Documentation ¶
Overview ¶
Package module holds module related files
Package module holds module related files ¶
Package module holds module related files ¶
Package module holds module related files ¶
Package module holds module related files
Index ¶
- func DisableRuntimeSecurity(config *config.Config)
- func UpdateEventMonitorOpts(opts *eventmonitor.Opts, config *config.Config)
- type APIServer
- func (a *APIServer) ApplyPolicyStates(policies []*monitor.PolicyState)
- func (a *APIServer) ApplyRuleIDs(ruleIDs []rules.RuleID)
- func (a *APIServer) DumpActivity(_ context.Context, params *api.ActivityDumpParams) (*api.ActivityDumpMessage, error)
- func (a *APIServer) DumpDiscarders(_ context.Context, _ *api.DumpDiscardersParams) (*api.DumpDiscardersMessage, error)
- func (a *APIServer) DumpNetworkNamespace(_ context.Context, params *api.DumpNetworkNamespaceParams) (*api.DumpNetworkNamespaceMessage, error)
- func (a *APIServer) DumpProcessCache(_ context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)
- func (a *APIServer) GetActivityDumpStream(_ *api.ActivityDumpStreamParams, ...) error
- func (a *APIServer) GetConfig(_ context.Context, _ *api.GetConfigParams) (*api.SecurityConfigMessage, error)
- func (a *APIServer) GetEvents(_ *api.GetEventParams, stream api.SecurityModule_GetEventsServer) error
- func (a *APIServer) GetRuleSetReport(_ context.Context, _ *api.GetRuleSetReportParams) (*api.GetRuleSetReportResultMessage, error)
- func (a *APIServer) GetStats() map[string]int64
- func (a *APIServer) GetStatus(_ context.Context, _ *api.GetStatusParams) (*api.Status, error)
- func (a *APIServer) ListActivityDumps(_ context.Context, params *api.ActivityDumpListParams) (*api.ActivityDumpListMessage, error)
- func (a *APIServer) ListSecurityProfiles(_ context.Context, params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)
- func (a *APIServer) ReloadPolicies(_ context.Context, _ *api.ReloadPoliciesParams) (*api.ReloadPoliciesResultMessage, error)
- func (a *APIServer) RunSelfTest(_ context.Context, _ *api.RunSelfTestParams) (*api.SecuritySelfTestResultMessage, error)
- func (a *APIServer) SaveSecurityProfile(_ context.Context, params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)
- func (a *APIServer) SendActivityDump(dump *api.ActivityDumpStreamMessage)
- func (a *APIServer) SendEvent(rule *rules.Rule, event events.Event, extTagsCb func() []string, ...)
- func (a *APIServer) SendStats() error
- func (a *APIServer) SetCWSConsumer(consumer *CWSConsumer)
- func (a *APIServer) Start(ctx context.Context)
- func (a *APIServer) Stop()
- func (a *APIServer) StopActivityDump(_ context.Context, params *api.ActivityDumpStopParams) (*api.ActivityDumpStopMessage, error)
- func (a *APIServer) TranscodingRequest(_ context.Context, params *api.TranscodingRequestParams) (*api.TranscodingRequestMessage, error)
- type CWSConsumer
- func (c *CWSConsumer) APIServer() *APIServer
- func (c *CWSConsumer) GetRuleEngine() *rulesmodule.RuleEngine
- func (c *CWSConsumer) HandleActivityDump(dump *api.ActivityDumpStreamMessage)
- func (c *CWSConsumer) HandleCustomEvent(rule *rules.Rule, event *events.CustomEvent)
- func (c *CWSConsumer) ID() string
- func (c *CWSConsumer) PostProbeStart() error
- func (c *CWSConsumer) PrepareForFunctionalTests()
- func (c *CWSConsumer) RunSelfTest(gRPC bool) (bool, error)
- func (c *CWSConsumer) SendEvent(rule *rules.Rule, event events.Event, extTagsCb func() []string, ...)
- func (c *CWSConsumer) SendStats()
- func (c *CWSConsumer) Start() error
- func (c *CWSConsumer) Stop()
- type ChanMsgSender
- type DirectMsgSender
- type GRPCServer
- type MsgSender
- type Opts
- type Reloader
- type ReloaderInterface
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DisableRuntimeSecurity ¶
DisableRuntimeSecurity disables all the runtime security features
func UpdateEventMonitorOpts ¶
func UpdateEventMonitorOpts(opts *eventmonitor.Opts, config *config.Config)
UpdateEventMonitorOpts adapt the event monitor options
Types ¶
type APIServer ¶
type APIServer struct { api.UnimplementedSecurityModuleServer // contains filtered or unexported fields }
APIServer represents a gRPC server in charge of receiving events sent by the runtime security system-probe module and forwards them to Datadog
func NewAPIServer ¶
func NewAPIServer(cfg *config.RuntimeSecurityConfig, probe *sprobe.Probe, msgSender MsgSender, client statsd.ClientInterface, selfTester *selftests.SelfTester, compression compression.Component) (*APIServer, error)
NewAPIServer returns a new gRPC event server
func (*APIServer) ApplyPolicyStates ¶
func (a *APIServer) ApplyPolicyStates(policies []*monitor.PolicyState)
ApplyPolicyStates the policy states
func (*APIServer) ApplyRuleIDs ¶
ApplyRuleIDs the rule ids
func (*APIServer) DumpActivity ¶
func (a *APIServer) DumpActivity(_ context.Context, params *api.ActivityDumpParams) (*api.ActivityDumpMessage, error)
DumpActivity handles an activity dump request
func (*APIServer) DumpDiscarders ¶
func (a *APIServer) DumpDiscarders(_ context.Context, _ *api.DumpDiscardersParams) (*api.DumpDiscardersMessage, error)
DumpDiscarders handles discarder dump requests
func (*APIServer) DumpNetworkNamespace ¶
func (a *APIServer) DumpNetworkNamespace(_ context.Context, params *api.DumpNetworkNamespaceParams) (*api.DumpNetworkNamespaceMessage, error)
DumpNetworkNamespace handles network namespace cache dump requests
func (*APIServer) DumpProcessCache ¶
func (a *APIServer) DumpProcessCache(_ context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)
DumpProcessCache handles process cache dump requests
func (*APIServer) GetActivityDumpStream ¶
func (a *APIServer) GetActivityDumpStream(_ *api.ActivityDumpStreamParams, stream api.SecurityModule_GetActivityDumpStreamServer) error
GetActivityDumpStream waits for activity dumps and forwards them to the stream
func (*APIServer) GetConfig ¶
func (a *APIServer) GetConfig(_ context.Context, _ *api.GetConfigParams) (*api.SecurityConfigMessage, error)
GetConfig returns config of the runtime security module required by the security agent
func (*APIServer) GetEvents ¶
func (a *APIServer) GetEvents(_ *api.GetEventParams, stream api.SecurityModule_GetEventsServer) error
GetEvents waits for security events
func (*APIServer) GetRuleSetReport ¶
func (a *APIServer) GetRuleSetReport(_ context.Context, _ *api.GetRuleSetReportParams) (*api.GetRuleSetReportResultMessage, error)
GetRuleSetReport reports the ruleset loaded
func (*APIServer) GetStats ¶
GetStats returns a map indexed by ruleIDs that describes the amount of events that were expired or rate limited before reaching
func (*APIServer) ListActivityDumps ¶
func (a *APIServer) ListActivityDumps(_ context.Context, params *api.ActivityDumpListParams) (*api.ActivityDumpListMessage, error)
ListActivityDumps returns the list of active dumps
func (*APIServer) ListSecurityProfiles ¶
func (a *APIServer) ListSecurityProfiles(_ context.Context, params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)
ListSecurityProfiles returns the list of security profiles
func (*APIServer) ReloadPolicies ¶
func (a *APIServer) ReloadPolicies(_ context.Context, _ *api.ReloadPoliciesParams) (*api.ReloadPoliciesResultMessage, error)
ReloadPolicies reloads the policies
func (*APIServer) RunSelfTest ¶
func (a *APIServer) RunSelfTest(_ context.Context, _ *api.RunSelfTestParams) (*api.SecuritySelfTestResultMessage, error)
RunSelfTest runs self test and then reload the current policies
func (*APIServer) SaveSecurityProfile ¶
func (a *APIServer) SaveSecurityProfile(_ context.Context, params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)
SaveSecurityProfile saves the requested security profile to disk
func (*APIServer) SendActivityDump ¶
func (a *APIServer) SendActivityDump(dump *api.ActivityDumpStreamMessage)
SendActivityDump queues an activity dump to the chan of activity dumps
func (*APIServer) SendEvent ¶
func (a *APIServer) SendEvent(rule *rules.Rule, event events.Event, extTagsCb func() []string, service string)
SendEvent forwards events sent by the runtime security module to Datadog
func (*APIServer) SetCWSConsumer ¶
func (a *APIServer) SetCWSConsumer(consumer *CWSConsumer)
SetCWSConsumer sets the CWS consumer
func (*APIServer) StopActivityDump ¶
func (a *APIServer) StopActivityDump(_ context.Context, params *api.ActivityDumpStopParams) (*api.ActivityDumpStopMessage, error)
StopActivityDump stops an active activity dump if it exists
func (*APIServer) TranscodingRequest ¶
func (a *APIServer) TranscodingRequest(_ context.Context, params *api.TranscodingRequestParams) (*api.TranscodingRequestMessage, error)
TranscodingRequest encodes an activity dump following the requested parameters
type CWSConsumer ¶
CWSConsumer represents the system-probe module for the runtime security agent
func NewCWSConsumer ¶
func NewCWSConsumer(evm *eventmonitor.EventMonitor, cfg *config.RuntimeSecurityConfig, wmeta workloadmeta.Component, opts Opts, compression compression.Component) (*CWSConsumer, error)
NewCWSConsumer initializes the module with options
func (*CWSConsumer) APIServer ¶
func (c *CWSConsumer) APIServer() *APIServer
APIServer returns the api server
func (*CWSConsumer) GetRuleEngine ¶
func (c *CWSConsumer) GetRuleEngine() *rulesmodule.RuleEngine
GetRuleEngine returns new current rule engine
func (*CWSConsumer) HandleActivityDump ¶
func (c *CWSConsumer) HandleActivityDump(dump *api.ActivityDumpStreamMessage)
HandleActivityDump sends an activity dump to the backend
func (*CWSConsumer) HandleCustomEvent ¶
func (c *CWSConsumer) HandleCustomEvent(rule *rules.Rule, event *events.CustomEvent)
HandleCustomEvent is called by the probe when an event should be sent to Datadog but doesn't need evaluation
func (*CWSConsumer) PostProbeStart ¶
func (c *CWSConsumer) PostProbeStart() error
PostProbeStart is called after the event stream is started
func (*CWSConsumer) PrepareForFunctionalTests ¶
func (c *CWSConsumer) PrepareForFunctionalTests()
PrepareForFunctionalTests tweaks the module to be ready for functional tests currently it: - disables the container running telemetry
func (*CWSConsumer) RunSelfTest ¶
func (c *CWSConsumer) RunSelfTest(gRPC bool) (bool, error)
RunSelfTest runs the self tests
type ChanMsgSender ¶
type ChanMsgSender struct {
// contains filtered or unexported fields
}
ChanMsgSender defines a chan message sender
func NewChanMsgSender ¶
func NewChanMsgSender(msgs chan *api.SecurityEventMessage) *ChanMsgSender
NewChanMsgSender returns a new chan sender
func (*ChanMsgSender) Send ¶
func (cs *ChanMsgSender) Send(msg *api.SecurityEventMessage, expireFnc func(*api.SecurityEventMessage))
Send the message
type DirectMsgSender ¶
type DirectMsgSender struct {
// contains filtered or unexported fields
}
DirectMsgSender defines a direct sender
func NewDirectMsgSender ¶
func NewDirectMsgSender(stopper startstop.Stopper, compression compression.Component) (*DirectMsgSender, error)
NewDirectMsgSender returns a new direct sender
func (*DirectMsgSender) Send ¶
func (ds *DirectMsgSender) Send(msg *api.SecurityEventMessage, _ func(*api.SecurityEventMessage))
Send the message
type GRPCServer ¶
type GRPCServer struct {
// contains filtered or unexported fields
}
GRPCServer defines a gRPC server
func NewGRPCServer ¶
func NewGRPCServer(family string, address string) *GRPCServer
NewGRPCServer returns a new gRPC server
type MsgSender ¶
type MsgSender interface {
Send(msg *api.SecurityEventMessage, expireFnc func(*api.SecurityEventMessage))
}
MsgSender defines a message sender
type Opts ¶
type Opts struct { EventSender events.EventSender MsgSender MsgSender }
Opts define module options
type Reloader ¶
type Reloader struct {
// contains filtered or unexported fields
}
Reloader aims to handle policies reloading triggers
type ReloaderInterface ¶
type ReloaderInterface interface { Start() error Stop() Chan() <-chan struct{} }
ReloaderInterface aims to handle policies reloading triggers