0.0","data_type":"1002","plugin":"scanner","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319825","level":"error","timestamp":"1626319825","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","in_ipv6_list":"","ex_ipv4_list":"","ex_ipv6_list":""}
{"agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","ex_ipv4_list":"","plugin":"scanner","source":"scanner::detector","data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","hostname":"host-10-170-203-15","version":"1.6.0.0","timestamp":"1626319827","time_pkg":"1626319827","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","level":"error","in_ipv6_list":"","ex_ipv6_list":""}
{"timestamp":"1626319829","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","time_pkg":"1626319829","version":"1.6.0.0","in_ipv6_list":"","data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","plugin":"scanner","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","level":"error","hostname":"host-10-170-203-15","ex_ipv4_list":"","ex_ipv6_list":"","source":"scanner::detector"}
{"hostname":"host-10-170-203-15","ex_ipv6_list":"","data_type":"1002","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","timestamp":"1626319833","level":"error","time_pkg":"1626319833","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","plugin":"scanner","source":"scanner::detector","version":"1.6.0.0","in_ipv6_list":"","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","ex_ipv4_list":""}
{"plugins":"[{"rss":12058624,"io":0,"cpu":0,"name":"collector","version":"1.6.0.0","pid":146832,"qps":0},{"rss":9437184,"io":0,"cpu":0.0010038480843229346,"name":"driver","version":"1.6.0.0","pid":146820,"qps":13.666666666666666},{"rss":53628928,"io":8192,"cpu":0.0006692320562152996,"name":"scanner","version":"0.0.0.1","pid":147132,"qps":0.4666666666666667},{"rss":3477504,"io":0,"cpu":0.0003346160281076424,"name":"journal_watcher","version":"1.6.0.0","pid":146828,"qps":0}]","time_pkg":"1626319833","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","platform":"centos","net_type":"ac","data_type":"1000","cpu":"0.00402","memory":"19382272","ex_ipv6_list":"","platform_version":"7.9.2009","kernel_version":"3.10.0-1160.6.1.el7.x86_64","timestamp":"1626319833","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","version":"1.6.0.0","in_ipv6_list":"","ex_ipv4_list":"","io":"4096","slab":"2293584"}
{"timestamp":"1626319835","plugin":"scanner","time_pkg":"1626319835","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","ex_ipv4_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","data_type":"1002","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","version":"1.6.0.0","in_ipv6_list":"","level":"error","hostname":"host-10-170-203-15","ex_ipv6_list":""}
{"msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","timestamp":"1626319837","hostname":"host-10-170-203-15","version":"1.6.0.0","time_pkg":"1626319837","in_ipv6_list":"","level":"error","ex_ipv4_list":"","ex_ipv6_list":"","source":"scanner::detector","plugin":"scanner","data_type":"1002","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"timestamp":"1626319839","version":"1.6.0.0","ex_ipv4_list":"","level":"error","data_type":"1002","plugin":"scanner","in_ipv6_list":"","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","time_pkg":"1626319839","ex_ipv6_list":"","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1"}
{"plugin":"scanner","hostname":"host-10-170-203-15","in_ipv4_list":"10.170.203.15,172.18.0.1,172.19.0.1","version":"1.6.0.0","data_type":"1002","timestamp":"1626319841","time_pkg":"1626319841","ex_ipv6_list":"","level":"error","msg":"Custom { kind: Other, error: "creation time is not available on this platform currently" }","source":"scanner::detector","agent_id":"7d415041-789d-47cf-bb89-77b4ed958ad2","in_ipv6_list":"","ex_ipv4_list":""}
^CProcessed a total of 244687 messages

Node RASP按照说明执行

in shell 1

$ socat UNIX-LISTEN:"/var/run/smith_agent.sock" -

in shell 2

$ node test.js

in shell 3

$ node injector.js $(pidof node) "require('./smith')"

报错
root➜Elkeid/rasp/node(main✗)» node injector.js 11517 "require('./smith')" [22:20:01]
pid => 11517
expression => require('./smith')
after process._debugProcess(11517)
{
result: {
type: 'object',
subtype: 'error',
className: 'Error',
description: "Error: Cannot find module './smith'\n" +
'Require stack:\n' +
'- \n' +
' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:885:15)\n' +
' at Function.Module._load (internal/modules/cjs/loader.js:730:27)\n' +
' at Module.require (internal/modules/cjs/loader.js:957:19)\n' +
' at require (internal/modules/cjs/helpers.js:88:18)\n' +
' at :1:1',
objectId: '{"injectedScriptId":1,"id":1}'
},
exceptionDetails: {
exceptionId: 5,
text: 'Uncaught',
lineNumber: 887,
columnNumber: 2,
scriptId: '80',
stackTrace: { callFrames: [Array] },
exception: {
type: 'object',
subtype: 'error',
className: 'Error',
description: "Error: Cannot find module './smith'\n" +
'Require stack:\n' +
'- \n' +
' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:885:15)\n' +
' at Function.Module._load (internal/modules/cjs/loader.js:730:27)\n' +
' at Module.require (internal/modules/cjs/loader.js:957:19)\n' +
' at require (internal/modules/cjs/helpers.js:88:18)\n' +
' at :1:1',
objectId: '{"injectedScriptId":1,"id":2}'
}
}
}

kafka topic里看了，仿佛没找到。

我按照官方文档自己在docker搭建和使用(#95) 的dockerfile搭建都出现了问题。

这里我尝试对Java应用和python都进行了注入，出现了不同的错误

错误信息：

root@6aa3edaf4d2f:/# ps -aux|grep python
root        37  1.5  0.3  10052  6160 pts/1    S+   12:52   0:00 python 1.py
root        39  0.0  0.0   3312   716 pts/0    S+   12:52   0:00 grep --color=auto python
root@6aa3edaf4d2f:/# /etc/elkeid/plugin/RASP/elkeid_rasp -p 37
2021-09-08 12:53:04 | INFO  |             main.cpp:41  ] find target: 0x5621bc920000 -> /usr/bin/python2.7
2021-09-08 12:53:04 | INFO  |             main.cpp:120 ] ensure func: 0x5621bcae6ff0 run func: 0x5621bc9d9d73 release func: 0x5621bcae7040
2021-09-08 12:53:04 | INFO  |             main.cpp:30  ] inject '/etc/elkeid/plugin/RASP/rasp/python_caller /etc/elkeid/plugin/RASP/rasp/python/entry.py 1 0x5621bcae6ff0 0x5621bc9d9d73 0x5621bcae7040' to process 37
2021-09-08 12:53:04 | INFO  |        pt_inject.cpp:93  ] attach process success
2021-09-08 12:53:04 | INFO  |        pt_inject.cpp:241 ] backup memory: 0x5621bc96d000[0x29c]
2021-09-08 12:53:04 | INFO  |        pt_inject.cpp:246 ] jump entry: 0x5621bc96d000[0xa4]
2021-09-08 12:53:04 | INFO  |        pt_inject.cpp:311 ] restore memory
2021-09-08 12:53:04 | INFO  |             main.cpp:51  ] workspace: 0x7f6a2d044010
2021-09-08 12:53:04 | INFO  |        pt_inject.cpp:132 ] backup memory: 0x7f6a2d045000[0x9c8]
2021-09-08 12:53:04 | INFO  |        pt_inject.cpp:137 ] jump entry: 0x7f6a2d045000[0xa4]
2021-09-08 12:53:05 | INFO  |        pt_inject.cpp:201 ] exit status: 0
2021-09-08 12:53:05 | INFO  |        pt_inject.cpp:217 ] restore memory
2021-09-08 12:53:05 | INFO  |             main.cpp:89  ] free workspace
2021-09-08 12:53:05 | INFO  |        pt_inject.cpp:241 ] backup memory: 0x5621bc96d000[0x12c]
2021-09-08 12:53:05 | INFO  |        pt_inject.cpp:246 ] jump entry: 0x5621bc96d000[0xa4]
2021-09-08 12:53:05 | INFO  |        pt_inject.cpp:308 ] receive signal: Illegal instruction
2021-09-08 12:53:05 | WARN  |        pt_inject.cpp:284 ] process terminated: Illegal instruction
2021-09-08 12:53:05 | ERROR |             main.cpp:92  ] shrink shellcode execute failed
[2021-09-08T12:53:05Z ERROR librasp::manager] attach failed: ProcessInfo { pid: 37, exe_path: Some("python2.7"), process_self: Process { pid: 37, stat: Stat { _private: (), pid: 37, comm: "python", state: 'S', ppid: 22, pgrp: 37, session: 22, tty_nr: 34817, tpgid: 37, flags: 4210944, minflt: 864, cminflt: 0, majflt: 1, cmajflt: 0, utime: 3, stime: 6, cutime: 0, cstime: 0, priority: 20, nice: 0, num_threads: 1, itrealvalue: 0, starttime: 4421093, vsize: 10293248, rss: 1540, rsslim: 18446744073709551615, startcode: 94702897909760, endcode: 94702899640465, startstack: 140723004937296, kstkesp: 0, kstkeip: 0, signal: 0, blocked: 0, sigignore: 16781312, sigcatch: 2, wchan: 0, nswap: 0, cnswap: 0, exit_signal: Some(17), processor: Some(2), rt_priority: Some(0), policy: Some(0), delayacct_blkio_ticks: Some(0), guest_time: Some(0), cguest_time: Some(0), start_data: Some(94702900781200), end_data: Some(94702901270416), start_brk: Some(94702923673600), arg_start: Some(140723004942423), arg_end: Some(140723004942435), env_start: Some(140723004942435), env_end: Some(140723004944360), exit_code: Some(0) }, owner: 0, root: "/proc/37" }, process_tree: None, runtime_info: Some(Runtime { name: "CPython", version: "" }), container_info: None, namespace_info: Some(Namespaces { _private: (), cgroup: Some("cgroup:[4026531835]"), ipc: Some("ipc:[4026532542]"), mnt: Some("mnt:[4026532540]"), net: Some("net:[4026532545]"), pid: Some("pid:[4026532543]"), user: Some("user:[4026531837]"), uts: Some("uts:[4026532541]"), pid_for_children: Some("pid:[4026532543]"), time: Some("time:[4026531834]"), time_for_children: Some("time:[4026531834]") }), cmdline: None, environ: None, exe: Some("/usr/bin/python2.7"), attach_time: None, failed_time: None, missing_time: None }
[2021-09-08T12:53:05Z ERROR elkeid_rasp] attach process failed: attach failed: ProcessInfo { pid: 37, exe_path: Some("python2.7"), process_self: Process { pid: 37, stat: Stat { _private: (), pid: 37, comm: "python", state: 'S', ppid: 22, pgrp: 37, session: 22, tty_nr: 34817, tpgid: 37, flags: 4210944, minflt: 864, cminflt: 0, majflt: 1, cmajflt: 0, utime: 3, stime: 6, cutime: 0, cstime: 0, priority: 20, nice: 0, num_threads: 1, itrealvalue: 0, starttime: 4421093, vsize: 10293248, rss: 1540, rsslim: 18446744073709551615, startcode: 94702897909760, endcode: 94702899640465, startstack: 140723004937296, kstkesp: 0, kstkeip: 0, signal: 0, blocked: 0, sigignore: 16781312, sigcatch: 2, wchan: 0, nswap: 0, cnswap: 0, exit_signal: Some(17), processor: Some(2), rt_priority: Some(0), policy: Some(0), delayacct_blkio_ticks: Some(0), guest_time: Some(0), cguest_time: Some(0), start_data: Some(94702900781200), end_data: Some(94702901270416), start_brk: Some(94702923673600), arg_start: Some(140723004942423), arg_end: Some(140723004942435), env_start: Some(140723004942435), env_end: Some(140723004944360), exit_code: Some(0) }, owner: 0, root: "/proc/37" }, process_tree: None, runtime_info: Some(Runtime { name: "CPython", version: "" }), container_info: None, namespace_info: Some(Namespaces { _private: (), cgroup: Some("cgroup:[4026531835]"), ipc: Some("ipc:[4026532542]"), mnt: Some("mnt:[4026532540]"), net: Some("net:[4026532545]"), pid: Some("pid:[4026532543]"), user: Some("user:[4026531837]"), uts: Some("uts:[4026532541]"), pid_for_children: Some("pid:[4026532543]"), time: Some("time:[4026531834]"), time_for_children: Some("time:[4026531834]") }), cmdline: None, environ: None, exe: Some("/usr/bin/python2.7"), attach_time: None, failed_time: None, missing_time: None }
root@6aa3edaf4d2f:/# ps -aux|grep java
root        49  123 14.1 4217148 288388 pts/1  Sl+  12:53   0:24 java -jar java-sec-code-1.0.0.jar
root        88  0.0  0.0   3312   656 pts/0    S+   12:53   0:00 grep --color=auto java
root@6aa3edaf4d2f:/# /etc/elkeid/plugin/RASP/elkeid_rasp -p 49
Connected to remote JVM
Response code = 0
return code: 0

[2021-09-08T12:54:01Z ERROR elkeid_rasp] recv msg failed: receiving on an empty and disconnected channel

agent/collector/cron.go
line88: godirwalk.Walk(rootfs+"/etc/corn.d", .....

I think it supposed to be /etc/cron.d ? 🤔

只有driver插件跑不起来，journal和collector都可以正常运行。

driver访问的几个地址都是404，driver日志如下：

[2021-07-06 00:21:56.315173 -07:00] INFO [driver] src/main.rs:32: Crash check passed
[2021-07-06 00:21:56.316982 -07:00] INFO [driver] src/main.rs:40: Kernel version check passed
[2021-07-06 00:21:56.339276 -07:00] INFO [driver::prepare] src/prepare.rs:145: Downloading ko from https://lf3-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic
.ko
[2021-07-06 00:21:56.339337 -07:00] INFO [driver::prepare] src/prepare.rs:23: Downloading checksum from https://lf3-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic
.sha256
[�[1;38;5;208m2021-07-06 00:21:58.107840 -07:00�[0m] �[1;38;5;208mWARN�[0m [driver::prepare] src/prepare.rs:148: �[1;38;5;208mHTTP status client error (404 Not Found) for url (https://lf3-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic.sha256)�[0m
[2021-07-06 00:21:58.107917 -07:00] INFO [driver::prepare] src/prepare.rs:145: Downloading ko from https://lf6-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic
.ko
[2021-07-06 00:21:58.107936 -07:00] INFO [driver::prepare] src/prepare.rs:23: Downloading checksum from https://lf6-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic
.sha256
[�[1;38;5;208m2021-07-06 00:22:01.692868 -07:00�[0m] �[1;38;5;208mWARN�[0m [driver::prepare] src/prepare.rs:148: �[1;38;5;208mHTTP status client error (404 Not Found) for url (https://lf6-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic.sha256)�[0m
[2021-07-06 00:22:01.692950 -07:00] INFO [driver::prepare] src/prepare.rs:145: Downloading ko from https://lf9-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic
.ko
[2021-07-06 00:22:01.692975 -07:00] INFO [driver::prepare] src/prepare.rs:23: Downloading checksum from https://lf9-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic
.sha256
[�[1;38;5;208m2021-07-06 00:22:02.482479 -07:00�[0m] �[1;38;5;208mWARN�[0m [driver::prepare] src/prepare.rs:148: �[1;38;5;208mHTTP status client error (404 Not Found) for url (https://lf9-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic.sha256)�[0m
[2021-07-06 00:22:02.482631 -07:00] INFO [driver::prepare] src/prepare.rs:145: Downloading ko from https://lf26-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic
.ko
[2021-07-06 00:22:02.482655 -07:00] INFO [driver::prepare] src/prepare.rs:23: Downloading checksum from https://lf26-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic
.sha256
[�[1;38;5;208m2021-07-06 00:22:03.197481 -07:00�[0m] �[1;38;5;208mWARN�[0m [driver::prepare] src/prepare.rs:148: �[1;38;5;208mHTTP status client error (404 Not Found) for url (https://lf26-elkeid.bytetos.com/obj/elkeid-download/ko/hids_driver_1.6.0.0_5.4.0-77-generic.sha256)�[0m
[�[1;38;5;196m2021-07-06 00:22:03.197615 -07:00�[0m] �[1;38;5;196mERROR�[0m [driver] src/main.rs:43: �[1;38;5;196mCouldn't download ko�[0m

agent日志如下：

2021-07-06T00:21:50.934-0700	INFO	transport/client.go:69	Config:<Name:"driver" Version:"1.6.0.0" SHA256:"a9ab7a2eda69b83d830a6061a393f886a7b125ea63e7ae1df4a276105764b37d" DownloadURL:"https://lf3-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg" DownloadURL:"https://lf6-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg" DownloadURL:"https://lf9-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg" DownloadURL:"https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg" > Config:<Name:"journal_watcher" Version:"1.6.0.0" SHA256:"a0c065514debf6f2109aa873ece86ec89b0e6ccedfa05c124b5863a4568ee20c" DownloadURL:"https://lf3-elkeid.bytetos.com/obj/elkeid-download/plugin/journal_watcher/journal_watcher_1.6.0.0_amd64.plg" DownloadURL:"https://lf6-elkeid.bytetos.com/obj/elkeid-download/plugin/journal_watcher/journal_watcher_1.6.0.0_amd64.plg" DownloadURL:"https://lf9-elkeid.bytetos.com/obj/elkeid-download/plugin/journal_watcher/journal_watcher_1.6.0.0_amd64.plg" DownloadURL:"https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/journal_watcher/journal_watcher_1.6.0.0_amd64.plg" > Config:<Name:"collector" Version:"1.6.0.0" SHA256:"f6e0b34de998844cbfc95ae0e47d39225c2449833657a6a6289d9722d8e2fdc8" DownloadURL:"https://lf3-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg" DownloadURL:"https://lf6-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg" DownloadURL:"https://lf9-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg" DownloadURL:"https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg" > 
2021-07-06T00:21:56.312-0700	INFO	plugin/plugin.go:162	Plugin work directory: /home/xie/path/src/Elkeid/agent/plugin/driver/
2021-07-06T00:21:56.314-0700	INFO	plugin/server.go:126	Received a registration:{Pid:37832 Name:driver Version:1.6.0.0}
2021-07-06T00:21:56.315-0700	INFO	plugin/server.go:141	Plugin has been successfully connected:&{name:driver version:1.6.0.0 checksum:a9ab7a2eda69b83d830a6061a393f886a7b125ea63e7ae1df4a276105764b37d cmd:0xc000252000 conn:0xc000010138 runtimePID:37832 pgid:37832 IO:0 CPU:0 reader:0xc000330880 exited:{Value:{v:false} _:[]} Counter:{_:[] v:0}}
2021-07-06T00:22:00.120-0700	INFO	plugin/plugin.go:162	Plugin work directory: /home/xie/path/src/Elkeid/agent/plugin/journal_watcher/
2021-07-06T00:22:00.122-0700	INFO	plugin/server.go:126	Received a registration:{Pid:37842 Name:journal_watcher Version:1.6.0.0}
2021-07-06T00:22:00.122-0700	INFO	plugin/server.go:141	Plugin has been successfully connected:&{name:journal_watcher version:1.6.0.0 checksum:a0c065514debf6f2109aa873ece86ec89b0e6ccedfa05c124b5863a4568ee20c cmd:0xc0000b1760 conn:0xc000010168 runtimePID:37842 pgid:37842 IO:0 CPU:0 reader:0xc000330960 exited:{Value:{v:false} _:[]} Counter:{_:[] v:0}}
2021-07-06T00:22:02.225-0700	INFO	plugin/plugin.go:162	Plugin work directory: /home/xie/path/src/Elkeid/agent/plugin/collector/
2021-07-06T00:22:02.231-0700	INFO	plugin/server.go:126	Received a registration:{Pid:37849 Name:collector Version:1.6.0.0}
2021-07-06T00:22:02.231-0700	INFO	plugin/server.go:141	Plugin has been successfully connected:&{name:collector version:1.6.0.0 checksum:f6e0b34de998844cbfc95ae0e47d39225c2449833657a6a6289d9722d8e2fdc8 cmd:0xc000252840 conn:0xc000010200 runtimePID:37849 pgid:37849 IO:0 CPU:0 reader:0xc000330a60 exited:{Value:{v:false} _:[]} Counter:{_:[] v:0}}
2021-07-06T00:22:03.325-0700	ERROR	plugin/server.go:147	EOF

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

问题名称：Server manager通讯出现Error信息

架设平台：UBUNTU 20.04 LTS on parallels desktop VM on intel chipset MacOS 11.5.1

详细描述：

跟随server教程安装完所有组件之后，server 开始发送error信息，如下：

{"level":"error","ts":1628654241.2452157,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"10.211.55.6:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-10.211.55.6:6701-id-Server_AgentList-1628654241235973328"}

尚未安装任何其他agent，且所有设置按照默认，所有命令以sodu执行。
所有组件均安装在同一虚拟机内，虚拟机与物理机共享网络且可以正常访问golang.org。
manager log中只有重复2条消息。

{"level":"info","ts":1628581257.55917,"msg":"RenewRegistry","info":">>>>register hids_manage 10.211.55.6 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1628581257.5684478,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentStat\",\"host\":\"10.211.55.6:6752\",\"path\":\"/conn/stat\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-10.211.55.6:6701-id-Server_AgentStat-1628581257554606344"}

agentcenter/log/svr.log为

{"level":"info","ts":1628581255.0835052,"msg":"InitComponents","info":"KAFKA Producer: [127.0.0.1:9092] - hids_svr"}
{"level":"info","ts":1628581255.2189536,"msg":"NewRegistry","info":">>>>new registry: {hids_svr_grpc 10.211.55.6 %!s(int=6751) %!s(int=0) map[] [127.0.0.1:8088] %!s(chan struct {}=0xc000044d80)}"}
{"level":"info","ts":1628581255.2207258,"msg":"NewRegistry","info":">>>>new registry {\"name\":\"hids_svr_grpc\",\"ip\":\"10.211.55.6\",\"port\":6751,\"weight\":0,\"extra\":null} resp: {\"msg\":\"ok\"}"}
{"level":"info","ts":1628581255.2208104,"msg":"NewRegistry","info":">>>>new registry: {hids_svr_http 10.211.55.6 %!s(int=6752) %!s(int=0) map[] [127.0.0.1:8088] %!s(chan struct {}=0xc000105080)}"}
{"level":"info","ts":1628581255.225773,"msg":"NewRegistry","info":">>>>new registry {\"name\":\"hids_svr_http\",\"ip\":\"10.211.55.6\",\"port\":6752,\"weight\":0,\"extra\":null} resp: {\"msg\":\"ok\"}"}
{"level":"info","ts":1628581255.226493,"msg":"RunServer","info":"####TCP_LISTEN_OK: [::]:6751"}
{"level":"info","ts":1628581285.221697,"msg":"RenewRegistry","info":">>>>register {\"name\":\"hids_svr_grpc\",\"ip\":\"10.211.55.6\",\"port\":6751,\"weight\":0,\"extra\":null} to FindYou http://127.0.0.1:8088/registry/register"}
{"level":"info","ts":1628581285.2271473,"msg":"RenewRegistry","info":">>>>register {\"name\":\"hids_svr_http\",\"ip\":\"10.211.55.6\",\"port\":6752,\"weight\":0,\"extra\":null} to FindYou http://127.0.0.1:8088/registry/register"}
{"level":"info","ts":1628581315.2217712,"msg":"RenewRegistry","info":">>>>register {\"name\":\"hids_svr_grpc\",\"ip\":\"10.211.55.6\",\"port\":6751,\"weight\":0,\"extra\":null} to FindYou http://127.0.0.1:8088/registry/register"}

后续皆为重复

agentcenter/log/sarama.log为

{"level":"info","ts":1628581255.083869,"msg":"Sarama","info":["Initializing new client"]}
{"level":"info","ts":1628581255.0842507,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker 127.0.0.1:9092\n"}
{"level":"info","ts":1628581255.0848987,"msg":"Sarama","info":"Connected to broker at 127.0.0.1:9092 (unregistered)\n"}
{"level":"info","ts":1628581255.2049432,"msg":"Sarama","info":"client/brokers registered new broker #1 at 127.0.0.1:9092"}
{"level":"info","ts":1628581255.2050905,"msg":"Sarama","info":["Successfully initialized new client"]}
{"level":"info","ts":1628581855.2063,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker 127.0.0.1:9092\n"}
{"level":"info","ts":1628646924.3882184,"msg":"Sarama","info":["Initializing new client"]}
{"level":"info","ts":1628646924.3909404,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker 127.0.0.1:9092\n"}
{"level":"info","ts":1628646924.3970718,"msg":"Sarama","info":"Connected to broker at 127.0.0.1:9092 (unregistered)\n"}
{"level":"info","ts":1628646924.4153223,"msg":"Sarama","info":"client/brokers registered new broker #0 at parallels-Parallels-Virtual-Platform:9092"}
{"level":"info","ts":1628646924.415577,"msg":"Sarama","info":["Successfully initialized new client"]}
{"level":"info","ts":1628647524.416509,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker 127.0.0.1:9092\n"}
{"level":"info","ts":1628648477.7842035,"msg":"Sarama","info":["Initializing new client"]}
{"level":"info","ts":1628648477.784332,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker 127.0.0.1:9092\n"}
{"level":"info","ts":1628648477.7851152,"msg":"Sarama","info":"Connected to broker at 127.0.0.1:9092 (unregistered)\n"}
{"level":"info","ts":1628648477.790768,"msg":"Sarama","info":"client/brokers registered new broker #0 at parallels-Parallels-Virtual-Platform:9092"}
{"level":"info","ts":1628648477.7910745,"msg":"Sarama","info":["Successfully initialized new client"]}
{"level":"info","ts":1628653186.7859433,"msg":"Sarama","info":["Initializing new client"]}
{"level":"info","ts":1628653186.7882369,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker 127.0.0.1:9092\n"}
{"level":"info","ts":1628653186.7937548,"msg":"Sarama","info":"Connected to broker at 127.0.0.1:9092 (unregistered)\n"}
{"level":"info","ts":1628653186.8009186,"msg":"Sarama","info":"client/brokers registered new broker #0 at parallels-Parallels-Virtual-Platform:9092"}
{"level":"info","ts":1628653186.80108,"msg":"Sarama","info":["Successfully initialized new client"]}
{"level":"info","ts":1628653786.8021815,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker 127.0.0.1:9092\n"}
{"level":"info","ts":1628653786.8035817,"msg":"Sarama","info":"client/metadata got error from broker -1 while fetching metadata: EOF\n"}
{"level":"info","ts":1628653786.8037424,"msg":"Sarama","info":"Closed connection to broker 127.0.0.1:9092\n"}
{"level":"info","ts":1628653786.8037953,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628653786.8079882,"msg":"Sarama","info":"Connected to broker at parallels-Parallels-Virtual-Platform:9092 (registered as #0)\n"}
{"level":"info","ts":1628654386.8016949,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628654986.802434,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628655586.8017273,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628656186.8019292,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628656786.8025882,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628657386.8026898,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628657986.802324,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628658586.8018148,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628659186.8016615,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628659786.8025572,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}
{"level":"info","ts":1628660386.8017461,"msg":"Sarama","info":"client/metadata fetching metadata for all topics from broker parallels-Parallels-Virtual-Platform:9092\n"}

如需要更多其它组件log，请告知。

str8@str8 LKM]$ make clean && make
make -C /lib/modules/5.10.23-1-MANJARO/build M=/home/str8/Data/AgentSmith-HIDS/driver/LKM clean
make[1]: Entering directory '/usr/lib/modules/5.10.23-1-MANJARO/build'
/home/str8/Data/AgentSmith-HIDS/driver/LKM/Makefile:23:
make[1]: Leaving directory '/usr/lib/modules/5.10.23-1-MANJARO/build'
make -C /lib/modules/5.10.23-1-MANJARO/build M=/home/str8/Data/AgentSmith-HIDS/driver/LKM modules
make[1]: Entering directory '/usr/lib/modules/5.10.23-1-MANJARO/build'
/home/str8/Data/AgentSmith-HIDS/driver/LKM/Makefile:23:
CC [M] /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/init.o
CC [M] /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/kprobe.o
CC [M] /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.o
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c: In function 'is_trace_empty':
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:136:40: error: passing argument 1 of 'ring_buffer_empty_cpu' from incompatible pointer type [-Werror=incompatible-pointer-types]
136 | if (!ring_buffer_empty_cpu(iter->buffer, cpu))
| ~~~~^~~~~~~~
| |
| struct ring_buffer *
In file included from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/../include/trace.h:7,
from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:12:
./include/linux/ring_buffer.h:162:49: note: expected 'struct trace_buffer *' but argument is of type 'struct ring_buffer *'
162 | bool ring_buffer_empty_cpu(struct trace_buffer *buffer, int cpu);
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c: In function 'peek_next_entry':
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:179:34: error: passing argument 1 of 'ring_buffer_peek' from incompatible pointer type [-Werror=incompatible-pointer-types]
179 | event = ring_buffer_peek(iter->buffer, cpu, ts, lost_events);
| ~~~~^~~~~~~~
| |
| struct ring_buffer *
In file included from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/../include/trace.h:7,
from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:12:
./include/linux/ring_buffer.h:124:39: note: expected 'struct trace_buffer *' but argument is of type 'struct ring_buffer *'
124 | ring_buffer_peek(struct trace_buffer *buffer, int cpu, u64 *ts,
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c: In function '__find_next_entry':
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:202:35: error: passing argument 1 of 'ring_buffer_empty_cpu' from incompatible pointer type [-Werror=incompatible-pointer-types]
202 | if (ring_buffer_empty_cpu(buffer, cpu))
| ^~~~~~
| |
| struct ring_buffer *
In file included from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/../include/trace.h:7,
from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:12:
./include/linux/ring_buffer.h:162:49: note: expected 'struct trace_buffer *' but argument is of type 'struct ring_buffer *'
162 | bool ring_buffer_empty_cpu(struct trace_buffer *buffer, int cpu);
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c: In function 'trace_read_pipe':
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:331:33: error: passing argument 1 of 'ring_buffer_consume' from incompatible pointer type [-Werror=incompatible-pointer-types]
331 | ring_buffer_consume(iter->buffer, iter->cpu, &iter->ts, &iter->lost_events);
| ~~~~^~~~~~~~
| |
| struct ring_buffer *
In file included from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/../include/trace.h:7,
from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:12:
./include/linux/ring_buffer.h:127:42: note: expected 'struct trace_buffer *' but argument is of type 'struct ring_buffer *'
127 | ring_buffer_consume(struct trace_buffer *buffer, int cpu, u64 *ts,
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c: In function 'print_event_init':
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:411:17: error: assignment to 'struct ring_buffer *' from incompatible pointer type 'struct trace_buffer *' [-Werror=incompatible-pointer-types]
411 | ring_buffer = ring_buffer_alloc(RB_BUFFER_SIZE, RB_FL_OVERWRITE);
| ^
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:420:27: error: passing argument 4 of 'proc_create_data' from incompatible pointer type [-Werror=incompatible-pointer-types]
420 | &trace_pipe_fops, ring_buffer))
| ^~~~~~~~~~~~~~~~
| |
| const struct file_operations *
In file included from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:9:
./include/linux/proc_fs.h:106:13: note: expected 'const struct proc_ops *' but argument is of type 'const struct file_operations *'
106 | const struct proc_ops *,
| ^~~~~~~~~~~~~~~~~~~~~~~
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c: In function 'print_event_exit':
/home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:449:22: error: passing argument 1 of 'ring_buffer_free' from incompatible pointer type [-Werror=incompatible-pointer-types]
449 | ring_buffer_free(ring_buffer);
| ^~~~~~~~~~~
| |
| struct ring_buffer *
In file included from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/../include/trace.h:7,
from /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.c:12:
./include/linux/ring_buffer.h:107:44: note: expected 'struct trace_buffer *' but argument is of type 'struct ring_buffer *'
107 | void ring_buffer_free(struct trace_buffer *buffer);
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~
cc1: some warnings being treated as errors
make[2]: *** [scripts/Makefile.build:279: /home/str8/Data/AgentSmith-HIDS/driver/LKM/src/trace.o] Error 1
make[1]: *** [Makefile:1801: /home/str8/Data/AgentSmith-HIDS/driver/LKM] Error 2
make[1]: Leaving directory '/usr/lib/modules/5.10.23-1-MANJARO/build'
make: *** [Makefile:32: all] Error 2

Describe the bug
代码执行后，我们可以通过theUnsafe去实例化一个对象且不调用他的构造方法，之后去执行对象的native方法，另外需要注意Unsafe的其他方法，也能用于bypass。
https://tech.meituan.com/2019/02/14/talk-about-java-magic-class-unsafe.html

demo:
https://github.com/turn1tup/JvmRaspBypass/blob/main/src/main/java/com/test/Cmd.java

Describe the bug
Deliminator char appeared in path string is not escaped and would lead to parse failure.

To Reproduce

touch `echo -en "/tmp/aaaa\x17"`

Expected behavior
Kernel module output could be parsed correctly.

OS information (please complete the following information):

• Distribution: [Debian]
• Version [buster]
• Kernel info [4.19.0-6-amd64]

@xie4ever 遇到过吗？
docker版本按照教程跑起来遇到如下问题
ERROR Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) kafka.common.InconsistentClusterIdException: The Cluster ID XvvBW_j6TTCf5T8eS8HDfA doesn't match stored clusterId Some(0HnAgz-oTY6FLjz4EeUdEw) in meta.properties. The broker is trying to join the wrong cluster. Configured zookeeper.connect may be wrong. at kafka.server.KafkaServer.startup(KafkaServer.scala:223) at kafka.Kafka$.main(Kafka.scala:109) at kafka.Kafka.main(Kafka.scala)

Originally posted by @jgbooks in #68 (comment)

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
通过如下操作安装插件:

curl --location --request POST 'http://192.168.5.2:6701/api/v1/agent/createTask/config' -H "token:***" --data-raw '{
    "id_list": [
        "ba58e9cc-b0e2-4d05-9fab-9865004a3179"
    ],
    "data": {
        "config": [
            {
                "name": "driver",
                "download_url": [
                    "https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg"
                ],
                "version": "1.6.0.0",
                "sha256": "a9ab7a2eda69b83d830a6061a393f886a7b125ea63e7ae1df4a276105764b37d",
                "detail": "driver install"
            }
        ]
    }
}'
{"code":0,"msg":"success","data":{"count":1,"task_id":"1621247912406020224CxaSJl"}}

curl --location --request POST 'http://192.168.5.2:6701/api/v1/agent/controlTask' -H "token:***" --data-raw '{
    "task_id": "1621247912406020224CxaSJl",
    "action": "run",
    "rolling_percent": 1,
    "concurrence": 100
}'
{"code":0,"msg":"success","data":{"id_count":1,"jobID":"id-Agent_Config-1621247921851457323","taskID":"1621247912406020224CxaSJl"}}

Manager日志:

ame\":\"Server_AgentList\",\"host\":\"192.168.5.2:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-192.168.5.2:6701-id-Server_AgentList-1621247891994021580"} 
{"level":"info","ts":1621247891.9998043,"msg":"RenewRegistry","info":">>>>register hids_manage 192.168.5.2 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1621247892.087253,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentStat\",\"host\":\"192.168.5.2:6752\",\"path\":\"/conn/stat\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-192.168.5.2:6701-id-Server_AgentStat-1621247891994225188"}
[GIN] 2021/05/17 - 18:38:32 | 200 |   10.149556ms |     192.168.5.3 | POST     "/api/v1/agent/createTask/config"
{"level":"error","ts":1621247921.8533595,"msg":"agentTaskDistribute","info":"fail to load agent default config"}
{"level":"error","ts":1621247921.8764186,"msg":"SimpleJob","info":"[job] distribute job error: fail to load agent default config"}
[GIN] 2021/05/17 - 18:38:41 | 200 |   40.890572ms |     192.168.5.3 | POST     "/api/v1/agent/controlTask"
{"level":"info","ts":1621247921.9994123,"msg":"RenewRegistry","info":">>>>register hids_manage 192.168.5.2 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1621247922.0126927,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"192.168.5.2:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-192.168.5.2:6701-id-Server_AgentList-1621247921996698576"}

客户端日志:

2021-05-17T18:03:20.172+0800    INFO    agent/main.go:67        Elkeid Agent:v1.6.0.0
2021-05-17T18:03:20.173+0800    INFO    agent/main.go:68        AgentID:ba58e9cc-b0e2-4d05-9fab-9865004a3179
2021-05-17T18:03:20.174+0800    INFO    agent/main.go:69        PrivateIPv4:[192.168.5.3]
2021-05-17T18:03:20.175+0800    INFO    agent/main.go:70        PublicIPv4:[]
2021-05-17T18:03:20.175+0800    INFO    agent/main.go:71        PrivateIPv6:[]
2021-05-17T18:03:20.176+0800    INFO    agent/main.go:72        PublicIPv6:[]
2021-05-17T18:03:20.176+0800    INFO    agent/main.go:73        Hostname:ubuntu
2021-05-17T18:03:20.180+0800    INFO    report/report.go:119    map[cpu:0.00000 data_type:1000 io:0 kernel_version:4.4.0-142-generic memory:11177984 net_type: platform:ubuntu platform_version:16.04 plugin
s:[] slab:236036 timestamp:1621245800]
2021-05-17T18:03:50.180+0800    INFO    report/report.go:119    map[cpu:0.00201 data_type:1000 io:4096 kernel_version:4.4.0-142-generic memory:13242368 net_type:ac platform:ubuntu platform_version:16.04 p
lugins:[] slab:236036 timestamp:1621245830]
2021-05-17T18:04:20.180+0800    INFO    report/report.go:119    map[cpu:0.00168 data_type:1000 io:4096 kernel_version:4.4.0-142-generic memory:13701120 net_type:ac platform:ubuntu platform_version:16.04 p
lugins:[] slab:236036 timestamp:1621245860]
2021-05-17T18:04:50.180+0800    INFO    report/report.go:119    map[cpu:0.00168 data_type:1000 io:4096 kernel_version:4.4.0-142-generic memory:13701120 net_type:ac platform:ubuntu platform_version:16.04 p
lugins:[] slab:236036 timestamp:1621245890]
2021-05-17T18:05:20.181+0800    INFO    report/report.go:119    map[cpu:0.00168 data_type:1000 io:4096 kernel_version:4.4.0-142-generic memory:13701120 net_type:ac platform:ubuntu platform_version:16.04 p
lugins:[] slab:236036 timestamp:1621245920]
2021-05-17T18:05:50.180+0800    INFO    report/report.go:119    map[cpu:0.00202 data_type:1000 io:0 kernel_version:4.4.0-142-generic memory:13701120 net_type:ac platform:ubuntu platform_version:16.04 plug
ins:[] slab:236036 timestamp:1621245950]
...
2021-05-17T18:35:50.180+0800    INFO    report/report.go:119    map[cpu:0.00202 data_type:1000 io:0 kernel_version:4.4.0-142-generic memory:16003072 net_type:ac platform:ubuntu platform_version:16.04 plu$
ins:[] slab:236236 timestamp:1621247750]
2021-05-17T18:36:20.180+0800    INFO    report/report.go:119    map[cpu:0.00202 data_type:1000 io:4096 kernel_version:4.4.0-142-generic memory:16003072 net_type:ac platform:ubuntu platform_version:16.04 $
lugins:[] slab:236236 timestamp:1621247780]
2021-05-17T18:36:50.180+0800    INFO    report/report.go:119    map[cpu:0.00168 data_type:1000 io:0 kernel_version:4.4.0-142-generic memory:16003072 net_type:ac platform:ubuntu platform_version:16.04 plu$
ins:[] slab:236236 timestamp:1621247810]
2021-05-17T18:37:20.181+0800    INFO    report/report.go:119    map[cpu:0.00235 data_type:1000 io:4096 kernel_version:4.4.0-142-generic memory:16003072 net_type:ac platform:ubuntu platform_version:16.04 $
lugins:[] slab:236236 timestamp:1621247840]
2021-05-17T18:37:50.181+0800    INFO    report/report.go:119    map[cpu:0.00202 data_type:1000 io:0 kernel_version:4.4.0-142-generic memory:16322560 net_type:ac platform:ubuntu platform_version:16.04 plug
ins:[] slab:236236 timestamp:1621247870]
2021-05-17T18:38:20.180+0800    INFO    report/report.go:119    map[cpu:0.00168 data_type:1000 io:8192 kernel_version:4.4.0-142-generic memory:16322560 net_type:ac platform:ubuntu platform_version:16.04 p
lugins:[] slab:236236 timestamp:1621247900]
2021-05-17T18:38:50.183+0800    INFO    report/report.go:119    map[cpu:0.00236 data_type:1000 io:0 kernel_version:4.4.0-142-generic memory:16322560 net_type:ac platform:ubuntu platform_version:16.04 plug
ins:[] slab:236232 timestamp:1621247930]
2021-05-17T18:39:20.180+0800    INFO    report/report.go:119    map[cpu:0.00236 data_type:1000 io:4096 kernel_version:4.4.0-142-generic memory:16322560 net_type:ac platform:ubuntu platform_version:16.04 p
lugins:[] slab:236232 timestamp:1621247960]
2021-05-17T18:39:50.181+0800    INFO    report/report.go:119    map[cpu:0.00269 data_type:1000 io:0 kernel_version:4.4.0-142-generic memory:15179776 net_type:ac platform:ubuntu platform_version:16.04 plug
ins:[] slab:236232 timestamp:1621247990]
2021-05-17T18:40:20.179+0800    INFO    report/report.go:119    map[cpu:0.00202 data_type:1000 io:4096 kernel_version:4.4.0-142-generic memory:15179776 net_type:ac platform:ubuntu platform_version:16.04 p
lugins:[] slab:236232 timestamp:1621248020]
...

如客户端日志所示, 客户端没有安装插件.

下面两个错误经常出现在Manager的日志当中, 但是我不太清楚它们和agent端无法安装插件是否相关, 以及如何解决:

{"level":"error","ts":1621247921.8764186,"msg":"SimpleJob","info":"[job] distribute job error: fail to load agent default config"}
{"level":"error","ts":1621247892.087253,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentStat\",\"host\":\"192.168.5.2:6752\",\"path\":\"/conn/stat\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-192.168.5.2:6701-id-Server_AgentStat-1621247891994225188"}

agent端的相关信息:

toor@ubuntu:~/$ hostnamectl
Static hostname: ubuntu
Icon name: computer-vm
Chassis: vm
Machine ID: 7fa5ec8e4f2848f539dd264b5d949502
Boot ID: da2f5b16e2144889b6263de2c0b74a6f
Virtualization: oracle
Operating System: Ubuntu 16.04.6 LTS
Kernel: Linux 4.4.0-142-generic
Architecture: x86-64

报错日志如下：

[ERRO] 2022-02-18T08:36:17+08:00 when deploying, an error occurred: Checker installed faield: check failed when check node, err: %!w(), start check os
unknown centos version Linux, exit...
cannot fix for os
ElkeidCheckFailed os
start check selinux
start check selinux
selinux is Disabled, check success
start check swap
swap is opened, size 8388604 kB, need to close...
try fix check for swap
start fix swap
fix success for swap
start check ulimit
the maximum number of open fd is 1024, less then 65536, need to fix
try fix check for ulimit
start fix ulimit
fix success for ulimit
start check firewall
Unit ufw.service could not be found.
not detected firewall daemon, continue...
start check command

Elkeidup 部署说明里有如下提示：
The backend server used for deployment can only be used: Centos7 and above; Ubuntu16 and above; Debian9 and above

支持centos7及以上，请问支持redhat 8 吗？

Describe the bug
卸载hids_driver内核模块失败，需要重启主机
找不到/proc/hids_driver/1文件
driver 进程已经退出
To Reproduce
Steps to reproduce the behavior:

1. rmmod hids_driver

lsmod |grep hids
hids_driver 106032 0
Switch_Center:/proc # rmmod hids_driver
rmmod: ERROR: could not remove 'hids_driver': Device or resource busy
rmmod: ERROR: could not remove module hids_driver: Device or resource busy
Switch_Center:/proc # ls /proc/

Describe the bug
刚安装mongodb时数据库可以正常启动，可以成功创建管理员用户。后按照教程更改conf文件，端口也改为了27000，出现了问题

terminal中输入mongo --port 27000能够启动mongo，但是创建管理员失败

注释掉mongod.conf中authorization: enabled后仍无法成功创建。

想要重新启动mongodb，执行/usr/bin/mongod -f /etc/mongod.conf --auth，但是也出现了错误

将mongod.conf改回原来的默认配置后，又能够成功创建管理员用户了

为什么按照教程对mongod.conf操作后mongodb无法正常启动了。

/Elkeid/agent# cd /etc/elkeid && /etc/elkeid/elkeid-agent &
[1] 15038
root@debian:~/Elkeid/agent# panic: No network is available

goroutine 23 [running]:
go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc00037c000, 0x0, 0x0, 0x0)
/root/go/pkg/mod/go.uber.org/[email protected]/zapcore/entry.go:234 +0x58d
go.uber.org/zap.(*SugaredLogger).log(0xc0000a83d8, 0x4, 0x0, 0x0, 0xc00032bfc0, 0x1, 0x1, 0x0, 0x0, 0x0)
/root/go/pkg/mod/go.uber.org/[email protected]/sugar.go:234 +0xf6
go.uber.org/zap.(*SugaredLogger).Panic(...)
/root/go/pkg/mod/go.uber.org/[email protected]/sugar.go:123
github.com/bytedance/Elkeid/agent/transport.Run()
/root/Elkeid/agent/transport/client.go:30 +0x488
created by main.main
/root/Elkeid/agent/main.go:75 +0xc05
^C
[1]+ 退出 2 cd /etc/elkeid && /etc/elkeid/elkeid-agent

root@st-arch-sec-tool-1 (14:30:24) driver # pwd
/tmp/AgentSmith-HIDS-main/agent/driver
root@st-arch-sec-tool-1 (14:37:41) driver # ls
build.rs Cargo.toml LICENSE Makefile README.md README-zh_CN.md src template.toml

root@st-arch-sec-tool-1 (14:39:55) .cargo # pwd //cargo build 等待并巨慢的问题，改了源
/root/.cargo
root@st-arch-sec-tool-1 (14:39:51) .cargo # cat config
[source.crates-io]
registry = "https://github.com/rust-lang/crates.io-index"
replace-with = 'ustc'
[source.ustc]
registry = "git://mirrors.ustc.edu.cn/crates.io-index"

root@st-arch-sec-tool-1 (14:30:09) driver # make build
cargo build --release
Updating git://mirrors.ustc.edu.cn/crates.io-index index
error: failed to get flexi_logger as a dependency of package plugin_builder v0.1.0 (/tmp/AgentSmith-HIDS-main/agent/support/rust/plugin_builder)
... which is depended on by driver v0.1.0 (/tmp/AgentSmith-HIDS-main/agent/driver)

Caused by:
failed to load source for dependency flexi_logger

Caused by:
Unable to update /tmp/AgentSmith-HIDS-main/agent/support/rust/flexi_logger

Caused by:
failed to read /tmp/AgentSmith-HIDS-main/agent/support/rust/flexi_logger/Cargo.toml

Caused by:
No such file or directory (os error 2)
make: *** [build] Error 101

Is your feature request related to a problem? Please describe.
JVMProbe 作为java agent注入到对应的程序中时，大部分可能执行异常的操作都有了try catch，可输出到日志文件中。但是有一些集成的依赖发生异常，没有尝试捕获，所以日志无法检查异常堆栈，也不会报给目标进程。比如说我在使用的过程中，SmithMethodVisitor一直无法响应事件，也没有报错信息。最后，调试发现发生了异常，走到了异常类NoClassDefFoundError，错误信息：org/objectweb/asm/commons/AdviceAdapter。

Describe the solution you'd like
我已经通过检查自己的agent jar来解决该问题。但是，请问这种异常未报到日志或者标准输出，是java机制的问题吗？因为这种，什么错误信息都看不到的情况，会造成很大的困扰。Elkeid是否会在这方面做出优化，来提高健壮性？

Suggestion
Elkeid增加对异常链监控，在异常处理类中捕获异常并反馈到日志中，防止有些异常未处理未发现。
我还是一名新手，未能实现这样的功能，但是根据浅薄的知识，agent应该是可以做到这样的功能的。
这是似乎可用的方法：https://github.com/EagleJin/java-agent

我没认真读文档，使用了默认的agentId(不存在的agentId)，导致下面的错误。但是接口返回success，不知道是否为预期呢。

Describe the bug
使用单机和docker-compose部署测试，基本什么也没修改。更换了两台机器。均是相同的错误。

在配置插件时，能成功返回。即请求createTask/config。返回
{"code":0,"msg":"success","data":{"count":0,"task_id":"1626748921949880306kjQZLC"}}

但接下来 下发配置 时，将获取的task_id传入，请求agent/controlTask时。得到错误响应：
{"code":10,"msg":"unknown error","data":"task is finished/stopped or the todo_list is empty"}

查看manager日志。得到

{"level":"info","ts":1626748886.051848,"msg":"RenewRegistry","info":">>>>register hids_manage 172.17.18.253 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1626748886.0544097,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626748886051565836"}
{"level":"error","ts":1626748886.5553896,"msg":"SimpleJob","info":">>>>[job] retry 9 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626748886051565836"}
{"level":"info","ts":1626748916.0523105,"msg":"RenewRegistry","info":">>>>register hids_manage 172.17.18.253 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1626748916.0557582,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentStat\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/stat\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentStat-1626748916052260892"}
{"level":"error","ts":1626748916.5573666,"msg":"SimpleJob","info":">>>>[job] retry 9 publish job {\"name\":\"Server_AgentStat\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/stat\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentStat-1626748916052260892"}
{"level":"error","ts":1626748916.6487439,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626748916052539227"}
{"level":"info","ts":1626748946.051853,"msg":"RenewRegistry","info":">>>>register hids_manage 172.17.18.253 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1626748946.0545833,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626748946051671813"}
{"level":"error","ts":1626748946.5557678,"msg":"SimpleJob","info":">>>>[job] retry 9 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626748946051671813"}
{"level":"info","ts":1626748976.051782,"msg":"RenewRegistry","info":">>>>register hids_manage 172.17.18.253 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1626748976.0543346,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626748976051382350"}
{"level":"error","ts":1626748976.5557923,"msg":"SimpleJob","info":">>>>[job] retry 9 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626748976051382350"}
{"level":"error","ts":1626748987.7707386,"msg":"ControlAgentTask","info":"v1.AgentConfigTask{Tag:\"\", IDList:[]string{\"f4c6d306-3d4b-4eb7-abe7-b15757acbb27\"}, Data:v1.ConfigRequest{AgentCtrl:0, Task:def.AgentTaskMsg{Name:\"\", Data:\"\", Token:\"\"}, Config:[]def.AgentConfigMsg{def.AgentConfigMsg{Name:\"driver\", Version:\"1.6.0.0\", SHA256:\"a9ab7a2eda69b83d830a6061a393f886a7b125ea63e7ae1df4a276105764b37d\", DownloadURL:[]string{\"https://lf3-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg\", \"https://lf6-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg\", \"https://lf9-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg\", \"https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg\"}, Detail:\"\"}, def.AgentConfigMsg{Name:\"journal_watcher\", Version:\"1.6.0.0\", SHA256:\"a0c065514debf6f2109aa873ece86ec89b0e6ccedfa05c124b5863a4568ee20c\", DownloadURL:[]string{\"https://lf3-elkeid.bytetos.com/obj/elkeid-download/plugin/journal_watcher/journal_watcher_1.6.0.0_amd64.plg\", \"https://lf6-elkeid.bytetos.com/obj/elkeid-download/plugin/journal_watcher/journal_watcher_1.6.0.0_amd64.plg\", \"https://lf9-elkeid.bytetos.com/obj/elkeid-download/plugin/journal_watcher/journal_watcher_1.6.0.0_amd64.plg\", \"https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/journal_watcher/journal_watcher_1.6.0.0_amd64.plg\"}, Detail:\"\"}, def.AgentConfigMsg{Name:\"collector\", Version:\"1.6.0.0\", SHA256:\"f6e0b34de998844cbfc95ae0e47d39225c2449833657a6a6289d9722d8e2fdc8\", DownloadURL:[]string{\"https://lf3-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg\", \"https://lf6-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg\", \"https://lf9-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg\", \"https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg\"}, Detail:\"\"}}}, TaskID:\"1626748921949880306kjQZLC\", TaskType:\"Agent_Config\", Status:\"created\", ToDoList:[]string{}, FinishedList:[]string{}, IDCount:0, JobList:[]string{}, CreateTime:1626748921, UpdateTime:0}"}
{"level":"info","ts":1626749006.0517814,"msg":"RenewRegistry","info":">>>>register hids_manage 172.17.18.253 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1626749006.0540068,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626749006050854733"}
{"level":"error","ts":1626749006.5547132,"msg":"SimpleJob","info":">>>>[job] retry 9 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626749006050854733"}
{"level":"error","ts":1626749006.6953561,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentStat\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/stat\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentStat-1626749006051128104"}
{"level":"info","ts":1626749036.052195,"msg":"RenewRegistry","info":">>>>register hids_manage 172.17.18.253 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1626749036.0550213,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626749036052142860"}
{"level":"error","ts":1626749036.5562963,"msg":"SimpleJob","info":">>>>[job] retry 9 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626749036052142860"}
{"level":"info","ts":1626749066.0518963,"msg":"RenewRegistry","info":">>>>register hids_manage 172.17.18.253 6701 0 to SD http://127.0.0.1:8088/registry/register"}
{"level":"error","ts":1626749066.0548162,"msg":"SimpleJob","info":">>>>[job] retry 10 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626749066051719199"}
{"level":"error","ts":1626749066.556194,"msg":"SimpleJob","info":">>>>[job] retry 9 publish job {\"name\":\"Server_AgentList\",\"host\":\"172.17.18.253:6752\",\"path\":\"/conn/list\",\"args\":null,\"scheme\":\"https\",\"method\":\"GET\",\"timeout\":2} to channel chan-172.17.18.253:6701-id-Server_AgentList-1626749066051719199"}

agent_server的
sarama.log和svr.log。只有info信息。

OS information (please complete the following information):

• CentOS Linux 7 Kernel infoLinux lika 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
• Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-74-generic x86_64)

截图：

• 配置插件时的请求
• 下发配置时的请求

获取单个agent状态报错

在elkeidup部署的时候，到Agent Center installed步骤会失败。报错如下：

[INFO]	2022-01-27T00:07:49+08:00	Start to deploy the Agent Center 
[INFO]	2022-01-27T00:07:49+08:00	Agent Center will be installed at:
[INFO]	2022-01-27T00:07:49+08:00		192.168.0.90
[ERRO]	2022-01-27T00:07:58+08:00	when deploying, an error occurred: Agent Center installed faield: AgentCenter test Failed, Host 192.168.0.90, Url http://192.168.0.90:8088/registry/detail?name=hids_svr_grpc, Error {"data":[],"msg":"ok"}

直接curl /registry/detail?name=hids_svr_grpc的返回结果

[root@elkeid ~]# curl http://192.168.0.90:8088/registry/detail?name=hids_svr_grpc
{"data":[{"name":"hids_svr_grpc","ip":"192.168.0.90","port":6751,"status":0,"create_at":1643213283,"update_at":1643213283,"weight":0,"extra":null}],"msg":"ok"}

问题文件：https://github.com/bytedance/Elkeid/blob/main/agent/README-zh_CN.md

我注意到开发者在某次提交中，删除了这么一段说明：

// 注意首次使用时，需要设置agent默认配置，可以设置为空(为空意味着新接入的agent不会自动开启任何插件):
curl --location --request POST 'http://127.0.0.1:6701/api/v1/agent/updateDefaultConfig' -H "token:your token" \
--data-raw '{
    "type": "agent_config",
    "version": 0,
    "config": []
}'

首次使用时，如果不进行这样一次请求配置，后面通过manager和agent-center进行插件下发，agent不会有任何反应，很容易让刚接触的同学感到迷惑。而且看日志是看不出这个问题的，

个人认为这个设计可能不是很合理，就算不进行默认配置，只要下发插件，agent也应该接受才对。

[root@host-10-170-203-15 scanner]# cargo clean
[root@host-10-170-203-15 scanner]# ./build.sh
Compiling libc v0.2.97
Compiling memchr v2.4.0
Compiling proc-macro2 v1.0.27
Compiling autocfg v1.0.1
Compiling unicode-xid v0.2.2
Compiling version_check v0.9.3
Compiling cfg-if v1.0.0
Compiling log v0.4.14
Compiling syn v1.0.73
Compiling bitflags v1.2.1
Compiling glob v0.3.0
Compiling serde_derive v1.0.126
Compiling unicode-width v0.1.8
Compiling serde v1.0.126
Compiling regex-syntax v0.6.25
Compiling lazy_static v1.4.0
Compiling vec_map v0.8.2
Compiling strsim v0.8.0
Compiling humantime v2.1.0
Compiling termcolor v1.1.2
Compiling byteorder v1.4.3
Compiling ansi_term v0.11.0
Compiling typenum v1.13.0
Compiling crc32fast v1.2.1
Compiling bindgen v0.58.1
Compiling adler v1.0.2
Compiling scopeguard v1.1.0
Compiling shlex v1.0.0
Compiling peeking_take_while v0.1.2
Compiling anyhow v1.0.41
Compiling smallvec v1.6.1
Compiling lazycell v1.3.0
Compiling rustc-hash v1.1.0
Compiling cc v1.0.68
Compiling ryu v1.0.5
Compiling crossbeam-utils v0.8.5
Compiling serde_json v1.0.64
Compiling ahash v0.4.7
Compiling yansi v0.5.0
Compiling cpufeatures v0.1.5
Compiling once_cell v1.8.0
Compiling opaque-debug v0.3.0
Compiling hex v0.4.3
Compiling itoa v0.4.7
Compiling same-file v1.0.6
Compiling instant v0.1.9
Compiling libloading v0.7.0
Compiling nom v5.1.2
Compiling generic-array v0.14.4
Compiling num-traits v0.2.14
Compiling miniz_oxide v0.4.4
Compiling num-integer v0.1.44
Compiling textwrap v0.11.0
Compiling clang-sys v1.2.0
Compiling lock_api v0.4.4
Compiling hashbrown v0.9.1
Compiling walkdir v2.3.2
Compiling lru v0.6.5
Compiling aho-corasick v0.7.18
Compiling quote v1.0.9
Compiling time v0.1.44
Compiling parking_lot_core v0.8.3
Compiling atty v0.2.14
Compiling coarsetime v0.1.19
Compiling which v3.1.1
Compiling crossbeam-channel v0.5.1
Compiling parking_lot v0.11.1
Compiling regex v1.5.4
Compiling clap v2.33.3
Compiling flate2 v1.0.20
Compiling rmp v0.8.10
Compiling cexpr v0.4.0
Compiling block-buffer v0.9.0
Compiling digest v0.9.0
Compiling env_logger v0.8.4
Compiling chrono v0.4.19
Compiling sha2 v0.9.5
Compiling procfs v0.9.1
Compiling thiserror-impl v1.0.26
Compiling thiserror v1.0.26
Compiling yara-sys v0.6.1
Compiling rmp-serde v0.14.4
Compiling plugin v0.1.0 (/opt/security/Elkeid/agent/support/rust/plugin)
Compiling flexi_logger v0.16.2 (/opt/security/Elkeid/agent/support/rust/flexi_logger)
Compiling plugin_builder v0.1.0 (/opt/security/Elkeid/agent/support/rust/plugin_builder)
The following warnings were emitted during compilation:

warning: Error running /usr/bin/ar: execvp

error: failed to run custom build command for yara-sys v0.6.1

Caused by:
process didn't exit successfully: /opt/security/Elkeid/agent/scanner/target/release/build/yara-sys-97c3b4beaf6ff2ab/build-script-build (exit code: 1)
--- stdout
TARGET = Some("x86_64-unknown-linux-gnu")
OPT_LEVEL = Some("3")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
DEBUG = Some("false")
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/ahocorasick.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/ahocorasick.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/arena.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/arena.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/atoms.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/atoms.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/base64.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/base64.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/bitmask.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/bitmask.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/compiler.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/compiler.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/endian.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/endian.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/exec.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/exec.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/exefiles.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/exefiles.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/filemap.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/filemap.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/grammar.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/grammar.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hash.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/hash.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hex_grammar.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/hex_grammar.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hex_lexer.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/hex_lexer.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/lexer.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/lexer.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/libyara.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/libyara.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/mem.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/mem.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/notebook.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/notebook.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/object.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/object.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/parser.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/parser.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/proc.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/proc.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/re.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re_grammar.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/re_grammar.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re_lexer.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/re_lexer.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/rules.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/rules.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/scan.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/scan.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/scanner.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/scanner.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/sizedstr.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/sizedstr.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stack.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/stack.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stopwatch.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/stopwatch.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stream.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/stream.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/strutils.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/strutils.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/threading.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/threading.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/modules.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/elf.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/elf/elf.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/math.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/math/math.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/pe.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/pe/pe.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/pe_utils.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/pe/pe_utils.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/tests.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/tests/tests.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/time.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/time/time.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/dex.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/dex/dex.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/dotnet.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/dotnet/dotnet.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/macho.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/modules/macho/macho.c"
exit code: 0
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/include" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/linux.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.1/yara/libyara/proc/linux.c"
exit code: 0
AR_x86_64-unknown-linux-gnu = None
AR_x86_64_unknown_linux_gnu = None
HOST_AR = None
AR = None
running: "ar" "cq" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/libyara.a" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/ahocorasick.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/arena.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/atoms.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/base64.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/bitmask.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/compiler.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/endian.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/exec.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/exefiles.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/filemap.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/grammar.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hash.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hex_grammar.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hex_lexer.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/lexer.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/libyara.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/mem.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/notebook.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/object.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/parser.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/proc.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re_grammar.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re_lexer.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/rules.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/scan.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/scanner.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/sizedstr.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stack.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stopwatch.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stream.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/strutils.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/threading.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/modules.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/elf.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/math.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/pe.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/pe_utils.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/tests.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/time.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/dex.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/dotnet.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/macho.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/linux.o"
cargo:warning=Error running /usr/bin/ar: execvp
exit code: 1

--- stderr

error occurred: Command "ar" "cq" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/libyara.a" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/ahocorasick.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/arena.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/atoms.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/base64.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/bitmask.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/compiler.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/endian.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/exec.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/exefiles.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/filemap.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/grammar.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hash.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hex_grammar.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/hex_lexer.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/lexer.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/libyara.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/mem.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/notebook.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/object.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/parser.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/proc.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re_grammar.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/re_lexer.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/rules.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/scan.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/scanner.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/sizedstr.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stack.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stopwatch.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/stream.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/strutils.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/threading.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/modules.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/elf.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/math.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/pe.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/pe_utils.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/tests.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/time.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/dex.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/dotnet.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/macho.o" "/opt/security/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-ec447241b7d77189/out/linux.o" with args "ar" did not execute successfully (status code exit code: 1).

Elkeid plugin build failed

按照教程步骤装载drive时报错，详细信息和os信息如下：

root@st-arch-sec-test (17:12:16) LKM # insmod hids_driver.ko
insmod: ERROR: could not insert module hids_driver.ko: Invalid parameters
root@st-arch-sec-test (17:12:35) LKM # dmesg | tail -n 20
[23677596.451360] hids_driver: loading out-of-tree module taints kernel.
[23677596.451484] hids_driver: module verification failed: signature and/or required key missing - tainting kernel
[23677596.451553] hids_driver: Unknown symbol __check_object_size (err 0)
[23677596.451590] hids_driver: Unknown symbol __x86_indirect_thunk_rax (err 0)
[23677596.451601] hids_driver: Unknown symbol __x86_indirect_thunk_rdx (err 0)
[23677596.451612] hids_driver: Unknown symbol page_offset_base (err 0)
[23677596.451619] hids_driver: disagrees about version of symbol dentry_path_raw
[23677596.451620] hids_driver: Unknown symbol dentry_path_raw (err -22)
[23677596.451668] hids_driver: Unknown symbol _raw_qspin_lock (err 0)
[23677596.451674] hids_driver: disagrees about version of symbol d_path
[23677596.451675] hids_driver: Unknown symbol d_path (err -22)
[23678431.193672] hids_driver: Unknown symbol __check_object_size (err 0)
[23678431.193721] hids_driver: Unknown symbol __x86_indirect_thunk_rax (err 0)
[23678431.193733] hids_driver: Unknown symbol __x86_indirect_thunk_rdx (err 0)
[23678431.193742] hids_driver: Unknown symbol page_offset_base (err 0)
[23678431.193749] hids_driver: disagrees about version of symbol dentry_path_raw
[23678431.193751] hids_driver: Unknown symbol dentry_path_raw (err -22)
[23678431.193791] hids_driver: Unknown symbol _raw_qspin_lock (err 0)
[23678431.193797] hids_driver: disagrees about version of symbol d_path
[23678431.193798] hids_driver: Unknown symbol d_path (err -22)

在/root/AgentSmith-HIDS/driver/LKM/Makefile中加入CONFIG_MODULE_SIG=n这条语句后，仍然报错

root@st-arch-sec-test (17:12:54) LKM # dmesg | tail
[23677596.451675] hids_driver: Unknown symbol d_path (err -22)
[23678431.193672] hids_driver: Unknown symbol __check_object_size (err 0)
[23678431.193721] hids_driver: Unknown symbol __x86_indirect_thunk_rax (err 0)
[23678431.193733] hids_driver: Unknown symbol __x86_indirect_thunk_rdx (err 0)
[23678431.193742] hids_driver: Unknown symbol page_offset_base (err 0)
[23678431.193749] hids_driver: disagrees about version of symbol dentry_path_raw
[23678431.193751] hids_driver: Unknown symbol dentry_path_raw (err -22)
[23678431.193791] hids_driver: Unknown symbol _raw_qspin_lock (err 0)
[23678431.193797] hids_driver: disagrees about version of symbol d_path
[23678431.193798] hids_driver: Unknown symbol d_path (err -22)
root@st-arch-sec-test (17:13:46) LKM # uname -r
3.10.0-514.el7.x86_64
root@st-arch-sec-test (17:16:06) LKM #
root@st-arch-sec-test (17:21:52) LKM # cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel Core Processor (Haswell, no TSX)
stepping : 1
microcode : 0x1
cpu MHz : 2095.082
cache size : 16384 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt
bogomips : 4190.16
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel Core Processor (Haswell, no TSX)
stepping : 1
microcode : 0x1
cpu MHz : 2095.082
cache size : 16384 KB
physical id : 1
siblings : 1
core id : 0
cpu cores : 1
apicid : 1
initial apicid : 1
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt
root@st-arch-sec-test (17:23:12) LKM # cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

Describe the bug
[ERRO] 2022-01-28T22:13:18+08:00 when deploying, an error occurred: Checker installed faield: exec check cmd failed when pre check host, err: execute -o StrictHostKeyChecking no -o PasswordAuthentication no -p 22 -i /root/.ssh/id_rsa [email protected] /tmp/elkeid_check -n 1643379191 failed, err: exit status 1, stderr: 2022/01/28 22:13:18 ElkeidCheckErr:Failed to execute clock check, local time is 1643379191, remote time is 1643379198
2022/01/28 22:13:18 clock check error, 2022/01/28 22:13:18 ElkeidCheckErr:Failed to execute clock check, local time is 1643379191, remote time is 1643379198
2022/01/28 22:13:18 clock check error

To Reproduce
Steps to reproduce the behavior:

1. ./elkeidup deploy --package package_community/ --config ./elkeid_server.yaml

elkeid_server.yaml
redis:
install: true
ssh_host:
- 192.168.1.64

mongodb:
install: true
ssh_host:
- 192.168.1.64

kafka:
install: true
ssh_host:
- 192.168.1.64

nginx:
install: true
ssh_host: 192.168.1.64
domain:
public_addr:

service_discovery:
install: true
ssh_host:
- 192.168.1.64

hub:
install: true
ssh_host: 192.168.1.64

manager:
install: true
ssh_host:
- 192.168.1.64

agent_center:
install: true
ssh_host:
- 192.168.1.64

Deployment mode
Local deployment

OS information (please complete the following information):

• Distribution: CentOS
• Version 7.6
• Kernel info 3.10.0-957.el7.x86_64

Currently the project's commit message is kind of confusing. Many "update something" commit messages are used.

If it is possible, could we adopt some sort of specification for commit messages? Like, one that provided here? At least from now on?

I have fired two pull request on this project, if we are gonna adopt such a convention, I'm totally ok to refine my commit messages. :)

https://github.com/bytedance/Elkeid/blob/main/driver/benchmark_data/handler/bind_handler_data

Describe the bug
insmod 时有报错，提示hids_driver: module verification failed: signature and/or required key missing - tainting kernel

To Reproduce
[7027039.856221] device eth0 entered promiscuous mode
[7027165.186239] device eth0 left promiscuous mode
[11966788.967558] hrtimer: interrupt took 1256768 ns
[30584386.758281] hids_driver: loading out-of-tree module taints kernel.
[30584386.758515] hids_driver: module verification failed: signature and/or required key missing - tainting kernel
[30584386.762858] hids_driver: create 34 print event class
[30584386.765563] [ELKEID] Filter Init Success
[30584386.874017] [ELKEID] do_init_module register_kprobe failed, returned -2
[30584386.882562] [ELKEID] SANDBOX: 0
[30584386.882566] [ELKEID] register_kprobe success: connect_hook: 1,load_module_hook: 1,execve_hook: 1,call_usermodehekoer_hook: 0,bind_hook: 1,create_file_hook: 1,ptrace_hook: 1, update_cred_hook: 1, dns_hook: 0, accept_hook:0, mprotect_hook: 0,link_hook: 1, memfd_create: 1, rename_hook: 1,setsid_hook:1, prctl_hook:1, open_hook:0, nanosleep_hook:0, kill_hook: 0, rm_hook: 0, EXIT_HOOK: 0, EXIT_PROTECT: 0
[30584386.902002] [ELKEID] ANTI_ROOTKIT_CHECK: 1

Describe the bug

just left agent running two days, it suddenly crashed!

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x8f463d]

goroutine 7 [running]:
github.com/bytedance/Elkeid/agent/resource.GetDirSize.func1({0xc000647a00, 0x74}, {0x0, 0x0}, {0xc0000b1cd8, 0x0})
	/home/buckxu/code/Elkeid/agent/resource/resource.go:59 +0x3d
path/filepath.walk({0xc0001b1c70, 0x4b}, {0xb28648, 0xc0002260d0}, 0xc0000b1cd8)
	/usr/local/go/src/path/filepath/path.go:438 +0x20d
path/filepath.walk({0xc0001b1a90, 0x43}, {0xb28648, 0xc0001f5ee0}, 0xc0000b1cd8)
	/usr/local/go/src/path/filepath/path.go:442 +0x28f
path/filepath.walk({0xc0000cc500, 0x3c}, {0xb28648, 0xc0001f5ba0}, 0xc0000b1cd8)
	/usr/local/go/src/path/filepath/path.go:442 +0x28f
path/filepath.walk({0xc00056e2a0, 0x23}, {0xb28648, 0xc0001f5a00}, 0xc0000b1cd8)
	/usr/local/go/src/path/filepath/path.go:442 +0x28f
path/filepath.walk({0xc000384640, 0x1b}, {0xb28648, 0xc0001f5930}, 0xc0000b1cd8)
	/usr/local/go/src/path/filepath/path.go:442 +0x28f
path/filepath.walk({0xc000379218, 0x13}, {0xb28648, 0xc0003a8750}, 0xc0000b1cd8)
	/usr/local/go/src/path/filepath/path.go:442 +0x28f
path/filepath.walk({0xc00009b7c4, 0xc}, {0xb28648, 0xc0003a8270}, 0xc0000b1cd8)
	/usr/local/go/src/path/filepath/path.go:442 +0x28f
path/filepath.Walk({0xc00009b7c4, 0xc}, 0xc0000b1cd8)
	/usr/local/go/src/path/filepath/path.go:505 +0x6c
github.com/bytedance/Elkeid/agent/resource.GetDirSize({0xc00009b7c4, 0xc000095aa0}, {0xa50b05, 0x6})
	/home/buckxu/code/Elkeid/agent/resource/resource.go:68 +0x5d
github.com/bytedance/Elkeid/agent/heartbeat.getAgentStat({0xc0000b1f78, 0xc0000b1f18, 0xf28b40})
	/home/buckxu/code/Elkeid/agent/heartbeat/heartbeat.go:61 +0xb91
github.com/bytedance/Elkeid/agent/heartbeat.Startup({0xb224e8, 0xc0000d37c0}, 0x0)
	/home/buckxu/code/Elkeid/agent/heartbeat/heartbeat.go:131 +0x185
created by main.main
	/home/buckxu/code/Elkeid/agent/main.go:89 +0x10cf

Related code

 56 func GetDirSize(path string, except string) uint64 {
 57     var dirSize uint64 = 0
 58     readSize := func(path string, file os.FileInfo, err error) error {
 59         if !file.IsDir() {
 60             dirSize += uint64(file.Size())
 61         } else {
 62             if file.Name() == except {
 63                 return filepath.SkipDir
 64             }
 65         }
 66         return nil
 67     }
 68     filepath.Walk(path, readSize)
 69     return dirSize
 70 }

It appears that parameter file is not checked against nil

To Reproduce

no

Expected behavior

no

Screenshots

If applicable, add screenshots to help explain your problem.

##OS information (please complete the following information):

• Distribution: Ubuntu
• Version 18.04.1
• Kernel info e.g. 5.4.0-89-generic

Hardware info (if you think it's helpful)

VMWare

Additional context

No

Version

1.7

Problems

1. Commands missing description

./elkeidup --help
Available Commands:
  agent        A brief description of your command
  undeploy     A brief description of your command

2. Command install-self not work

./elkeidup install-self --package ./package_community
[INFO]  2022-01-25T09:00:19+08:00       Used ElkeidUP home dir :/root/.elkeidup
[INFO]  2022-01-25T09:00:19+08:00       current binary at /root/elkeidup
[INFO]  2022-01-25T09:00:19+08:00       current binary sha256 is c332302ec3d8f8a09186121922b08c5fb0f28402b49854784eca7dc14205b59a
[INFO]  2022-01-25T09:00:19+08:00       start download https://elkeid.bytedance.com/elkeidup_community_update/latest_elkeidup.yaml to /tmp/latest_elkeidup.yaml.1643072419
[INFO]  2022-01-25T09:00:19+08:00       downloading https://elkeid.bytedance.com/elkeidup_community_update/latest_elkeidup.yaml
Error: fetch latest elkeidup version err: bad status: 404 Not Found

Describe the bug
Can't restart plugin after end agent with Ctrl+C

To Reproduce
Steps to reproduce the behavior:

1. cd /etc/hids/ && ./agent
2. See the data output on the stdout of the current terminal
3. Execute Ctrl+C to stop agent
4. ./agent
5. I will get this message:

[{"data_type":"1001","level":"error","msg":"Plugin seems to be dead:\u0026{hids_driver 1.5.0.0 f30962ee9ee8fc025308fdf6098b2b48fec86c76274507317a47c89047e704a3 0xc00028c000 \u003cnil\u003e 0 4953 0 0 \u003cnil\u003e {[] 0}}","source":"config/config.go:76","timestamp":"1609404819"}]

6. If I stop agent and start it again, I will see the data output on the stdout of the current terminal

OS information (please complete the following information):

• Distribution: centos
• Version 7.8.2003
• Kernel info 3.10.0-1127.10.1.el7.x86_64

Describe the bug
在一台全新的ubuntu2004机器上使用elkeidup做本地单机部署，只修改了elkeid_server.yaml中的ip地址，执行部署时报错：
when deploying, an error occurred: Agent Center installed faield: AgentCenter test Failed, Host 192.168.186.135, Url http://192.168.186.135:8088/registry/detail?name=hids_svr_grpc, Error {"data":[],"msg":"ok"}

Describe the bug
scanner插件编译有报错

To Reproduce

root@st-lb-2 (16:35:27) scanner # chmod +x build.sh && ./build.sh
Updating crates.io index
Downloaded parking_lot_core v0.8.3
Downloaded cc v1.0.69
Downloaded coarsetime v0.1.19
Downloaded procfs v0.9.1
Downloaded lazy_static v1.4.0
Downloaded termcolor v1.1.2
Downloaded time v0.1.43
Downloaded hashbrown v0.11.2
Downloaded parking_lot v0.11.1
Downloaded ansi_term v0.11.0
Downloaded block-buffer v0.9.0
Downloaded byteorder v1.4.3
Downloaded autocfg v1.0.1
Downloaded vec_map v0.8.2
Downloaded thiserror-impl v1.0.26
Downloaded atty v0.2.14
Downloaded cfg-if v1.0.0
Downloaded itoa v0.4.7
Downloaded memchr v2.4.0
Downloaded scopeguard v1.1.0
Downloaded ahash v0.7.4
Downloaded bindgen v0.58.1
Downloaded crossbeam-channel v0.5.1
Downloaded env_logger v0.8.4
Downloaded lru v0.6.6
Downloaded nom v5.1.2
Downloaded rmp v0.8.10
Downloaded rmp-serde v0.14.4
Downloaded smallvec v1.6.1
Downloaded yansi v0.5.0
Downloaded adler v1.0.2
Downloaded once_cell v1.8.0
Downloaded clang-sys v1.2.0
Downloaded cexpr v0.4.0
Downloaded crossbeam-utils v0.8.5
Downloaded humantime v2.1.0
Downloaded unicode-xid v0.2.2
Downloaded proc-macro2 v1.0.28
Downloaded textwrap v0.11.0
Downloaded quote v1.0.9
Downloaded serde_derive v1.0.127
Downloaded typenum v1.13.0
Downloaded anyhow v1.0.42
Downloaded bitflags v1.2.1
Downloaded ryu v1.0.5
Downloaded syn v1.0.74
Downloaded generic-array v0.14.4
Downloaded clap v2.33.3
Downloaded chrono v0.4.19
Downloaded serde v1.0.127
Downloaded cpufeatures v0.1.5
Downloaded unicode-width v0.1.8
Downloaded lock_api v0.4.4
Downloaded walkdir v2.3.2
Downloaded num-integer v0.1.44
Downloaded same-file v1.0.6
Downloaded crc32fast v1.2.1
Downloaded which v3.1.1
Downloaded libloading v0.7.0
Downloaded regex v1.5.4
Downloaded libc v0.2.98
Downloaded log v0.4.14
Downloaded glob v0.3.0
Downloaded getrandom v0.2.3
Downloaded aho-corasick v0.7.18
Downloaded serde_json v1.0.66
Downloaded opaque-debug v0.3.0
Downloaded num-traits v0.2.14
Downloaded lazycell v1.3.0
Downloaded instant v0.1.10
Downloaded hex v0.4.3
Downloaded digest v0.9.0
Downloaded miniz_oxide v0.4.4
Downloaded peeking_take_while v0.1.2
Downloaded rustc-hash v1.1.0
Downloaded version_check v0.9.3
Downloaded thiserror v1.0.26
Downloaded flate2 v1.0.20
Downloaded strsim v0.8.0
Downloaded shlex v1.0.0
Downloaded sha2 v0.9.5
Downloaded yara v0.6.1
Downloaded regex-syntax v0.6.25
Downloaded yara-sys v0.6.2
Downloaded 84 crates (5.1 MB) in 3.46s
Compiling libc v0.2.98
Compiling version_check v0.9.3
Compiling memchr v2.4.0
Compiling proc-macro2 v1.0.28
Compiling cfg-if v1.0.0
Compiling autocfg v1.0.1
Compiling unicode-xid v0.2.2
Compiling log v0.4.14
Compiling syn v1.0.74
Compiling bitflags v1.2.1
Compiling glob v0.3.0
Compiling serde_derive v1.0.127
Compiling regex-syntax v0.6.25
Compiling unicode-width v0.1.8
Compiling serde v1.0.127
Compiling vec_map v0.8.2
Compiling bindgen v0.58.1
Compiling crc32fast v1.2.1
Compiling strsim v0.8.0
Compiling termcolor v1.1.2
Compiling byteorder v1.4.3
Compiling ansi_term v0.11.0
Compiling lazy_static v1.4.0
Compiling typenum v1.13.0
Compiling humantime v2.1.0
Compiling rustc-hash v1.1.0
Compiling smallvec v1.6.1
Compiling anyhow v1.0.42
Compiling scopeguard v1.1.0
Compiling shlex v1.0.0
Compiling peeking_take_while v0.1.2
Compiling adler v1.0.2
Compiling lazycell v1.3.0
Compiling cc v1.0.69
Compiling once_cell v1.8.0
Compiling ryu v1.0.5
Compiling crossbeam-utils v0.8.5
Compiling serde_json v1.0.66
Compiling yansi v0.5.0
Compiling cpufeatures v0.1.5
Compiling opaque-debug v0.3.0
Compiling hex v0.4.3
Compiling same-file v1.0.6
Compiling itoa v0.4.7
Compiling instant v0.1.10
Compiling libloading v0.7.0
Compiling num-traits v0.2.14
Compiling miniz_oxide v0.4.4
Compiling num-integer v0.1.44
Compiling nom v5.1.2
Compiling generic-array v0.14.4
Compiling ahash v0.7.4
Compiling textwrap v0.11.0
Compiling clang-sys v1.2.0
Compiling lock_api v0.4.4
Compiling walkdir v2.3.2
Compiling aho-corasick v0.7.18
Compiling time v0.1.43
Compiling parking_lot_core v0.8.3
Compiling getrandom v0.2.3
Compiling atty v0.2.14
Compiling coarsetime v0.1.19
Compiling which v3.1.1
Compiling quote v1.0.9
Compiling crossbeam-channel v0.5.1
Compiling parking_lot v0.11.1
Compiling clap v2.33.3
Compiling regex v1.5.4
Compiling flate2 v1.0.20
Compiling digest v0.9.0
Compiling block-buffer v0.9.0
Compiling rmp v0.8.10
Compiling hashbrown v0.11.2
Compiling cexpr v0.4.0
Compiling env_logger v0.8.4
Compiling sha2 v0.9.5
Compiling chrono v0.4.19
Compiling lru v0.6.6
Compiling procfs v0.9.1
Compiling thiserror-impl v1.0.26
Compiling thiserror v1.0.26
Compiling yara-sys v0.6.2
The following warnings were emitted during compilation:

warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c: In function ‘_yr_ac_print_automaton_state’:
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:658:3: error: ‘for’ loop initial declarations are only allowed in C99 mode
warning: for (int i = 0; i < state->depth; i++) printf(" ");
warning: ^
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:658:3: note: use option -std=c99 or -std=gnu99 to compile your code
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:682:5: error: ‘for’ loop initial declarations are only allowed in C99 mode
warning: for (int i = 0; i < state->depth + 1; i++) printf(" ");
warning: ^
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:690:7: error: ‘for’ loop initial declarations are only allowed in C99 mode
warning: for (int i = 0; i < yr_min(match->string->length, 10); i++)
warning: ^
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:699:7: error: ‘for’ loop initial declarations are only allowed in C99 mode
warning: for (int i = 0; i < yr_min(match->string->length, 10); i++)
warning: ^
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:708:7: error: ‘for’ loop initial declarations are only allowed in C99 mode
warning: for (int i = 0; i < yr_min(match->string->length, 10); i++)
warning: ^
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c: In function ‘yr_ac_add_string’:
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:792:5: error: ‘for’ loop initial declarations are only allowed in C99 mode
warning: for (int i = 0; i < atom->atom.length; i++)
warning: ^
warning: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c: At top level:
warning: cc1: warning: unrecognized command line option "-Wno-tautological-constant-out-of-range-compare" [enabled by default]
warning: cc1: warning: unrecognized command line option "-Wno-cast-function-type" [enabled by default]

error: failed to run custom build command for yara-sys v0.6.2

Caused by:
process didn't exit successfully: /tmp/Elkeid/agent/scanner/target/release/build/yara-sys-241059ba85d8c3d4/build-script-build (exit code: 1)
--- stdout
TARGET = Some("x86_64-unknown-linux-gnu")
OPT_LEVEL = Some("3")
HOST = Some("x86_64-unknown-linux-gnu")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
DEBUG = Some("false")
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
CC_x86_64-unknown-linux-gnu = None
CC_x86_64_unknown_linux_gnu = None
HOST_CC = None
CC = None
CFLAGS_x86_64-unknown-linux-gnu = None
CFLAGS_x86_64_unknown_linux_gnu = None
HOST_CFLAGS = None
CFLAGS = None
CRATE_CC_NO_DEFAULTS = None
CARGO_CFG_TARGET_FEATURE = Some("fxsr,sse,sse2")
running: "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/include" "-Wall" "-Wextra" "-Wno-deprecated-declarations" "-Wno-unused-parameter" "-Wno-unused-function" "-Wno-cast-function-type" "-Wno-type-limits" "-Wno-tautological-constant-out-of-range-compare" "-Wno-sign-compare" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/tmp/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-56e1c8c802d2d0f1/out/ahocorasick.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c"
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c: In function ‘_yr_ac_print_automaton_state’:
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:658:3: error: ‘for’ loop initial declarations are only allowed in C99 mode
cargo:warning= for (int i = 0; i < state->depth; i++) printf(" ");
cargo:warning= ^
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:658:3: note: use option -std=c99 or -std=gnu99 to compile your code
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:682:5: error: ‘for’ loop initial declarations are only allowed in C99 mode
cargo:warning= for (int i = 0; i < state->depth + 1; i++) printf(" ");
cargo:warning= ^
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:690:7: error: ‘for’ loop initial declarations are only allowed in C99 mode
cargo:warning= for (int i = 0; i < yr_min(match->string->length, 10); i++)
cargo:warning= ^
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:699:7: error: ‘for’ loop initial declarations are only allowed in C99 mode
cargo:warning= for (int i = 0; i < yr_min(match->string->length, 10); i++)
cargo:warning= ^
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:708:7: error: ‘for’ loop initial declarations are only allowed in C99 mode
cargo:warning= for (int i = 0; i < yr_min(match->string->length, 10); i++)
cargo:warning= ^
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c: In function ‘yr_ac_add_string’:
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c:792:5: error: ‘for’ loop initial declarations are only allowed in C99 mode
cargo:warning= for (int i = 0; i < atom->atom.length; i++)
cargo:warning= ^
cargo:warning=/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c: At top level:
cargo:warning=cc1: warning: unrecognized command line option "-Wno-tautological-constant-out-of-range-compare" [enabled by default]
cargo:warning=cc1: warning: unrecognized command line option "-Wno-cast-function-type" [enabled by default]
exit code: 1

--- stderr

error occurred: Command "cc" "-O3" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara" "-I" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/include" "-Wall" "-Wextra" "-Wno-deprecated-declarations" "-Wno-unused-parameter" "-Wno-unused-function" "-Wno-cast-function-type" "-Wno-type-limits" "-Wno-tautological-constant-out-of-range-compare" "-Wno-sign-compare" "-DDEX_MODULE=" "-DDOTNET_MODULE=" "-DMACHO_MODULE=" "-DNDEBUG=1" "-DUSE_LINUX_PROC=" "-DPOSIX=" "-o" "/tmp/Elkeid/agent/scanner/target/x86_64-unknown-linux-gnu/release/build/yara-sys-56e1c8c802d2d0f1/out/ahocorasick.o" "-c" "/root/.cargo/registry/src/github.com-1ecc6299db9ec823/yara-sys-0.6.2/yara/libyara/ahocorasick.c" with args "cc" did not execute successfully (status code exit code: 1).

warning: build failed, waiting for other jobs to finish...
error: build failed
Elkeid plugin build failed

为了防止hids的agent进程因为网络或server端重启而停止服务，agent批量重启也很麻烦，故需要额外添加守护进程。同时出于运维考虑需要对agent进程的内存和cpu使用量进行限制，虽然实测agent使用系统资源很少很稳定，但是还是要设置阈值防一手。

=====================
$ cd /etc/elkeid/ //进入elkeid目录
$ vi elkeid-agentd.service //新建service配置文件，内容如下，另外注意service文件权限给x
$chmod 777 elkeid-agentd.service
$ cat elkeid-agentd.service

#/etc/elkeid/elkeid-agentd.service
[Unit]
Description=elkeid-agent

[Service]
WorkingDirectory=/etc/elkeid/
ExecStart=/etc/elkeid/elkeid-agent &
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
Restart=always
CPUAccounting=true
systemctl set-property elkeid-agentd CPUShares=500
MemoryAccounting=true
MemoryLimit=200M

[Install]
WantedBy=default.target

$ ln -s /etc/elkeid/elkeid-agent /usr/local/bin/elkeid-agent //创建启动脚本快捷方式链接
$ ln -s /etc/elkeid/elkeid-agentd.service /usr/lib/systemd/system/elkeid-agentd.service //创建启动脚本service文件的快捷方式链接， 放systemd目录下意思是会开机自启的脚本
$ ll /usr/lib/systemd/system/ | grep elkeid-agentd.service //查看快捷方式链接是否生效
lrwxrwxrwx 1 root root 33 Apr 27 18:27 elkeid-agentd.service -> /etc/elkeid/elkeid-agentd.service

$systemctl daemon-reload //重新装载systemctl守护进程配置
$systemctl cat elkeid-agentd.service //查看system守护进程是否添加生效
$systemctl start elkeid-agentd.service //使用守护进程启动agent start/stop/status 也可以-l参数展示报错
$ps -ef | grep elkeid //看到有driver和collector插件一起启动（example中未使用Journal Wacher插件）
root 451 1 3 14:33 ? 00:00:00 /etc/elkeid/elkeid-agent &
root 463 451 0 14:33 ? 00:00:00 /etc/elkeid/plugin/driver/driver
root 468 451 0 14:33 ? 00:00:00 /etc/elkeid/plugin/collector/collector
root 480 29690 0 14:33 pts/0 00:00:00 grep --color=auto elkeid
$ cat /etc/elkeid/log/elkeid-agent.log //查看elkeid-agent的自身日志，验证结束进程后会自动启动，说明守护进程生效

我看目前对于 env 的采集，做了 ssh_connection 和 ld_preload 的
LD_LIBRARY_PATH 这个是否也需要添加进来呢

背景
需求只是看elkeid的日志。

在老版本的agent-smith上，编译3样：agent、lkm、agent的driver插件，启动agent后，即可查看数据：
1、lkm insmod到内核
2、agent driver插件计算hash后写入config.yaml

shasum -a 256 /etc/hids/plugin/driver/driver
echo "plugins: [{name: hids_driver,version: 1.5.0.0,path: ./plugin/driver/driver,sha256: 83fcf03a4fc41afa4a62e6069354952ff75734ea093ccc6c569bc59f2a56ed6e}]" > /etc/hids/config.yaml

3、启动agent：/etc/hids/agent --data=file --file_path $log

在新版本的elkeid上，由于依赖的组件过多。直接查看日志比较麻烦，请问有什么方法可以本地看日志吗？
已经尝试的工作：去除main.go中的transport依赖，agent已可以正常启动。

请问：
1、是否还可以通过yaml设置agent需要的driver？
2、是否可以本地查看日志？

谢谢。

func GetSystemdUnit() (units []SystemdUnit, err error) {

Is your feature request related to a problem? Please describe.
主机唯一标志ID如何保证在机器重启或agent-id文件不小心删除后，主机的唯一标志仍旧不变更？

Describe the solution you'd like

1. AgentID的计算方式更改为使用主机名+ip计算hash值的方式，MD5（主机名+ip），可以一定程度上保证agent-id文件被删除之后，重新生成的id仍旧相同（除非主机名或ip有变更）。
2. 生成的AgentID值双写文件，在agent进程重启时，只要有一个文件内容符合，可使用文件内容作为AgentID，并检查另一个文件是否一致，不一致则进行内容同步。

Describe alternatives you've considered
1.AgentID值需要保证无论是主机重启还是agent-id文件被篡改或者意外被删除，都能保证该机器的id值不变，否则管理后台将出现离线agent记录；
2.AgentID的生成方式依赖主机上不经常变更的属性，可以一定程度上减少再次生成AgentID时产生的变化。

Additional context

1. 镜像组同学在制作镜像的时候可能把agent-id文件放入镜像中，导致后续新启用主机的AgentID值均相同，需要提前和内核组同学沟通镜像制作脚本中增加删除某些目录的命令；
2. 通过统计agent上报心跳信息，检测是否一个AgentID对应很多的主机名和ip，如果出现此类情况，说明AgentID值已经被复用。

我按照GUIDE 和Makefile中的指导和错误
提示，在docker镜像中成功编译了rasp，但是在使用的时候发生了attach thread failed: 87219

具体错误信息

2021-07-29 13:20:45 | INFO  |             main.cpp:41  ] find target: 0x561ff65a3000 -> /usr/bin/python2.7
2021-07-29 13:20:45 | INFO  |             main.cpp:120 ] ensure func: 0x561ff6769ff0 run func: 0x561ff665cd73 release func: 0x561ff676a040
2021-07-29 13:20:45 | INFO  |             main.cpp:31  ] inject '/etc/elkeid/plugin/RASP/rasp/python_caller /etc/elkeid/plugin/RASP/rasp/python/entry.py 1 0x561ff6769ff0 0x561ff665cd73 0x561ff676a040' to process 87219
2021-07-29 13:20:45 | ERROR |        pt_inject.cpp:27  ] attach thread failed: 87219
2021-07-29 13:20:45 | ERROR |             main.cpp:41  ] ptrace injector attach failed

测试的python 脚本

import time
while True :
    print("test")
    time.sleep(10)

Dockerfile

FROM ubuntu:20.04

# ENV http_proxy=http://172.17.0.1:8889/
# ENV https_proxy=http://172.17.0.1:8889/
# ENV no_proxy=localhost,127.0.0.0/8,::1
# ENV ftp_proxy=http://172.17.0.1:8889/
# ENV all_proxy=socks://172.17.0.1:1089/

RUN apt update && DEBIAN_FRONTEND=noninteractive apt install python unzip libssl-dev gettext autopoint bison libtool-bin pkg-config curl python3 python3-pip git wget build-essential git autoconf -y

RUN cd /tmp \
&& wget https://github.com/Kitware/CMake/releases/download/v3.21.1/cmake-3.21.1.tar.gz \
&& tar -xf cmake-3.21.1.tar.gz && cd cmake-3.21.1 && ./bootstrap && make -j2 && make install

RUN git clone https://github.com/bytedance/Elkeid.git --recursive

RUN curl -O https://sf1-cdn-tos.douyinstatic.com/obj/eden-cn/laahweh7uhwbps/x86_64-linux-musl.tar.gz \
    && tar -xf x86_64-linux-musl.tar.gz\
    && mv x86_64-linux-musl /opt/

RUN curl -O https://download.java.net/java/GA/jdk14/076bab302c7b4508975440c56f6cc26a/36/GPL/openjdk-14_linux-x64_bin.tar.gz \
&&tar xvf openjdk-14_linux-x64_bin.tar.gz \
&&mv jdk-14 /opt/
ENV JAVA_HOME=/opt/jdk-14
ENV PATH=$PATH:$JAVA_HOME/bin

RUN cd /tmp && wget https://golang.org/dl/go1.16.6.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.16.6.linux-amd64.tar.gz
ENV PATH=$PATH:/usr/local/go/bin


RUN pip install setuptools \
&& pip install wheel

RUN cd /tmp && wget https://bootstrap.pypa.io/pip/2.7/get-pip.py \
&& python get-pip.py \
&& pip2 install setuptools \
&& pip2 install wheel

ENV RUSTUP_DIST_SERVER=https://mirrors.ustc.edu.cn/rust-static
ENV RUSTUP_UPDATE_ROOT=https://mirrors.ustc.edu.cn/rust-static/rustup
ENV PATH=/root/.cargo/bin:$PATH
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path \
   && /root/.cargo/bin/rustup target add x86_64-unknown-linux-musl

RUN cd /Elkeid/rasp/ && make build -j8 && make install

docker build -t elkeid-rasp:latest . 
docker run --rm -it elkeid-rasp /bin/bash

执行./elkeidup deploy --package package_community/ --config ./elkeid_server.yaml 命令后

在安装redis的时候报错，环境是在本地一台机器上进行部署

Describe the bug
安装启动agent无问题，装载driver驱动无问题，但是服务端下发插件（/createTask/config）并运行后（/controlTask），导致agent出现报错并结束进程，测试区有2台机器出现类似现象。
root@sec-tes (11:35:33) driver # insmod hids_driver-latest.ko
root@sec-tes (11:35:41) driver # dmesg
此处省略xxxxxx
To Reproduce
[30570201.271796] [ELKEID] ANTI_ROOTKIT_CHECK: 1
[30570201.543459] [ELKEID] uninstall_kprobe success
[30570201.543504] hids_driver: destroy 34 print event class
[30570513.805567] hids_driver: create 34 print event class
[30570513.808048] [ELKEID] Filter Init Success
[30570513.904521] [ELKEID] do_init_module register_kprobe failed, returned -2
[30570513.913196] [ELKEID] SANDBOX: 0
[30570513.913267] [ELKEID] register_kprobe success: connect_hook: 1,load_module_hook: 1,execve_hook: 1,call_usermodehekoer_hook: 0,bind_hook: 1,create_file_hook: 1,ptrace_hook: 1, update_cred_hook: 1, dns_hook: 0, accept_hook:0, mprotect_hook: 0,link_hook: 1, memfd_create: 1, rename_hook: 1,setsid_hook:1, prctl_hook:1, open_hook:0, nanosleep_hook:0, kill_hook: 0, rm_hook: 0, EXIT_HOOK: 0, EXIT_PROTECT: 0
[30570513.934363] [ELKEID] ANTI_ROOTKIT_CHECK: 1
root@sec-tes (11:35:43) driver # cd ../../
root@sec-tes (11:35:48) elkeid # ./elkeid-agent &
[1] 8829
root@sec-tes (11:35:56) elkeid # ps -ef | grep elkeid-agent
root 8829 8434 0 11:35 pts/0 00:00:00 ./elkeid-agent
root 8841 8434 0 11:36 pts/0 00:00:00 grep --color=auto elkeid-agent
root@sec-tes (11:36:04) elkeid # cat agent-id
3793d5e9-f3f0-40ea-96e9-113cceef0113root@sec-tes (11:36:09) elkeid #
然后服务端下发配置插件下载地址并运行。
root@sec-tes (11:36:56) elkeid # ps -ef | grep elkeid-agent
root 8829 8434 0 11:35 pts/0 00:00:00 ./elkeid-agent
root 8867 8434 0 11:37 pts/0 00:00:00 grep --color=auto elkeid-agent
root@sec-tes (11:37:38) elkeid # ps -ef | grep elkeid-agent panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x98a9bd]

goroutine 38 [running]:
github.com/bytedance/Elkeid/agent/plugin.(*Plugin).Connect(0xc000126360, 0x22a4, 0xc0005162a0, 0x6, 0xc0005162a6, 0x7, 0xbdf4b0, 0xc0000100c0, 0x0, 0x0)
/tmp/Elkeid/agent/plugin/plugin.go:131 +0x15d
github.com/bytedance/Elkeid/agent/plugin.Run.func2(0xbdf4b0, 0xc0000100c0, 0xc0000bd200)
/tmp/Elkeid/agent/plugin/server.go:133 +0x305
created by github.com/bytedance/Elkeid/agent/plugin.Run
/tmp/Elkeid/agent/plugin/server.go:117 +0xa8
^C
[1]+ Exit 2 ./elkeid-agent
root@sec-tes (11:37:58) elkeid #
root@sec-tes (11:38:09) elkeid # cat plugin/driver/driver_rCURRENT.log
[2021-05-11 11:37:40.104004 +08:00] INFO [driver] src/main.rs:32: Crash check passed
[2021-05-11 11:37:40.105144 +08:00] INFO [driver] src/main.rs:40: Kernel version check passed
[2021-05-11 11:37:40.257631 +08:00] INFO [driver::prepare] src/prepare.rs:133: Last version is the same version
[2021-05-11 11:37:40.386619 +08:00] INFO [driver::prepare] src/prepare.rs:115: insmod hids_driver success
[2021-05-11 11:37:40.386775 +08:00] ERROR [driver] src/main.rs:88: IO error while reading marker: failed to fill whole buffer
[2021-05-11 11:37:41.739446 +08:00] WARN [driver] src/main.rs:18: Safety exit
root@sec-tes (11:38:21) elkeid # cat plugin/driver/driver.stderr
root@sec-tes (11:55:18) elkeid # cat plugin/driver/driver.stdout
Log send failed:Send error. Must exit.
root@sec-tes (11:55:23) elkeid #

换了台机器测试还是有insmod: ERROR: could not insert module hids_driver.ko: Invalid parameters问题

root@st-arch-sec-tool-1 (17:24:02) LKM # uname -a
Linux st-arch-sec-tool-1 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

root@st-arch-sec-tool-1 (17:24:02) LKM #yum install kernel-devel //安装版本3.10.0-1160.15.2.el7

root@st-arch-sec-tool-1 (17:24:02) LKM #cd /lib/modules/3.10.0-514.el7.x86_64/
root@st-arch-sec-tool-1 (17:24:02)3.10.0-514.el7.x86_64#ln -s /usr/src/kernels/3.10.0-1160.15.2.el7.x86_64/ ./build //建立软链接

root@st-arch-sec-tool-1 (17:23:30) LKM # make clean && make
make -C /lib/modules/3.10.0-514.el7.x86_64/build M=/tmp/AgentSmith-HIDS-main/driver/LKM clean
make[1]: Entering directory /usr/src/kernels/3.10.0-1160.15.2.el7.x86_64' /tmp/AgentSmith-HIDS-main/driver/LKM/Makefile:23: make[1]: Leaving directory /usr/src/kernels/3.10.0-1160.15.2.el7.x86_64'
make -C /lib/modules/3.10.0-514.el7.x86_64/build M=/tmp/AgentSmith-HIDS-main/driver/LKM modules
make[1]: Entering directory /usr/src/kernels/3.10.0-1160.15.2.el7.x86_64' /tmp/AgentSmith-HIDS-main/driver/LKM/Makefile:23: CC [M] /tmp/AgentSmith-HIDS-main/driver/LKM/src/init.o CC [M] /tmp/AgentSmith-HIDS-main/driver/LKM/src/kprobe.o CC [M] /tmp/AgentSmith-HIDS-main/driver/LKM/src/trace.o CC [M] /tmp/AgentSmith-HIDS-main/driver/LKM/src/smith_hook.o CC [M] /tmp/AgentSmith-HIDS-main/driver/LKM/src/anti_rootkit.o CC [M] /tmp/AgentSmith-HIDS-main/driver/LKM/src/filter.o CC [M] /tmp/AgentSmith-HIDS-main/driver/LKM/src/util.o LD [M] /tmp/AgentSmith-HIDS-main/driver/LKM/hids_driver.o Building modules, stage 2. /tmp/AgentSmith-HIDS-main/driver/LKM/Makefile:23: MODPOST 1 modules CC /tmp/AgentSmith-HIDS-main/driver/LKM/hids_driver.mod.o LD [M] /tmp/AgentSmith-HIDS-main/driver/LKM/hids_driver.ko make[1]: Leaving directory /usr/src/kernels/3.10.0-1160.15.2.el7.x86_64'

root@st-arch-sec-tool-1 (17:24:02) LKM # dmesg //展示最近部分日志，多余的我裁掉了
8652677.623901] device veth57b0d02 left promiscuous mode
[18652677.623912] docker0: port 1(veth57b0d02) entered disabled state
[22480499.183461] hids_driver: loading out-of-tree module taints kernel.
[22480499.183654] hids_driver: module verification failed: signature and/or required key missing - tainting kernel
[22480499.183864] hids_driver: Unknown symbol __check_object_size (err 0)
[22480499.183961] hids_driver: Unknown symbol __x86_indirect_thunk_rax (err 0)
[22480499.183973] hids_driver: Unknown symbol __x86_indirect_thunk_rdx (err 0)
[22480499.183987] hids_driver: Unknown symbol page_offset_base (err 0)
[22480499.183997] hids_driver: disagrees about version of symbol dentry_path_raw
[22480499.183998] hids_driver: Unknown symbol dentry_path_raw (err -22)
[22480499.184064] hids_driver: Unknown symbol _raw_qspin_lock (err 0)
[22480499.184073] hids_driver: disagrees about version of symbol d_path
[22480499.184074] hids_driver: Unknown symbol d_path (err -22)

root@st-arch-sec-tool-1 (17:35:19) LKM # cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel Core Processor (Haswell, no TSX)
stepping : 1
microcode : 0x1
cpu MHz : 2095.072
cache size : 16384 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt
bogomips : 4190.14
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel Core Processor (Haswell, no TSX)
stepping : 1
microcode : 0x1
cpu MHz : 2095.072
cache size : 16384 KB
physical id : 1
siblings : 1
core id : 0
cpu cores : 1
apicid : 1
initial apicid : 1
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt
bogomips : 4190.14
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:

processor : 2
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel Core Processor (Haswell, no TSX)
stepping : 1
microcode : 0x1
cpu MHz : 2095.072
cache size : 16384 KB
physical id : 2
siblings : 1
core id : 0
cpu cores : 1
apicid : 2
initial apicid : 2
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt
bogomips : 4190.14
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management:

processor : 3
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel Core Processor (Haswell, no TSX)
stepping : 1
microcode : 0x1
cpu MHz : 2095.072
cache size : 16384 KB
physical id : 3
siblings : 1
core id : 0
cpu cores : 1
apicid : 3
initial apicid : 3
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm arat fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt
bogomips : 4190.14
clflush size : 64
cache_alignment : 64
address sizes : 46 bits physical, 48 bits virtual
power management: