monitor

package

v0.0.0-...-c365bfc Latest Latest Go to latest Published: Oct 26, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chae-yc/KubeArmor

Documentation ¶

Index ¶

Constants
Variables
func GetArgs(dataBuff *bytes.Buffer, Argnum int32) ([]interface{}, error)
func Min(a, b int) int
type ContextCombined
type NsKey
type SyscallContext
type SystemMonitor
- func NewSystemMonitor(node tp.Node, logger *fd.Feeder, containers *map[string]tp.Container, ...) *SystemMonitor

Constants ¶

View Source

const (
	SysOpen   = 2
	SysOpenAt = 257
	SysClose  = 3

	SysSocket  = 41
	SysConnect = 42
	SysAccept  = 43
	SysBind    = 49
	SysListen  = 50

	SysExecve   = 59
	SysExecveAt = 322
	DoExit      = 351
)

System Call Numbers

View Source

const (
	PermissionDenied = -13
	MaxStringLen     = 4096
)

SystemMonitor Constant Values

Variables ¶

View Source

var StopChan chan struct{}

StopChan Channel

Functions ¶

func GetArgs ¶

func GetArgs(dataBuff *bytes.Buffer, Argnum int32) ([]interface{}, error)

GetArgs Function

func Min ¶

func Min(a, b int) int

Min Function

Types ¶

type ContextCombined ¶

type ContextCombined struct {
	ContainerID string
	ContextSys  SyscallContext
	ContextArgs []interface{}
}

ContextCombined Structure

type NsKey ¶

type NsKey struct {
	PidNS uint32
	MntNS uint32
}

NsKey Structure

type SyscallContext ¶

type SyscallContext struct {
	Ts uint64

	PidID uint32
	MntID uint32

	HostPPID uint32
	HostPID  uint32

	PPID uint32
	PID  uint32
	UID  uint32

	EventID int32
	Argnum  int32
	Retval  int64

	Comm [16]byte
}

SyscallContext Structure

type SystemMonitor ¶

type SystemMonitor struct {
	// host
	HostName      string
	KernelVersion string

	// options
	EnableKubeArmorPolicy     bool
	EnableKubeArmorHostPolicy bool

	// logs
	Logger *fd.Feeder

	// container id -> cotnainer
	Containers     *map[string]tp.Container
	ContainersLock **sync.RWMutex

	// container id -> (host) pid
	ActivePidMap     *map[string]tp.PidMap
	ActiveHostPidMap *map[string]tp.PidMap
	ActivePidMapLock **sync.RWMutex

	// PidID + MntID -> container id
	NsMap     map[NsKey]string
	NsMapLock *sync.RWMutex

	// system monitor (for container)
	BpfModule *bcc.Module

	// context + args (for container)
	ContextChan chan ContextCombined

	// process + file (for container)
	SyscallChannel     chan []byte
	SyscallLostChannel chan uint64
	SyscallPerfMap     *bcc.PerfMap

	// host pid
	ActiveHostMap     *map[uint32]tp.PidMap
	ActiveHostMapLock **sync.RWMutex

	// system monitor (for host)
	HostBpfModule *bcc.Module

	// context + args (for host)
	HostContextChan chan ContextCombined

	// process + file (for host)
	HostSyscallChannel     chan []byte
	HostSyscallLostChannel chan uint64
	HostSyscallPerfMap     *bcc.PerfMap

	// lists to skip
	UntrackedNamespaces []string

	UptimeTimeStamp float64
	HostByteOrder   binary.ByteOrder

	// ticker to clean up exited pids
	Ticker *time.Ticker

	// GKE
	IsCOS bool
}

SystemMonitor Structure

func NewSystemMonitor ¶

func NewSystemMonitor(node tp.Node, logger *fd.Feeder, containers *map[string]tp.Container, containersLock **sync.RWMutex,
	activePidMap *map[string]tp.PidMap, activeHostPidMap *map[string]tp.PidMap, activePidMapLock **sync.RWMutex,
	activeHostMap *map[uint32]tp.PidMap, activeHostMapLock **sync.RWMutex) *SystemMonitor

NewSystemMonitor Function

func (*SystemMonitor) AddActiveHostPid ¶

func (mon *SystemMonitor) AddActiveHostPid(hostPid uint32, node tp.PidNode)

AddActiveHostPid Function

func (*SystemMonitor) AddActivePid ¶

func (mon *SystemMonitor) AddActivePid(containerID string, node tp.PidNode)

AddActivePid Function

func (*SystemMonitor) AddContainerIDToNsMap ¶

func (mon *SystemMonitor) AddContainerIDToNsMap(containerID string, pidns, mntns uint32)

AddContainerIDToNsMap Function

func (*SystemMonitor) BuildLogBase ¶

func (mon *SystemMonitor) BuildLogBase(msg ContextCombined) tp.Log

BuildLogBase Function

func (*SystemMonitor) BuildPidNode ¶

func (mon *SystemMonitor) BuildPidNode(ctx SyscallContext, execPath string, args []string) tp.PidNode

BuildPidNode Function

func (*SystemMonitor) CleanUpExitedHostPids ¶

func (mon *SystemMonitor) CleanUpExitedHostPids()

CleanUpExitedHostPids Function

func (*SystemMonitor) DeleteActiveHostPid ¶

func (mon *SystemMonitor) DeleteActiveHostPid(hostPid uint32)

DeleteActiveHostPid Function

func (*SystemMonitor) DeleteActivePid ¶

func (mon *SystemMonitor) DeleteActivePid(containerID string, ctx SyscallContext)

DeleteActivePid Function

func (*SystemMonitor) DeleteContainerIDFromNsMap ¶

func (mon *SystemMonitor) DeleteContainerIDFromNsMap(containerID string)

DeleteContainerIDFromNsMap Function

func (*SystemMonitor) DestroySystemMonitor ¶

func (mon *SystemMonitor) DestroySystemMonitor() error

DestroySystemMonitor Function

func (*SystemMonitor) GetExecPath ¶

func (mon *SystemMonitor) GetExecPath(containerID string, pid uint32) string

GetExecPath Function

func (*SystemMonitor) GetExecPathWithHostPID ¶

func (mon *SystemMonitor) GetExecPathWithHostPID(containerID string, hostPid uint32) string

GetExecPathWithHostPID Function

func (*SystemMonitor) GetHostExecPath ¶

func (mon *SystemMonitor) GetHostExecPath(hostPid uint32) string

GetHostExecPath Function

func (*SystemMonitor) InitBPF ¶

func (mon *SystemMonitor) InitBPF() error

InitBPF Function

func (*SystemMonitor) LookupContainerID ¶

func (mon *SystemMonitor) LookupContainerID(pidns, mntns, ppid, pid uint32) string

LookupContainerID Function

func (*SystemMonitor) TraceHostSyscall ¶

func (mon *SystemMonitor) TraceHostSyscall()

TraceHostSyscall Function

func (*SystemMonitor) TraceSyscall ¶

func (mon *SystemMonitor) TraceSyscall()

TraceSyscall Function

func (*SystemMonitor) UpdateContainerInfoByContainerID ¶

func (mon *SystemMonitor) UpdateContainerInfoByContainerID(log tp.Log) tp.Log

UpdateContainerInfoByContainerID Function

func (*SystemMonitor) UpdateHostLogs ¶

func (mon *SystemMonitor) UpdateHostLogs()

UpdateHostLogs Function

func (*SystemMonitor) UpdateLogs ¶

func (mon *SystemMonitor) UpdateLogs()

UpdateLogs Function

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL