Documentation ¶
Overview ¶
Package profile holds profile related files
Package profile holds profile related files ¶
Package profile holds profile related files ¶
Package profile holds profile related files ¶
Package profile holds profile related files ¶
Package profile holds profile related files
Index ¶
- Constants
- func EventFilteringProfileStateToProto(efr model.EventFilteringProfileState) proto.EventProfileState
- func FillProfileContextFromProfile(ctx *model.SecurityProfileContext, profile *SecurityProfile, imageTag string, ...)
- func LoadProtoFromFile(filepath string) (*proto.SecurityProfile, error)
- func ProtoToSecurityProfile(output *SecurityProfile, pathsReducer *activity_tree.PathsReducer, ...)
- func ProtoToState(eps proto.EventProfileState) model.EventFilteringProfileState
- func SecurityProfileToProto(input *SecurityProfile) *proto.SecurityProfile
- type ActivityDumpManager
- type DirectoryProvider
- func (dp *DirectoryProvider) OnLocalStorageCleanup(files []string)
- func (dp *DirectoryProvider) SendStats(client statsd.ClientInterface) error
- func (dp *DirectoryProvider) SetOnNewProfileCallback(...)
- func (dp *DirectoryProvider) Start(ctx context.Context) error
- func (dp *DirectoryProvider) Stop() error
- func (dp *DirectoryProvider) UpdateWorkloadSelectors(selectors []cgroupModel.WorkloadSelector)
- type EventFilteringResult
- type EventTypeState
- type LoadOpts
- type Provider
- type SecurityProfile
- func (p *SecurityProfile) GetGlobalEventTypeState(et model.EventType) model.EventFilteringProfileState
- func (p *SecurityProfile) GetGlobalState() model.EventFilteringProfileState
- func (p *SecurityProfile) GetState(imageTag string) model.EventFilteringProfileState
- func (p *SecurityProfile) GetVersionContextIndex(index int) *VersionContext
- func (p *SecurityProfile) GetVersions() []string
- func (p *SecurityProfile) IsEventTypeValid(evtType model.EventType) bool
- func (p *SecurityProfile) ListAllVersionStates()
- func (p *SecurityProfile) LoadFromProto(input *proto.SecurityProfile, opts LoadOpts)
- func (p *SecurityProfile) LoadFromProtoFile(path string, opts LoadOpts) error
- func (p *SecurityProfile) MatchesSelector(entry *model.ProcessCacheEntry) bool
- func (p *SecurityProfile) NewProcessNodeCallback(_ *activity_tree.ProcessNode)
- func (p *SecurityProfile) SendStats(client statsd.ClientInterface) error
- func (p *SecurityProfile) SetVersionState(imageTag string, state model.EventFilteringProfileState) error
- func (p *SecurityProfile) ToSecurityProfileMessage() *api.SecurityProfileMessage
- type SecurityProfileManager
- func (m *SecurityProfileManager) CountEvictedVersion(imageName, imageTag string)
- func (m *SecurityProfileManager) FetchSilentWorkloads() map[cgroupModel.WorkloadSelector][]*tags.Workload
- func (m *SecurityProfileManager) FillProfileContextFromContainerID(id string, ctx *model.SecurityProfileContext, imageTag string)
- func (m *SecurityProfileManager) GetProfile(selector cgroupModel.WorkloadSelector) *SecurityProfile
- func (m *SecurityProfileManager) LinkProfile(profile *SecurityProfile, workload *tags.Workload)
- func (m *SecurityProfileManager) ListAllProfileStates()
- func (m *SecurityProfileManager) ListSecurityProfiles(params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)
- func (m *SecurityProfileManager) LookupEventInProfiles(event *model.Event)
- func (m *SecurityProfileManager) OnLocalStorageCleanup(files []string)
- func (m *SecurityProfileManager) OnNewProfileEvent(selector cgroupModel.WorkloadSelector, newProfile *proto.SecurityProfile)
- func (m *SecurityProfileManager) OnWorkloadDeletedEvent(workload *tags.Workload)
- func (m *SecurityProfileManager) OnWorkloadSelectorResolvedEvent(workload *tags.Workload)
- func (m *SecurityProfileManager) SaveSecurityProfile(params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)
- func (m *SecurityProfileManager) SendStats() error
- func (m *SecurityProfileManager) SetActivityDumpManager(manager ActivityDumpManager)
- func (m *SecurityProfileManager) ShouldDeleteProfile(profile *SecurityProfile)
- func (m *SecurityProfileManager) Start(ctx context.Context)
- func (m *SecurityProfileManager) UnlinkProfile(profile *SecurityProfile, workload *tags.Workload)
- type VersionContext
Constants ¶
const DefaultProfileName = "default"
DefaultProfileName used as default profile name
Variables ¶
This section is empty.
Functions ¶
func EventFilteringProfileStateToProto ¶
func EventFilteringProfileStateToProto(efr model.EventFilteringProfileState) proto.EventProfileState
EventFilteringProfileStateToProto convert a profile state to a proto one
func FillProfileContextFromProfile ¶
func FillProfileContextFromProfile(ctx *model.SecurityProfileContext, profile *SecurityProfile, imageTag string, state model.EventFilteringProfileState)
FillProfileContextFromProfile fills the given ctx with profile infos
func LoadProtoFromFile ¶
func LoadProtoFromFile(filepath string) (*proto.SecurityProfile, error)
LoadProtoFromFile loads proto profile from file
func ProtoToSecurityProfile ¶
func ProtoToSecurityProfile(output *SecurityProfile, pathsReducer *activity_tree.PathsReducer, input *proto.SecurityProfile)
ProtoToSecurityProfile decodes a Security Profile from its protobuf representation
func ProtoToState ¶
func ProtoToState(eps proto.EventProfileState) model.EventFilteringProfileState
ProtoToState converts a proto state to a profile one
func SecurityProfileToProto ¶
func SecurityProfileToProto(input *SecurityProfile) *proto.SecurityProfile
SecurityProfileToProto incode a Security Profile to its protobuf representation
Types ¶
type ActivityDumpManager ¶
type ActivityDumpManager interface {
StopDumpsWithSelector(selector cgroupModel.WorkloadSelector)
}
ActivityDumpManager is a generic interface to reach the Activity Dump manager
type DirectoryProvider ¶
DirectoryProvider is a ProfileProvider that fetches Security Profiles from the filesystem
func NewDirectoryProvider ¶
func NewDirectoryProvider(directory string, watch bool) (*DirectoryProvider, error)
NewDirectoryProvider returns a new instance of DirectoryProvider
func (*DirectoryProvider) OnLocalStorageCleanup ¶
func (dp *DirectoryProvider) OnLocalStorageCleanup(files []string)
OnLocalStorageCleanup removes the provided files from the entries of the directory provider
func (*DirectoryProvider) SendStats ¶
func (dp *DirectoryProvider) SendStats(client statsd.ClientInterface) error
SendStats sends the metrics of the directory provider
func (*DirectoryProvider) SetOnNewProfileCallback ¶
func (dp *DirectoryProvider) SetOnNewProfileCallback(onNewProfileCallback func(selector cgroupModel.WorkloadSelector, profile *proto.SecurityProfile))
SetOnNewProfileCallback sets the onNewProfileCallback function
func (*DirectoryProvider) Start ¶
func (dp *DirectoryProvider) Start(ctx context.Context) error
Start runs the directory provider
func (*DirectoryProvider) Stop ¶
func (dp *DirectoryProvider) Stop() error
Stop closes the directory provider
func (*DirectoryProvider) UpdateWorkloadSelectors ¶
func (dp *DirectoryProvider) UpdateWorkloadSelectors(selectors []cgroupModel.WorkloadSelector)
UpdateWorkloadSelectors updates the selectors used to query profiles
type EventFilteringResult ¶
type EventFilteringResult uint8
EventFilteringResult is used to compute metrics for the event filtering feature
const ( // NA not applicable for profil NoProfile and ProfileAtMaxSize state NA EventFilteringResult = iota // InProfile is used to count the events that matched a profile InProfile // NotInProfile is used to count the events that didn't match their profile NotInProfile )
type EventTypeState ¶
type EventTypeState struct {
// contains filtered or unexported fields
}
EventTypeState defines an event type state
type Provider ¶
type Provider interface { // Start runs the profile provider Start(ctx context.Context) error // Stop closes the profile provider Stop() error // SendStats sends the metrics of the profile provider SendStats(statsdClient statsd.ClientInterface) error // UpdateWorkloadSelectors updates the selectors used to query profiles UpdateWorkloadSelectors(selectors []cgroupModel.WorkloadSelector) // SetOnNewProfileCallback sets the onNewProfileCallback function SetOnNewProfileCallback(onNewProfileCallback func(selector cgroupModel.WorkloadSelector, profile *proto.SecurityProfile)) }
Provider defines a profile provider
type SecurityProfile ¶
type SecurityProfile struct { sync.Mutex // Instances is the list of workload instances to witch the profile should apply Instances []*tags.Workload // Metadata contains metadata for the current profile Metadata mtdt.Metadata // ActivityTree contains the activity tree of the Security Profile ActivityTree *activity_tree.ActivityTree // contains filtered or unexported fields }
SecurityProfile defines a security profile
func NewSecurityProfile ¶
func NewSecurityProfile(selector cgroupModel.WorkloadSelector, eventTypes []model.EventType, pathsReducer *activity_tree.PathsReducer) *SecurityProfile
NewSecurityProfile creates a new instance of Security Profile
func (*SecurityProfile) GetGlobalEventTypeState ¶
func (p *SecurityProfile) GetGlobalEventTypeState(et model.EventType) model.EventFilteringProfileState
GetGlobalEventTypeState returns the global state of a profile for a given event type: AutoLearning, StableEventType or UnstableEventType
func (*SecurityProfile) GetGlobalState ¶
func (p *SecurityProfile) GetGlobalState() model.EventFilteringProfileState
GetGlobalState returns the global state of a profile: AutoLearning, StableEventType or UnstableEventType
func (*SecurityProfile) GetState ¶
func (p *SecurityProfile) GetState(imageTag string) model.EventFilteringProfileState
GetState returns the state of a profile for a given imageTag
func (*SecurityProfile) GetVersionContextIndex ¶
func (p *SecurityProfile) GetVersionContextIndex(index int) *VersionContext
GetVersionContextIndex returns the context of the givent version if any
func (*SecurityProfile) GetVersions ¶
func (p *SecurityProfile) GetVersions() []string
GetVersions returns the number of versions stored in the profile (debug purpose only)
func (*SecurityProfile) IsEventTypeValid ¶
func (p *SecurityProfile) IsEventTypeValid(evtType model.EventType) bool
IsEventTypeValid is used to control which event types should trigger anomaly detection alerts
func (*SecurityProfile) ListAllVersionStates ¶
func (p *SecurityProfile) ListAllVersionStates()
ListAllVersionStates is a debug function to list all version and their states
func (*SecurityProfile) LoadFromProto ¶
func (p *SecurityProfile) LoadFromProto(input *proto.SecurityProfile, opts LoadOpts)
LoadFromProto populates the security-profile from the protobuf version
func (*SecurityProfile) LoadFromProtoFile ¶
func (p *SecurityProfile) LoadFromProtoFile(path string, opts LoadOpts) error
LoadFromProtoFile populates the security-profile from the protobuf file
func (*SecurityProfile) MatchesSelector ¶
func (p *SecurityProfile) MatchesSelector(entry *model.ProcessCacheEntry) bool
MatchesSelector is used to control how an event should be added to a profile
func (*SecurityProfile) NewProcessNodeCallback ¶
func (p *SecurityProfile) NewProcessNodeCallback(_ *activity_tree.ProcessNode)
NewProcessNodeCallback is a callback function used to propagate the fact that a new process node was added to the activity tree
func (*SecurityProfile) SendStats ¶
func (p *SecurityProfile) SendStats(client statsd.ClientInterface) error
SendStats sends profile stats
func (*SecurityProfile) SetVersionState ¶
func (p *SecurityProfile) SetVersionState(imageTag string, state model.EventFilteringProfileState) error
SetVersionState force a state for a given version (debug purpose only)
func (*SecurityProfile) ToSecurityProfileMessage ¶
func (p *SecurityProfile) ToSecurityProfileMessage() *api.SecurityProfileMessage
ToSecurityProfileMessage returns a SecurityProfileMessage filled with the content of the current Security Profile
type SecurityProfileManager ¶
type SecurityProfileManager struct {
// contains filtered or unexported fields
}
SecurityProfileManager is used to manage Security Profiles
func NewSecurityProfileManager ¶
func NewSecurityProfileManager(config *config.Config, statsdClient statsd.ClientInterface, resolvers *resolvers.EBPFResolvers, manager *manager.Manager) (*SecurityProfileManager, error)
NewSecurityProfileManager returns a new instance of SecurityProfileManager
func (*SecurityProfileManager) CountEvictedVersion ¶
func (m *SecurityProfileManager) CountEvictedVersion(imageName, imageTag string)
CountEvictedVersion count the evicted version for associated metric
func (*SecurityProfileManager) FetchSilentWorkloads ¶
func (m *SecurityProfileManager) FetchSilentWorkloads() map[cgroupModel.WorkloadSelector][]*tags.Workload
FetchSilentWorkloads returns the list of workloads for which we haven't received any profile
func (*SecurityProfileManager) FillProfileContextFromContainerID ¶
func (m *SecurityProfileManager) FillProfileContextFromContainerID(id string, ctx *model.SecurityProfileContext, imageTag string)
FillProfileContextFromContainerID populates a SecurityProfileContext for the given container ID
func (*SecurityProfileManager) GetProfile ¶
func (m *SecurityProfileManager) GetProfile(selector cgroupModel.WorkloadSelector) *SecurityProfile
GetProfile returns a profile by its selector
func (*SecurityProfileManager) LinkProfile ¶
func (m *SecurityProfileManager) LinkProfile(profile *SecurityProfile, workload *tags.Workload)
LinkProfile applies a profile to the provided workload
func (*SecurityProfileManager) ListAllProfileStates ¶
func (m *SecurityProfileManager) ListAllProfileStates()
ListAllProfileStates list all profiles and their versions (debug purpose only)
func (*SecurityProfileManager) ListSecurityProfiles ¶
func (m *SecurityProfileManager) ListSecurityProfiles(params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)
ListSecurityProfiles returns the list of security profiles
func (*SecurityProfileManager) LookupEventInProfiles ¶
func (m *SecurityProfileManager) LookupEventInProfiles(event *model.Event)
LookupEventInProfiles lookups event in profiles
func (*SecurityProfileManager) OnLocalStorageCleanup ¶
func (m *SecurityProfileManager) OnLocalStorageCleanup(files []string)
OnLocalStorageCleanup performs the necessary cleanup when the Activity Dump Manager local storage cleans up an entry
func (*SecurityProfileManager) OnNewProfileEvent ¶
func (m *SecurityProfileManager) OnNewProfileEvent(selector cgroupModel.WorkloadSelector, newProfile *proto.SecurityProfile)
OnNewProfileEvent handles the arrival of a new profile (or the new version of a profile) from a provider
func (*SecurityProfileManager) OnWorkloadDeletedEvent ¶
func (m *SecurityProfileManager) OnWorkloadDeletedEvent(workload *tags.Workload)
OnWorkloadDeletedEvent is used to handle a WorkloadDeleted event
func (*SecurityProfileManager) OnWorkloadSelectorResolvedEvent ¶
func (m *SecurityProfileManager) OnWorkloadSelectorResolvedEvent(workload *tags.Workload)
OnWorkloadSelectorResolvedEvent is used to handle the creation of a new cgroup with its resolved tags
func (*SecurityProfileManager) SaveSecurityProfile ¶
func (m *SecurityProfileManager) SaveSecurityProfile(params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)
SaveSecurityProfile saves the requested security profile to disk
func (*SecurityProfileManager) SendStats ¶
func (m *SecurityProfileManager) SendStats() error
SendStats sends metrics about the Security Profile manager
func (*SecurityProfileManager) SetActivityDumpManager ¶
func (m *SecurityProfileManager) SetActivityDumpManager(manager ActivityDumpManager)
SetActivityDumpManager sets the stopDumpsWithSelectorCallback function
func (*SecurityProfileManager) ShouldDeleteProfile ¶
func (m *SecurityProfileManager) ShouldDeleteProfile(profile *SecurityProfile)
ShouldDeleteProfile checks if a profile should be deleted (happens if no instance is linked to it)
func (*SecurityProfileManager) Start ¶
func (m *SecurityProfileManager) Start(ctx context.Context)
Start runs the manager of Security Profiles
func (*SecurityProfileManager) UnlinkProfile ¶
func (m *SecurityProfileManager) UnlinkProfile(profile *SecurityProfile, workload *tags.Workload)
UnlinkProfile removes the link between a workload and a profile
type VersionContext ¶
type VersionContext struct { // Syscalls is the syscalls profile Syscalls []uint32 // Tags defines the tags used to compute this profile, for each present profile versions Tags []string // contains filtered or unexported fields }
VersionContext holds the context of one version (defined by its image tag)