tracee

package

Go to main page

Versions in this module

v0

v0.6.5

Dec 6, 2021

Changes in this version

+ const CgroupMkdirEventID

+ const CgroupRmdirEventID

+ type CgroupInfo struct

+ ContainerId string

+ Path string

+ Runtime string

type Containers

+ func (c *Containers) CgroupExists(cgroupId uint64) bool

+ func (c *Containers) CgroupLookupUpdate(cgroupId uint64) error

+ func (c *Containers) CgroupRemove(cgroupId uint64)

+ func (c *Containers) CgroupUpdate(cgroupId uint64, path string) (CgroupInfo, error)

+ func (c *Containers) GetCgroupInfo(cgroupId uint64) CgroupInfo

+ func (c *Containers) IsCgroupV1() bool

+ func (c *Containers) PopulateBpfMap(bpfModule *bpf.Module) error

+ func (c *Containers) RemoveFromBpfMap(bpfModule *bpf.Module, cgroupId uint64) error

type OutputConfig

+ ExecHash bool

v0.6.4

Nov 15, 2021

Changes in this version

+ const SecurityPostReadFileEventID

+ const SocketDupEventID

type CaptureConfig

+ Module bool

type OutputConfig

+ ParseArguments bool

v0.6.3

Oct 13, 2021

v0.6.2

Oct 9, 2021

Changes in this version

+ const Accept4EventID — darwin/amd64, linux/amd64, windows/amd64

+ const AcceptEventID — darwin/amd64, linux/amd64, windows/amd64

+ const AccessEventID — darwin/amd64, linux/amd64, windows/amd64

+ const AcctEventID — darwin/amd64, linux/amd64, windows/amd64

+ const AddKeyEventID — darwin/amd64, linux/amd64, windows/amd64

+ const AdjtimexEventID — darwin/amd64, linux/amd64, windows/amd64

+ const AfsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const AlarmEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ArchPrctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const BindEventID — darwin/amd64, linux/amd64, windows/amd64

+ const BpfEventID — darwin/amd64, linux/amd64, windows/amd64

+ const BrkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CONFIG_ARCH_HAS_SYSCALL_WRAPPER

+ const CapCapableEventID

+ const CapgetEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CapsetEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CgroupAttachTaskEventID

+ const ChdirEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ChmodEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ChownEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ChrootEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ClockAdjtimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ClockGetresEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ClockGettimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ClockNanosleepEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ClockSettimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Clone3EventID — darwin/amd64, linux/amd64, windows/amd64

+ const CloneEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CloseEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CloseRangeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CommitCredsEventID

+ const ConnectEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CopyFileRangeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CreatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const CreateModuleEventID — darwin/amd64, linux/amd64, windows/amd64

+ const DebugNetInetSockSetState

+ const DebugNetSecurityBind

+ const DebugNetTcpConnect

+ const DebugNetUdpDestroySock

+ const DebugNetUdpDisconnect

+ const DebugNetUdpSendmsg

+ const DebugNetUdpV6DestroySock

+ const DeleteModuleEventID — darwin/amd64, linux/amd64, windows/amd64

+ const DoExitEventID

+ const Dup2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const Dup3EventID — darwin/amd64, linux/amd64, windows/amd64

+ const DupEventID — darwin/amd64, linux/amd64, windows/amd64

+ const EpollCreate1EventID — darwin/amd64, linux/amd64, windows/amd64

+ const EpollCreateEventID — darwin/amd64, linux/amd64, windows/amd64

+ const EpollCtlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const EpollCtlOldEventID — darwin/amd64, linux/amd64, windows/amd64

+ const EpollPwait2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const EpollPwaitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const EpollWaitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const EpollWaitOldEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Eventfd2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const EventfdEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ExecveEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ExecveatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ExitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ExitGroupEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Faccessat2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const FaccessatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Fadvise64EventID — darwin/amd64, linux/amd64, windows/amd64

+ const FallocateEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FanotifyInitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FanotifyMarkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FchdirEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FchmodEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FchmodatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FchownEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FchownatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FcntlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FdatasyncEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FgetxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FinitModuleEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FlistxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FlockEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ForkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FremovexattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FsconfigEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FsetxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FsmountEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FsopenEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FspickEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FstatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FstatfsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FsyncEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FtruncateEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FutexEventID — darwin/amd64, linux/amd64, windows/amd64

+ const FutimesatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetKernelSymsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetMempolicyEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetRobustListEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetThreadAreaEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetcpuEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetcwdEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Getdents64EventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetdentsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetegidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GeteuidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetgidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetgroupsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetitimerEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetpeernameEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetpgidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetpgrpEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetpidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetpmsgEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetppidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetpriorityEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetrandomEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetresgidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetresuidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetrlimitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetrusageEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetsidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetsocknameEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetsockoptEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GettidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GettimeofdayEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetuidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GetxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const GreaterNotSetInt

+ const GreaterNotSetUint

+ const InitModuleEventID — darwin/amd64, linux/amd64, windows/amd64

+ const InitNamespacesEventID

+ const InitProcNsDir

+ const InotifyAddWatchEventID — darwin/amd64, linux/amd64, windows/amd64

+ const InotifyInit1EventID — darwin/amd64, linux/amd64, windows/amd64

+ const InotifyInitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const InotifyRmWatchEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoCancelEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoDestroyEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoGeteventsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoPgeteventsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoSetupEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoSubmitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoUringEnterEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoUringRegisterEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoUringSetupEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IopermEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoplEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoprioGetEventID — darwin/amd64, linux/amd64, windows/amd64

+ const IoprioSetEventID — darwin/amd64, linux/amd64, windows/amd64

+ const KcmpEventID — darwin/amd64, linux/amd64, windows/amd64

+ const KexecFileLoadEventID — darwin/amd64, linux/amd64, windows/amd64

+ const KexecLoadEventID — darwin/amd64, linux/amd64, windows/amd64

+ const KeyctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const KillEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LchownEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LessNotSetInt

+ const LessNotSetUint

+ const LgetxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LinkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LinkatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ListenEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ListxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LlistxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LookupDcookieEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LremovexattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LseekEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LsetxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const LstatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MadviseEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MagicWriteEventID

+ const MaxEventID

+ const MbindEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MemProtAlertEventID

+ const MembarrierEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MemfdCreateEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MigratePagesEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MincoreEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MkdirEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MkdiratEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MknodEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MknodatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Mlock2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const MlockEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MlockallEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MmapEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ModifyLdtEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MountEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MoveMountEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MovePagesEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MprotectEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MqGetsetattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MqNotifyEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MqOpenEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MqTimedreceiveEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MqTimedsendEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MqUnlinkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MremapEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MsgctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MsggetEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MsgrcvEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MsgsndEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MsyncEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MunlockEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MunlockallEventID — darwin/amd64, linux/amd64, windows/amd64

+ const MunmapEventID — darwin/amd64, linux/amd64, windows/amd64

+ const NameToHandleAtEventID — darwin/amd64, linux/amd64, windows/amd64

+ const NanosleepEventID — darwin/amd64, linux/amd64, windows/amd64

+ const NetPacket

+ const NewfstatatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const NfsservctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const OpenByHandleAtEventID — darwin/amd64, linux/amd64, windows/amd64

+ const OpenEventID — darwin/amd64, linux/amd64, windows/amd64

+ const OpenTreeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Openat2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const OpenatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PauseEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PerfEventOpenEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PersonalityEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PidfdGetfdEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PidfdOpenEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PidfdSendSignalEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Pipe2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const PipeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PivotRootEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PkeyAllocEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PkeyFreeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PkeyMprotectEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PollEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PpollEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PrctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Pread64EventID — darwin/amd64, linux/amd64, windows/amd64

+ const Preadv2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const PreadvEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Prlimit64EventID — darwin/amd64, linux/amd64, windows/amd64

+ const ProcessMadviseEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ProcessVmReadvEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ProcessVmWritevEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Pselect6EventID — darwin/amd64, linux/amd64, windows/amd64

+ const PtraceEventID — darwin/amd64, linux/amd64, windows/amd64

+ const PutpmsgEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Pwrite64EventID — darwin/amd64, linux/amd64, windows/amd64

+ const Pwritev2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const PwritevEventID — darwin/amd64, linux/amd64, windows/amd64

+ const QueryModuleEventID — darwin/amd64, linux/amd64, windows/amd64

+ const QuotactlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ReadEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ReadaheadEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ReadlinkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ReadlinkatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ReadvEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RebootEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RecvfromEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RecvmmsgEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RecvmsgEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RemapFilePagesEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RemovexattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RenameEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Renameat2EventID — darwin/amd64, linux/amd64, windows/amd64

+ const RenameatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RequestKeyEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RestartSyscallEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RmdirEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RseqEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RtSigactionEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RtSigpendingEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RtSigprocmaskEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RtSigqueueinfoEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RtSigreturnEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RtSigsuspendEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RtSigtimedwaitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const RtTgsigqueueinfoEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedGetPriorityMaxEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedGetPriorityMinEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedGetaffinityEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedGetattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedGetparamEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedGetschedulerEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedProcessExecEventID

+ const SchedProcessExitEventID

+ const SchedProcessForkEventID

+ const SchedRrGetIntervalEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedSetaffinityEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedSetattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedSetparamEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedSetschedulerEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SchedSwitchEventID

+ const SchedYieldEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SeccompEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SecurityBPFEventID

+ const SecurityBPFMapEventID

+ const SecurityBprmCheckEventID

+ const SecurityEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SecurityFileOpenEventID

+ const SecurityInodeMknodEventID

+ const SecurityInodeUnlinkEventID

+ const SecurityKernelReadFileEventID

+ const SecuritySbMountEventID

+ const SecuritySocketAcceptEventID

+ const SecuritySocketBindEventID

+ const SecuritySocketConnectEventID

+ const SecuritySocketCreateEventID

+ const SecuritySocketListenEventID

+ const SelectEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SemctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SemgetEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SemopEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SemtimedopEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SendfileEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SendmmsgEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SendmsgEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SendtoEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetMempolicyEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetRobustListEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetThreadAreaEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetTidAddressEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetdomainnameEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetfsgidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetfsuidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetgidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetgroupsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SethostnameEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetitimerEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetnsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetpgidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetpriorityEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetregidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetresgidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetresuidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetreuidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetrlimitEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetsidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetsockoptEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SettimeofdayEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetuidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SetxattrEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ShmatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ShmctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ShmdtEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ShmgetEventID — darwin/amd64, linux/amd64, windows/amd64

+ const ShutdownEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SigaltstackEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Signalfd4EventID — darwin/amd64, linux/amd64, windows/amd64

+ const SignalfdEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SocketEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SocketpairEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SpliceEventID — darwin/amd64, linux/amd64, windows/amd64

+ const StatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const StatfsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const StatxEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SwapoffEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SwaponEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SwitchTaskNSEventID

+ const SymlinkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SymlinkatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SyncEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SyncFileRangeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SyncfsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SysEnterEventID

+ const SysExitEventID

+ const SysctlEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SysfsEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SysinfoEventID — darwin/amd64, linux/amd64, windows/amd64

+ const SyslogEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TeeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TgkillEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimerCreateEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimerDeleteEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimerGetoverrunEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimerGettimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimerSettimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimerfdCreateEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimerfdGettimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimerfdSettimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TimesEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TkillEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TruncateEventID — darwin/amd64, linux/amd64, windows/amd64

+ const TuxcallEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UmaskEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UmountEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UnameEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UnlinkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UnlinkatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UnshareEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UselibEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UserfaultfdEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UstatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UtimeEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UtimensatEventID — darwin/amd64, linux/amd64, windows/amd64

+ const UtimesEventID — darwin/amd64, linux/amd64, windows/amd64

+ const VforkEventID — darwin/amd64, linux/amd64, windows/amd64

+ const VfsWriteEventID

+ const VfsWritevEventID

+ const VhangupEventID — darwin/amd64, linux/amd64, windows/amd64

+ const VmspliceEventID — darwin/amd64, linux/amd64, windows/amd64

+ const VserverEventID — darwin/amd64, linux/amd64, windows/amd64

+ const Wait4EventID — darwin/amd64, linux/amd64, windows/amd64

+ const WaitidEventID — darwin/amd64, linux/amd64, windows/amd64

+ const WriteEventID — darwin/amd64, linux/amd64, windows/amd64

+ const WritevEventID — darwin/amd64, linux/amd64, windows/amd64

+ var EventsIDToEvent = map[int32]EventConfig

+ var EventsIDToParams = map[int32][]external.ArgMeta

+ func CopyFileByPath(src, dst string) error

+ func CreateInitNamespacesEvent() (external.Event, error)

+ func ParseKernelReadFileId(id int32) (string, error)

+ func Print16BytesSliceIP(in []byte) string

+ func PrintAlert(alert alert) string

+ func PrintUint32IP(in uint32) string

+ type ArgFilter struct

+ Enabled bool

+ Filters map[int32]map[string]ArgFilterVal

+ func (argFilter *ArgFilter) Parse(filterName string, operatorAndValues string, eventsNameToID map[string]int32) error

+ type ArgFilterVal struct

+ Equal []string

+ NotEqual []string

+ type BoolFilter struct

+ Enabled bool

+ Value bool

+ func (boolFilter *BoolFilter) Parse(value string) error

+ func (filter *BoolFilter) Set(bpfModule *bpf.Module, configFilter bpfConfig) error

+ type CaptureConfig struct

+ Exec bool

+ FileWrite bool

+ FilterFileWrite []string

+ Mem bool

+ NetIfaces []string

+ OutputPath string

+ Profile bool

+ type Config struct

+ BPFObjBytes []byte

+ BPFObjPath string

+ BTFObjPath string

+ BlobPerfBufferSize int

+ Capture *CaptureConfig

+ ChanDone chan struct{}

+ ChanErrors chan error

+ ChanEvents chan external.Event

+ Debug bool

+ Filter *Filter

+ KernelConfig *helpers.KernelConfig

+ Output *OutputConfig

+ PerfBufferSize int

+ SecurityAlerts bool

+ func (tc Config) Validate() error

+ type Containers struct

+ func InitContainers() *Containers

+ func (c *Containers) GetContainers() []string

+ func (c *Containers) GetPids(contId string) []int32

+ func (c *Containers) Populate() error

+ type EventConfig struct

+ EssentialEvent bool

+ ID int32

+ ID32Bit int32

+ Name string

+ Probes []probe

+ Sets []string

+ type Filter struct

+ ArgFilter *ArgFilter

+ CommFilter *StringFilter

+ ContFilter *BoolFilter

+ EventsToTrace []int32

+ Follow bool

+ MntNSFilter *UintFilter

+ NewContFilter *BoolFilter

+ NewPidFilter *BoolFilter

+ PIDFilter *UintFilter

+ PidNSFilter *UintFilter

+ ProcessTreeFilter *ProcessTreeFilter

+ RetFilter *RetFilter

+ UIDFilter *UintFilter

+ UTSFilter *StringFilter

+ type IntFilter struct

+ Enabled bool

+ Equal []int64

+ Greater int64

+ Is32Bit bool

+ Less int64

+ NotEqual []int64

+ func (intFilter *IntFilter) Parse(operatorAndValues string) error

+ type OutputConfig struct

+ DetectSyscall bool

+ ExecEnv bool

+ ExecInfo bool

+ RelativeTime bool

+ StackAddresses bool

+ type ProcessTreeFilter struct

+ Enabled bool

+ PIDs map[uint32]bool

+ func (filter *ProcessTreeFilter) Set(bpfModule *bpf.Module) error

+ func (procTreeFilter *ProcessTreeFilter) Parse(operatorAndValues string) error

+ type RetFilter struct

+ Enabled bool

+ Filters map[int32]IntFilter

+ func (retFilter *RetFilter) Parse(filterName string, operatorAndValues string, eventsNameToID map[string]int32) error

+ type StringFilter struct

+ Enabled bool

+ Equal []string

+ NotEqual []string

+ func (filter *StringFilter) Set(bpfModule *bpf.Module, filterMapName string, configFilter bpfConfig) error

+ func (stringFilter *StringFilter) Parse(operatorAndValues string) error

+ type Tracee struct

+ StackAddressesMap *bpf.BPFMap

+ func New(cfg Config) (*Tracee, error)

+ func (t *Tracee) Close()

+ func (t *Tracee) GetStats() external.Stats

+ func (t *Tracee) Run() error

+ type UintFilter struct

+ Enabled bool

+ Equal []uint64

+ Greater uint64

+ Is32Bit bool

+ Less uint64

+ NotEqual []uint64

+ func (filter *UintFilter) Set(bpfModule *bpf.Module, filterMapName string, configFilter bpfConfig, ...) error

+ func (uintFilter *UintFilter) Parse(operatorAndValues string) error

Other modules containing this package

github.com/aquasecurity/tracee

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL