Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var Group = make([]Analyzer, 0)
Functions ¶
This section is empty.
Types ¶
type Analyzer ¶
type Analyzer interface { Scan(container api.Container) Result() []*event.TraceEvent }
type FileAnalyzer ¶
type FileAnalyzer struct {
// contains filtered or unexported fields
}
func (*FileAnalyzer) Result ¶
func (fa *FileAnalyzer) Result() []*event.TraceEvent
func (*FileAnalyzer) Scan ¶
func (fa *FileAnalyzer) Scan(container api.Container)
type ProcAnalyzer ¶
type ProcAnalyzer struct {
// contains filtered or unexported fields
}
ProcAnalyzer 检测容器内异常的进程
- 隐藏进程(mount -o bind方式) -
- 反弹shell的进程 -
- 带有挖矿、黑客工具、可疑进程名的进程
- 包含 Ptrace 的进程
func (*ProcAnalyzer) Result ¶
func (pa *ProcAnalyzer) Result() []*event.TraceEvent
func (*ProcAnalyzer) Scan ¶
func (pa *ProcAnalyzer) Scan(container api.Container)
Click to show internal directories.
Click to hide internal directories.