config

package
v0.0.0-...-dfb20d5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 9, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package config holds config related files

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	// event monitor/probe parameters
	ebpf.Config

	// EnableAllProbes defines if all probes should be activated regardless of loaded rules (while still respecting config, especially network disabled)
	EnableAllProbes bool

	// EnableKernelFilters defines if in-kernel filtering should be activated or not
	EnableKernelFilters bool

	// EnableApprovers defines if in-kernel approvers should be activated or not
	EnableApprovers bool

	// EnableDiscarders defines if in-kernel discarders should be activated or not
	EnableDiscarders bool

	// FlushDiscarderWindow defines the maximum time window for discarders removal.
	// This is used during reload to avoid removing all the discarders at the same time.
	FlushDiscarderWindow int

	// SocketPath is the path to the socket that is used to communicate with the security agent and process agent
	SocketPath string

	// EventServerBurst defines the maximum burst of events that can be sent over the grpc server
	EventServerBurst int

	// PIDCacheSize is the size of the user space PID caches
	PIDCacheSize int

	// StatsTagsCardinality determines the cardinality level of the tags added to the exported metrics
	StatsTagsCardinality string

	// CustomSensitiveWords defines words to add to the scrubber
	CustomSensitiveWords []string

	// ERPCDentryResolutionEnabled determines if the ERPC dentry resolution is enabled
	ERPCDentryResolutionEnabled bool

	// MapDentryResolutionEnabled determines if the map resolution is enabled
	MapDentryResolutionEnabled bool

	// DentryCacheSize is the size of the user space dentry cache
	DentryCacheSize int

	// NOTE(safchain) need to revisit this one as it can impact multiple event consumers
	// EnvsWithValue lists environnement variables that will be fully exported
	EnvsWithValue []string

	// RuntimeMonitor defines if the Go runtime and system monitor should be enabled
	RuntimeMonitor bool

	// EventStreamUseRingBuffer specifies whether to use eBPF ring buffers when available
	EventStreamUseRingBuffer bool

	// EventStreamBufferSize specifies the buffer size of the eBPF map used for events
	EventStreamBufferSize int

	// EventStreamUseFentry specifies whether to use eBPF fentry when available instead of kprobes
	EventStreamUseFentry bool

	// RuntimeCompilationEnabled defines if the runtime-compilation is enabled
	RuntimeCompilationEnabled bool

	// NetworkLazyInterfacePrefixes is the list of interfaces prefix that aren't explicitly deleted by the container
	// runtime, and that are lazily deleted by the kernel when a network namespace is cleaned up. This list helps the
	// agent detect when a network namespace should be purged from all caches.
	NetworkLazyInterfacePrefixes []string

	// NetworkClassifierPriority defines the priority at which CWS should insert its TC classifiers.
	NetworkClassifierPriority uint16

	// NetworkClassifierHandle defines the handle at which CWS should insert its TC classifiers.
	NetworkClassifierHandle uint16

	// RawNetworkClassifierHandle defines the handle at which CWS should insert its Raw TC classifiers.
	RawNetworkClassifierHandle uint16

	// ProcessConsumerEnabled defines if the process-agent wants to receive kernel events
	ProcessConsumerEnabled bool

	// NetworkConsumerEnabled defines if the network tracer system-probe module wants to receive kernel events
	NetworkConsumerEnabled bool

	// NetworkEnabled defines if the network probes should be activated
	NetworkEnabled bool

	// NetworkIngressEnabled defines if the network ingress probes should be activated
	NetworkIngressEnabled bool

	// NetworkRawPacketEnabled defines if the network raw packet is enabled
	NetworkRawPacketEnabled bool

	// NetworkPrivateIPRanges defines the list of IP that should be considered private
	NetworkPrivateIPRanges []string

	// NetworkExtraPrivateIPRanges defines the list of extra IP that should be considered private
	NetworkExtraPrivateIPRanges []string

	// StatsPollingInterval determines how often metrics should be polled
	StatsPollingInterval time.Duration

	// SyscallsMonitorEnabled defines if syscalls monitoring metrics should be collected
	SyscallsMonitorEnabled bool
}

Config defines a security config

func NewConfig

func NewConfig() (*Config, error)

NewConfig returns a new Config object

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL