Documentation ¶
Overview ¶
Package process fetches process and socket information from the operating system. It can find the process owning a network connection.
Index ¶
- Constants
- Variables
- func All() map[int]*Process
- func CleanProcessStorage(activePIDs map[int]struct{})
- func SetDBController(controller *database.Controller)
- type Process
- func GetOrFindProcess(ctx context.Context, pid int) (*Process, error)
- func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)
- func GetProcessFromStorage(pid int) (*Process, bool)
- func GetSystemProcess(ctx context.Context) *Process
- func GetUnidentifiedProcess(ctx context.Context) *Process
- func (p *Process) Delete()
- func (p *Process) GetExecHash(algorithm string) (string, error)
- func (p *Process) GetLastSeen() int64
- func (p *Process) GetProfile(ctx context.Context) (changed bool, err error)
- func (p *Process) Profile() *profile.LayeredProfile
- func (p *Process) Save()
- func (p *Process) SetLastSeen(lastSeen int64)
- func (p *Process) String() string
- func (p *Process) UpdateProfileMetadata()
Constants ¶
const SystemProcessID = 0
SystemProcessID is the PID of the System/Kernel itself.
const UnidentifiedProcessID = -1
UnidentifiedProcessID is the PID used for anything that could not be attributed to a PID for any reason.
Variables ¶
var (
CfgOptionEnableProcessDetectionKey = "core/enableProcessDetection"
)
Configuration Keys
Functions ¶
func CleanProcessStorage ¶
func CleanProcessStorage(activePIDs map[int]struct{})
CleanProcessStorage cleans the storage from old processes.
func SetDBController ¶
func SetDBController(controller *database.Controller)
SetDBController sets the database controller and allows the package to push database updates on a save. It must be set by the package that registers the "network" database.
Types ¶
type Process ¶
type Process struct { record.Base sync.Mutex Name string UserID int UserName string UserHome string Pid int ParentPid int Path string ExecName string Cwd string CmdLine string FirstArg string LocalProfileKey string FirstSeen int64 LastSeen int64 Error string // Cache errors ExecHashes map[string]string // contains filtered or unexported fields }
A Process represents a process running on the operating system
func GetOrFindProcess ¶
GetOrFindProcess returns the process for the given PID.
func GetProcessByConnection ¶ added in v0.4.4
func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)
GetProcessByConnection returns the process that owns the described connection.
func GetProcessFromStorage ¶
GetProcessFromStorage returns a process from the internal storage.
func GetSystemProcess ¶ added in v0.4.1
GetSystemProcess returns the special process used for the Kernel.
func GetUnidentifiedProcess ¶ added in v0.4.1
GetUnidentifiedProcess returns the special process assigned to unidentified processes.
func (*Process) Delete ¶
func (p *Process) Delete()
Delete deletes a process from the storage and propagates the change.
func (*Process) GetExecHash ¶
GetExecHash returns the hash of the executable with the given algorithm.
func (*Process) GetLastSeen ¶ added in v0.6.0
GetLastSeen returns the unix timestamp when the process was last seen.
func (*Process) GetProfile ¶ added in v0.4.0
GetProfile finds and assigns a profile set to the process.
func (*Process) Profile ¶ added in v0.4.0
func (p *Process) Profile() *profile.LayeredProfile
Profile returns the assigned layered profile.
func (*Process) Save ¶
func (p *Process) Save()
Save saves the process to the internal state and pushes an update.
func (*Process) SetLastSeen ¶ added in v0.6.0
SetLastSeen sets the unix timestamp when the process was last seen.
func (*Process) UpdateProfileMetadata ¶ added in v0.6.3
func (p *Process) UpdateProfileMetadata()