audit

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AppArmorEvent

type AppArmorEvent struct {
	Version        uint32 `json:"version"`
	Event          uint32 `json:"event"`
	PID            uint64 `json:"pid"`
	PeerPID        uint64 `json:"peerPID"`
	Task           uint64 `json:"task"`
	MagicToken     uint64 `json:"magicToken"`
	Epoch          int64  `json:"epoch"`
	AuditSubId     uint32 `json:"auditSubId"`
	BitMask        int32  `json:"bitMask"`
	AuditId        string `json:"auditID"`
	Operation      string `json:"operation"`
	DeniedMask     string `json:"deniedMask"`
	RequestedMask  string `json:"requestedMask"`
	Fsuid          uint64 `json:"fsuid"`
	Ouid           uint64 `json:"ouid"`
	Profile        string `json:"profile"`
	PeerProfile    string `json:"peerProfile"`
	Comm           string `json:"comm"`
	Name           string `json:"name"`
	Name2          string `json:"name2"`
	Namespace      string `json:"namespace"`
	Attribute      string `json:"attribute"`
	Parent         uint64 `json:"parent"`
	Info           string `json:"info"`
	PeerInfo       string `json:"peerInfo"`
	ErrorCode      int32  `json:"errorCode"`
	ActiveHat      string `json:"activeHat"`
	NetFamily      string `json:"netFamily"`
	NetProtocol    string `json:"netProtocol"`
	NetSockType    string `json:"netSockType"`
	NetLocalAddr   string `json:"netLocalAddr"`
	NetLocalPort   uint64 `json:"netLocalPort"`
	NetForeignAddr string `json:"netForeignAddr"`
	NetForeignPort uint64 `json:"netForeignPort"`
	DbusBus        string `json:"dbusBus"`
	DbusPath       string `json:"dbusPath"`
	DbusInterface  string `json:"dbusInterface"`
	DbusMember     string `json:"dbusMember"`
	Signal         string `json:"signal"`
	Peer           string `json:"peer"`
	FsType         string `json:"fsType"`
	Flags          string `json:"flags"`
	SrcName        string `json:"srcName"`
}

type Auditor

type Auditor struct {
	TaskStartCh      chan varmortypes.ContainerInfo
	TaskDeleteCh     chan varmortypes.ContainerInfo
	TaskDeleteSyncCh chan bool
	// contains filtered or unexported fields
}

func NewAuditor

func NewAuditor(nodeName string, appArmorSupported, bpfLsmSupported, enableBehaviorModeling bool, auditLogPaths string, log logr.Logger) (*Auditor, error)

NewAuditor creates an auditor to audit the violations of target containers

func (*Auditor) AddBehaviorEventNotifyChs

func (auditor *Auditor) AddBehaviorEventNotifyChs(subscriber string, auditEventCh *chan string, bpfEventCh *chan bpfenforcer.BpfEvent)

func (*Auditor) Close

func (auditor *Auditor) Close()

func (*Auditor) DeleteBehaviorEventNotifyCh

func (auditor *Auditor) DeleteBehaviorEventNotifyCh(subscriber string)

func (*Auditor) Run

func (auditor *Auditor) Run(stopCh <-chan struct{})

type BpfCapabilityEvent

type BpfCapabilityEvent struct {
	Capability string `json:"capability"`
}

type BpfMountEvent

type BpfMountEvent struct {
	DevName string   `json:"devName"`
	Type    string   `json:"type"`
	Flags   []string `json:"flags"`
}

type BpfNetworkConnectEvent

type BpfNetworkConnectEvent struct {
	IP   string `json:"ip"`
	Port int    `json:"port"`
}

type BpfNetworkCreateEvent

type BpfNetworkCreateEvent struct {
	Domain   uint32 `json:"domain"`
	Type     uint32 `json:"type"`
	Protocol uint32 `json:"protocol"`
}

type BpfPathEvent

type BpfPathEvent struct {
	Permissions []string `json:"permissions"`
	Path        string   `json:"path"`
}

type BpfPtraceEvent

type BpfPtraceEvent struct {
	Permissions []string `json:"permissions"`
	External    bool     `json:"external"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL