Documentation ¶
Index ¶
- Variables
- func NewModule(cfg *sconfig.Config) (module.Module, error)
- type APIServer
- func (a *APIServer) Apply(ruleIDs []rules.RuleID)
- func (a *APIServer) DumpProcessCache(ctx context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)
- func (a *APIServer) GetConfig(ctx context.Context, params *api.GetConfigParams) (*api.SecurityConfigMessage, error)
- func (a *APIServer) GetEvents(params *api.GetEventParams, stream api.SecurityModule_GetEventsServer) error
- func (a *APIServer) GetStats() map[string]int64
- func (a *APIServer) RunSelfTest(ctx context.Context, params *api.RunSelfTestParams) (*api.SecuritySelfTestResultMessage, error)
- func (a *APIServer) SendEvent(rule *rules.Rule, event Event, extTagsCb func() []string, service string)
- func (a *APIServer) SendStats() error
- func (a *APIServer) Start(ctx context.Context)
- type AgentContext
- type Event
- type Limit
- type Limiter
- type LimiterOpts
- type Module
- func (m *Module) Close()
- func (m *Module) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, ...)
- func (m *Module) GetProbe() *sprobe.Probe
- func (m *Module) GetRuleSet() (rs *rules.RuleSet)
- func (m *Module) GetStats() map[string]interface{}
- func (m *Module) HandleCustomEvent(rule *rules.Rule, event *sprobe.CustomEvent)
- func (m *Module) HandleEvent(event *sprobe.Event)
- func (m *Module) Init() error
- func (m *Module) Register(_ *module.Router) error
- func (m *Module) Reload() error
- func (m *Module) RuleMatch(rule *rules.Rule, event eval.Event)
- func (m *Module) SendEvent(rule *rules.Rule, event Event, extTagsCb func() []string, service string)
- func (m *Module) SetRulesetLoadedCallback(cb func(rs *rules.RuleSet))
- func (m *Module) Start() error
- type RateLimiter
- type RateLimiterStat
- type RuleEvent
- type SelfTester
- func (t *SelfTester) AddSelfTestRulesToRuleSets(ruleSet, approverRuleSet *rules.RuleSet)
- func (t *SelfTester) BeginWaitingForEvent() error
- func (t *SelfTester) Cleanup() error
- func (t *SelfTester) CreateTargetFileIfNeeded() error
- func (t *SelfTester) EndWaitingForEvent()
- func (t *SelfTester) GetSelfTestPolicy() *rules.Policy
- func (t *SelfTester) RunSelfTest() error
- func (t *SelfTester) SendEventIfExpecting(rule *rules.Rule, event eval.Event)
- type Signal
Constants ¶
This section is empty.
Variables ¶
var SelfTestFunctions = []func(*SelfTester) error{
selfTestOpen,
selfTestChmod,
selfTestChown,
}
SelfTestFunctions slice of self test functions representing each individual file test
Functions ¶
Types ¶
type APIServer ¶
type APIServer struct {
// contains filtered or unexported fields
}
APIServer represents a gRPC server in charge of receiving events sent by the runtime security system-probe module and forwards them to Datadog
func NewAPIServer ¶
NewAPIServer returns a new gRPC event server
func (*APIServer) DumpProcessCache ¶
func (a *APIServer) DumpProcessCache(ctx context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)
DumpProcessCache handle process dump cache requests
func (*APIServer) GetConfig ¶
func (a *APIServer) GetConfig(ctx context.Context, params *api.GetConfigParams) (*api.SecurityConfigMessage, error)
GetConfig returns config of the runtime security module required by the security agent
func (*APIServer) GetEvents ¶
func (a *APIServer) GetEvents(params *api.GetEventParams, stream api.SecurityModule_GetEventsServer) error
GetEvents waits for security events
func (*APIServer) GetStats ¶
GetStats returns a map indexed by ruleIDs that describes the amount of events that were expired or rate limited before reaching
func (*APIServer) RunSelfTest ¶
func (a *APIServer) RunSelfTest(ctx context.Context, params *api.RunSelfTestParams) (*api.SecuritySelfTestResultMessage, error)
RunSelfTest runs self test and then reload the current policies
func (*APIServer) SendEvent ¶
func (a *APIServer) SendEvent(rule *rules.Rule, event Event, extTagsCb func() []string, service string)
SendEvent forwards events sent by the runtime security module to Datadog
type AgentContext ¶
type AgentContext struct { RuleID string `json:"rule_id"` RuleVersion string `json:"rule_version,omitempty"` PolicyName string `json:"policy_name,omitempty"` PolicyVersion string `json:"policy_version,omitempty"` Version string `json:"version,omitempty"` }
AgentContext serializes the agent context to JSON easyjson:json
func (AgentContext) MarshalEasyJSON ¶
func (v AgentContext) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (AgentContext) MarshalJSON ¶
func (v AgentContext) MarshalJSON() ([]byte, error)
MarshalJSON supports json.Marshaler interface
func (*AgentContext) UnmarshalEasyJSON ¶
func (v *AgentContext) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
func (*AgentContext) UnmarshalJSON ¶
func (v *AgentContext) UnmarshalJSON(data []byte) error
UnmarshalJSON supports json.Unmarshaler interface
type Limiter ¶
type Limiter struct {
// contains filtered or unexported fields
}
Limiter describes an object that applies limits on the rate of triggering of a rule to ensure we don't overflow with too permissive rules
type LimiterOpts ¶
LimiterOpts rate limiter options
type Module ¶
Module represents the system-probe module for the runtime security agent
func (*Module) EventDiscarderFound ¶
func (m *Module) EventDiscarderFound(rs *rules.RuleSet, event eval.Event, field eval.Field, eventType eval.EventType)
EventDiscarderFound is called by the ruleset when a new discarder discovered
func (*Module) GetRuleSet ¶
GetRuleSet returns the set of loaded rules
func (*Module) HandleCustomEvent ¶
func (m *Module) HandleCustomEvent(rule *rules.Rule, event *sprobe.CustomEvent)
HandleCustomEvent is called by the probe when an event should be sent to Datadog but doesn't need evaluation
func (*Module) HandleEvent ¶
HandleEvent is called by the probe when an event arrives from the kernel
func (*Module) SendEvent ¶
func (m *Module) SendEvent(rule *rules.Rule, event Event, extTagsCb func() []string, service string)
SendEvent sends an event to the backend after checking that the rate limiter allows it for the provided rule
func (*Module) SetRulesetLoadedCallback ¶
SetRulesetLoadedCallback allows setting a callback called when a rule set is loaded
type RateLimiter ¶
RateLimiter describes a set of rule rate limiters
func NewRateLimiter ¶
func NewRateLimiter(client *statsd.Client, opts LimiterOpts) *RateLimiter
NewRateLimiter initializes an empty rate limiter
func (*RateLimiter) Allow ¶
func (rl *RateLimiter) Allow(ruleID string) bool
Allow returns true if a specific rule shall be allowed to sent a new event
func (*RateLimiter) GetStats ¶
func (rl *RateLimiter) GetStats() map[rules.RuleID]RateLimiterStat
GetStats returns a map indexed by ruleIDs that describes the amount of events that were dropped because of the rate limiter
func (*RateLimiter) SendStats ¶
func (rl *RateLimiter) SendStats() error
SendStats sends statistics about the number of sent and drops events for the set of rules
type RateLimiterStat ¶
type RateLimiterStat struct {
// contains filtered or unexported fields
}
RateLimiterStat represents the rate limiting statistics
type SelfTester ¶
type SelfTester struct {
// contains filtered or unexported fields
}
SelfTester represents all the state needed to conduct rule injection test at startup
func NewSelfTester ¶
func NewSelfTester() *SelfTester
NewSelfTester returns a new SelfTester, enabled or not
func (*SelfTester) AddSelfTestRulesToRuleSets ¶
func (t *SelfTester) AddSelfTestRulesToRuleSets(ruleSet, approverRuleSet *rules.RuleSet)
AddSelfTestRulesToRuleSets adds self test rules to the rulesets
func (*SelfTester) BeginWaitingForEvent ¶
func (t *SelfTester) BeginWaitingForEvent() error
BeginWaitingForEvent passes the tester in the waiting for event state
func (*SelfTester) Cleanup ¶
func (t *SelfTester) Cleanup() error
Cleanup removes temp directories and files used by the self tester
func (*SelfTester) CreateTargetFileIfNeeded ¶
func (t *SelfTester) CreateTargetFileIfNeeded() error
CreateTargetFileIfNeeded creates the needed target file for self test operations
func (*SelfTester) EndWaitingForEvent ¶
func (t *SelfTester) EndWaitingForEvent()
EndWaitingForEvent exits the waiting for event state
func (*SelfTester) GetSelfTestPolicy ¶
func (t *SelfTester) GetSelfTestPolicy() *rules.Policy
GetSelfTestPolicy returns the additional policy containing self test rules
func (*SelfTester) RunSelfTest ¶
func (t *SelfTester) RunSelfTest() error
RunSelfTest runs the self test
func (*SelfTester) SendEventIfExpecting ¶
func (t *SelfTester) SendEventIfExpecting(rule *rules.Rule, event eval.Event)
SendEventIfExpecting sends an event to the tester
type Signal ¶
type Signal struct { *AgentContext `json:"agent"` Title string `json:"title"` }
Signal - Rule event wrapper used to send an event to the backend easyjson:json
func (Signal) MarshalEasyJSON ¶
MarshalEasyJSON supports easyjson.Marshaler interface
func (Signal) MarshalJSON ¶
MarshalJSON supports json.Marshaler interface
func (*Signal) UnmarshalEasyJSON ¶
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
func (*Signal) UnmarshalJSON ¶
UnmarshalJSON supports json.Unmarshaler interface