Documentation
¶
Overview ¶
Package modules is all the module definitions for system-probe
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var All = []module.Factory{ EBPFProbe, NetworkTracer, TCPQueueLength, OOMKillProbe, EventMonitor, Process, DynamicInstrumentation, LanguageDetectionModule, ComplianceModule, Pinger, Traceroute, DiscoveryModule, GPUMonitoring, }
All System Probe modules should register their factories here
View Source
var ComplianceModule = module.Factory{ Name: config.ComplianceModule, ConfigNamespaces: []string{}, Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) { return &complianceModule{}, nil }, NeedsEBPF: func() bool { return false }, }
ComplianceModule is a system-probe module that exposes an HTTP api to perform compliance checks that require more privileges than security-agent can offer.
For instance, being able to run cross-container checks at runtime by directly accessing the /proc/<pid>/root mount point.
View Source
var DiscoveryModule = module.Factory{ Name: config.DiscoveryModule, ConfigNamespaces: []string{"discovery"}, Fn: discoverymodule.NewDiscoveryModule, NeedsEBPF: func() bool { return false }, }
DiscoveryModule is the discovery module factory.
View Source
var DynamicInstrumentation = module.Factory{ Name: config.DynamicInstrumentationModule, ConfigNamespaces: []string{}, Fn: func(agentConfiguration *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) { config, err := dimod.NewConfig(agentConfiguration) if err != nil { return nil, fmt.Errorf("invalid dynamic instrumentation module configuration: %w", err) } m, err := dimod.NewModule(config) if err != nil { if errors.Is(err, ebpf.ErrNotImplemented) { return nil, module.ErrNotEnabled } return nil, err } return m, nil }, NeedsEBPF: func() bool { return true }, }
DynamicInstrumentation is a system probe module which allows you to add instrumentation into running Go services without restarts.
View Source
var EBPFProbe = module.Factory{ Name: config.EBPFModule, ConfigNamespaces: []string{}, Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) { log.Infof("Starting the ebpf probe") okp, err := ebpfcheck.NewProbe(ebpf.NewConfig()) if err != nil { return nil, fmt.Errorf("unable to start the ebpf probe: %w", err) } return &ebpfModule{ Probe: okp, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return true }, }
EBPFProbe Factory
View Source
var ErrProcessUnsupported = errors.New("process module unsupported")
ErrProcessUnsupported is an error type indicating that the process module is not support in the running environment
View Source
var ErrSysprobeUnsupported = errors.New("system-probe unsupported")
ErrSysprobeUnsupported is the unsupported error prefix, for error-class matching from callers
View Source
var EventMonitor = module.Factory{ Name: config.EventMonitorModule, ConfigNamespaces: eventMonitorModuleConfigNamespaces, Fn: createEventMonitorModule, NeedsEBPF: func() bool { return !secconfig.IsEBPFLessModeEnabled() }, }
EventMonitor - Event monitor Factory
View Source
var GPUMonitoring = module.Factory{ Name: config.GPUMonitoringModule, ConfigNamespaces: gpuMonitoringConfigNamespaces, Fn: func(_ *sysconfigtypes.Config, deps module.FactoryDependencies) (module.Module, error) { if processEventConsumer == nil { return nil, fmt.Errorf("process event consumer not initialized") } c := gpuconfig.New() probeDeps := gpu.ProbeDependencies{ Telemetry: deps.Telemetry, NvmlLib: nvml.New(nvml.WithLibraryPath(c.NVMLLibraryPath)), ProcessMonitor: processEventConsumer, } ret := probeDeps.NvmlLib.Init() if ret != nvml.SUCCESS && ret != nvml.ERROR_ALREADY_INITIALIZED { return nil, fmt.Errorf("unable to initialize NVML library: %v", ret) } p, err := gpu.NewProbe(c, probeDeps) if err != nil { return nil, fmt.Errorf("unable to start %s: %w", config.GPUMonitoringModule, err) } return &GPUMonitoringModule{ Probe: p, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return true }, }
GPUMonitoring Factory
View Source
var LanguageDetectionModule = module.Factory{ Name: config.LanguageDetectionModule, ConfigNamespaces: []string{"language_detection"}, Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) { return &languageDetectionModule{ languageDetector: privileged.NewLanguageDetector(), }, nil }, NeedsEBPF: func() bool { return false }, }
LanguageDetectionModule is the language detection module factory
View Source
var NetworkTracer = module.Factory{ Name: config.NetworkTracerModule, ConfigNamespaces: networkTracerModuleConfigNamespaces, Fn: createNetworkTracerModule, NeedsEBPF: tracer.NeedsEBPF, }
NetworkTracer is a factory for NPM's tracer
View Source
var OOMKillProbe = module.Factory{ Name: config.OOMKillProbeModule, ConfigNamespaces: []string{}, Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) { log.Infof("Starting the OOM Kill probe") okp, err := oomkill.NewProbe(ebpf.NewConfig()) if err != nil { return nil, fmt.Errorf("unable to start the OOM kill probe: %w", err) } return &oomKillModule{ Probe: okp, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return true }, }
OOMKillProbe Factory
View Source
var Pinger = module.Factory{ Name: config.PingModule, ConfigNamespaces: []string{"ping"}, Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) { return &pinger{}, nil }, NeedsEBPF: func() bool { return false }, }
Pinger is a factory for NDMs Ping module
View Source
var Process = module.Factory{ Name: config.ProcessModule, ConfigNamespaces: []string{}, Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) { log.Infof("Creating process module for: %s", filepath.Base(os.Args[0])) p := procutil.NewProcessProbe(procutil.WithReturnZeroPermStats(false)) return &process{ probe: p, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return false }, }
Process is a module that fetches process level data
View Source
var TCPQueueLength = module.Factory{ Name: config.TCPQueueLengthTracerModule, ConfigNamespaces: []string{}, Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) { t, err := tcpqueuelength.NewTracer(ebpf.NewConfig()) if err != nil { return nil, fmt.Errorf("unable to start the TCP queue length tracer: %w", err) } return &tcpQueueLengthModule{ Tracer: t, lastCheck: atomic.NewInt64(0), }, nil }, NeedsEBPF: func() bool { return true }, }
TCPQueueLength Factory
View Source
var Traceroute = module.Factory{ Name: config.TracerouteModule, ConfigNamespaces: tracerouteConfigNamespaces, Fn: createTracerouteModule, NeedsEBPF: func() bool { return false }, }
Traceroute is a factory for NDMs Traceroute module
Functions ¶
This section is empty.
Types ¶
type GPUMonitoringModule ¶
GPUMonitoringModule is a module for GPU monitoring
func (*GPUMonitoringModule) Close ¶
func (t *GPUMonitoringModule) Close()
Close closes the GPU monitoring module
func (*GPUMonitoringModule) GetStats ¶
func (t *GPUMonitoringModule) GetStats() map[string]interface{}
GetStats returns the last check time
Source Files
¶
Click to show internal directories.
Click to hide internal directories.