modules

package
v0.0.0-...-d5a6f8d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2024 License: Apache-2.0 Imports: 59 Imported by: 0

Documentation

Overview

Package modules is all the module definitions for system-probe

Index

Constants

This section is empty.

Variables

View Source 
var All = []module.Factory{
	EBPFProbe,
	NetworkTracer,
	TCPQueueLength,
	OOMKillProbe,

	EventMonitor,
	Process,
	LanguageDetectionModule,
	ComplianceModule,
	Pinger,
	Traceroute,
	DiscoveryModule,
	GPUMonitoring,
}

All System Probe modules should register their factories here

View Source 
var ComplianceModule = module.Factory{
	Name:             config.ComplianceModule,
	ConfigNamespaces: []string{},
	Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		return &complianceModule{}, nil
	},
	NeedsEBPF: func() bool {
		return false
	},
}

ComplianceModule is a system-probe module that exposes an HTTP api to perform compliance checks that require more privileges than security-agent can offer.

For instance, being able to run cross-container checks at runtime by directly accessing the /proc/<pid>/root mount point.

View Source 
var DiscoveryModule = module.Factory{
	Name:             config.DiscoveryModule,
	ConfigNamespaces: []string{"discovery"},
	Fn:               discoverymodule.NewDiscoveryModule,
	NeedsEBPF: func() bool {
		return false
	},
}

DiscoveryModule is the discovery module factory.

View Source 
var DynamicInstrumentation = module.Factory{
	Name:             config.DynamicInstrumentationModule,
	ConfigNamespaces: []string{},
	Fn: func(agentConfiguration *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		config, err := dimod.NewConfig(agentConfiguration)
		if err != nil {
			return nil, fmt.Errorf("invalid dynamic instrumentation module configuration: %w", err)
		}
		m, err := dimod.NewModule(config)
		if err != nil {
			if errors.Is(err, ebpf.ErrNotImplemented) {
				return nil, module.ErrNotEnabled
			}
			return nil, err
		}

		return m, nil
	},
	NeedsEBPF: func() bool {
		return true
	},
}

DynamicInstrumentation is a system probe module which allows you to add instrumentation into running Go services without restarts.

View Source 
var EBPFProbe = module.Factory{
	Name:             config.EBPFModule,
	ConfigNamespaces: []string{},
	Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		log.Infof("Starting the ebpf probe")
		okp, err := ebpfcheck.NewProbe(ebpf.NewConfig())
		if err != nil {
			return nil, fmt.Errorf("unable to start the ebpf probe: %w", err)
		}
		return &ebpfModule{
			Probe:     okp,
			lastCheck: atomic.NewInt64(0),
		}, nil
	},
	NeedsEBPF: func() bool {
		return true
	},
}

EBPFProbe Factory

View Source 
var ErrProcessUnsupported = errors.New("process module unsupported")

ErrProcessUnsupported is an error type indicating that the process module is not support in the running environment

View Source 
var ErrSysprobeUnsupported = errors.New("system-probe unsupported")

ErrSysprobeUnsupported is the unsupported error prefix, for error-class matching from callers

View Source 
var EventMonitor = module.Factory{
	Name:             config.EventMonitorModule,
	ConfigNamespaces: eventMonitorModuleConfigNamespaces,
	Fn:               createEventMonitorModule,
	NeedsEBPF: func() bool {
		return !pkgconfigsetup.SystemProbe().GetBool("runtime_security_config.ebpfless.enabled")
	},
}

EventMonitor - Event monitor Factory

View Source 
var GPUMonitoring = module.Factory{
	Name:             config.GPUMonitoringModule,
	ConfigNamespaces: gpuMonitoringConfigNamespaces,
	Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		t, err := gpu.NewProbe(gpu.NewConfig(), nil)
		if err != nil {
			return nil, fmt.Errorf("unable to start GPU monitoring: %w", err)
		}

		return &GPUMonitoringModule{
			Probe:     t,
			lastCheck: atomic.NewInt64(0),
		}, nil
	},
	NeedsEBPF: func() bool {
		return true
	},
}

GPUMonitoring Factory

View Source 
var LanguageDetectionModule = module.Factory{
	Name:             config.LanguageDetectionModule,
	ConfigNamespaces: []string{"language_detection"},
	Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		return &languageDetectionModule{
			languageDetector: privileged.NewLanguageDetector(),
		}, nil
	},
	NeedsEBPF: func() bool {
		return false
	},
}

LanguageDetectionModule is the language detection module factory

View Source 
var NetworkTracer = module.Factory{
	Name:             config.NetworkTracerModule,
	ConfigNamespaces: networkTracerModuleConfigNamespaces,
	Fn:               createNetworkTracerModule,
	NeedsEBPF:        tracer.NeedsEBPF,
}

NetworkTracer is a factory for NPM's tracer

View Source 
var OOMKillProbe = module.Factory{
	Name:             config.OOMKillProbeModule,
	ConfigNamespaces: []string{},
	Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		log.Infof("Starting the OOM Kill probe")
		okp, err := oomkill.NewProbe(ebpf.NewConfig())
		if err != nil {
			return nil, fmt.Errorf("unable to start the OOM kill probe: %w", err)
		}
		return &oomKillModule{
			Probe:     okp,
			lastCheck: atomic.NewInt64(0),
		}, nil
	},
	NeedsEBPF: func() bool {
		return true
	},
}

OOMKillProbe Factory

View Source 
var Pinger = module.Factory{
	Name:             config.PingModule,
	ConfigNamespaces: []string{"ping"},
	Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		return &pinger{}, nil
	},
	NeedsEBPF: func() bool {
		return false
	},
}

Pinger is a factory for NDMs Ping module

View Source 
var Process = module.Factory{
	Name:             config.ProcessModule,
	ConfigNamespaces: []string{},
	Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		log.Infof("Creating process module for: %s", filepath.Base(os.Args[0]))

		p := procutil.NewProcessProbe(procutil.WithReturnZeroPermStats(false))
		return &process{
			probe:     p,
			lastCheck: atomic.NewInt64(0),
		}, nil
	},
	NeedsEBPF: func() bool {
		return false
	},
}

Process is a module that fetches process level data

View Source 
var TCPQueueLength = module.Factory{
	Name:             config.TCPQueueLengthTracerModule,
	ConfigNamespaces: []string{},
	Fn: func(_ *sysconfigtypes.Config, _ module.FactoryDependencies) (module.Module, error) {
		t, err := tcpqueuelength.NewTracer(ebpf.NewConfig())
		if err != nil {
			return nil, fmt.Errorf("unable to start the TCP queue length tracer: %w", err)
		}

		return &tcpQueueLengthModule{
			Tracer:    t,
			lastCheck: atomic.NewInt64(0),
		}, nil
	},
	NeedsEBPF: func() bool {
		return true
	},
}

TCPQueueLength Factory

View Source 
var Traceroute = module.Factory{
	Name:             config.TracerouteModule,
	ConfigNamespaces: tracerouteConfigNamespaces,
	Fn:               createTracerouteModule,
	NeedsEBPF: func() bool {
		return false
	},
}

Traceroute is a factory for NDMs Traceroute module

Functions

This section is empty.

Types

type GPUMonitoringModule 

type GPUMonitoringModule struct {
	*gpu.Probe
	// contains filtered or unexported fields
}

GPUMonitoringModule is a module for GPU monitoring

func (*GPUMonitoringModule) Close 

func (t *GPUMonitoringModule) Close()

Close closes the GPU monitoring module

func (*GPUMonitoringModule) GetStats 

func (t *GPUMonitoringModule) GetStats() map[string]interface{}

GetStats returns the last check time

func (*GPUMonitoringModule) Register 

func (t *GPUMonitoringModule) Register(httpMux *module.Router) error

Register registers the GPU monitoring module

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.