Documentation ¶
Overview ¶
Package modules is all the module definitions for system-probe
Index ¶
Constants ¶
This section is empty.
Variables ¶
var All = []module.Factory{ EBPFProbe, NetworkTracer, TCPQueueLength, OOMKillProbe, EventMonitor, Process, LanguageDetectionModule, ComplianceModule, Pinger, Traceroute, }
All System Probe modules should register their factories here
var ComplianceModule = module.Factory{ Name: config.ComplianceModule, ConfigNamespaces: []string{}, Fn: func(cfg *sysconfigtypes.Config, _ optional.Option[workloadmeta.Component]) (module.Module, error) { return &complianceModule{}, nil }, NeedsEBPF: func() bool { return false }, }
ComplianceModule is a system-probe module that exposes an HTTP api to perform compliance checks that require more privileges than security-agent can offer.
For instance, being able to run cross-container checks at runtime by directly accessing the /proc/<pid>/root mount point.
var DynamicInstrumentation = module.Factory{ Name: config.DynamicInstrumentationModule, ConfigNamespaces: []string{}, Fn: func(agentConfiguration *sysconfigtypes.Config, _ optional.Option[workloadmeta.Component]) (module.Module, error) { config, err := dynamicinstrumentation.NewConfig(agentConfiguration) if err != nil { return nil, fmt.Errorf("invalid dynamic instrumentation module configuration: %w", err) } m, err := dynamicinstrumentation.NewModule(config) if errors.Is(err, ebpf.ErrNotImplemented) { return nil, module.ErrNotEnabled } return m, nil }, NeedsEBPF: func() bool { return true }, }
DynamicInstrumentation is the dynamic instrumentation module factory
var EBPFProbe = module.Factory{ Name: config.EBPFModule, ConfigNamespaces: []string{}, Fn: func(cfg *sysconfigtypes.Config, _ optional.Option[workloadmeta.Component]) (module.Module, error) { log.Infof("Starting the ebpf probe") okp, err := ebpfcheck.NewProbe(ebpf.NewConfig()) if err != nil { return nil, fmt.Errorf("unable to start the ebpf probe: %w", err) } return &ebpfModule{ Probe: okp, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return true }, }
EBPFProbe Factory
var ErrProcessUnsupported = errors.New("process module unsupported")
ErrProcessUnsupported is an error type indicating that the process module is not support in the running environment
var ErrSysprobeUnsupported = errors.New("system-probe unsupported")
ErrSysprobeUnsupported is the unsupported error prefix, for error-class matching from callers
var EventMonitor = module.Factory{ Name: config.EventMonitorModule, ConfigNamespaces: eventMonitorModuleConfigNamespaces, Fn: createEventMonitorModule, NeedsEBPF: func() bool { return !coreconfig.SystemProbe.GetBool("runtime_security_config.ebpfless.enabled") }, }
EventMonitor - Event monitor Factory
var LanguageDetectionModule = module.Factory{ Name: config.LanguageDetectionModule, ConfigNamespaces: []string{"language_detection"}, Fn: func(cfg *sysconfigtypes.Config, _ optional.Option[workloadmeta.Component]) (module.Module, error) { return &languageDetectionModule{ languageDetector: privileged.NewLanguageDetector(), }, nil }, NeedsEBPF: func() bool { return false }, }
LanguageDetectionModule is the language detection module factory
var NetworkTracer = module.Factory{ Name: config.NetworkTracerModule, ConfigNamespaces: networkTracerModuleConfigNamespaces, Fn: createNetworkTracerModule, NeedsEBPF: func() bool { return true }, }
NetworkTracer is a factory for NPM's tracer
var OOMKillProbe = module.Factory{ Name: config.OOMKillProbeModule, ConfigNamespaces: []string{}, Fn: func(cfg *sysconfigtypes.Config, _ optional.Option[workloadmeta.Component]) (module.Module, error) { log.Infof("Starting the OOM Kill probe") okp, err := oomkill.NewProbe(ebpf.NewConfig()) if err != nil { return nil, fmt.Errorf("unable to start the OOM kill probe: %w", err) } return &oomKillModule{ Probe: okp, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return true }, }
OOMKillProbe Factory
var Pinger = module.Factory{ Name: config.PingModule, ConfigNamespaces: []string{"ping"}, Fn: func(cfg *sysconfigtypes.Config, _ optional.Option[workloadmeta.Component]) (module.Module, error) { return &pinger{}, nil }, NeedsEBPF: func() bool { return false }, }
Pinger is a factory for NDMs Ping module
var Process = module.Factory{ Name: config.ProcessModule, ConfigNamespaces: []string{}, Fn: func(cfg *sysconfigtypes.Config, _ optional.Option[workloadmeta.Component]) (module.Module, error) { log.Infof("Creating process module for: %s", filepath.Base(os.Args[0])) p := procutil.NewProcessProbe(procutil.WithReturnZeroPermStats(false)) return &process{ probe: p, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return false }, }
Process is a module that fetches process level data
var TCPQueueLength = module.Factory{ Name: config.TCPQueueLengthTracerModule, ConfigNamespaces: []string{}, Fn: func(cfg *sysconfigtypes.Config, _ optional.Option[workloadmeta.Component]) (module.Module, error) { t, err := tcpqueuelength.NewTracer(ebpf.NewConfig()) if err != nil { return nil, fmt.Errorf("unable to start the TCP queue length tracer: %w", err) } return &tcpQueueLengthModule{ Tracer: t, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return true }, }
TCPQueueLength Factory
var Traceroute = module.Factory{ Name: config.TracerouteModule, ConfigNamespaces: tracerouteConfigNamespaces, Fn: createTracerouteModule, NeedsEBPF: func() bool { return false }, }
Traceroute is a factory for NDMs Traceroute module
Functions ¶
This section is empty.
Types ¶
This section is empty.