Documentation ¶
Overview ¶
Package process fetches process and socket information from the operating system. It can find the process owning a network connection.
Index ¶
- Constants
- Variables
- func All() map[int]*Process
- func CleanProcessStorage(activePIDs map[int]struct{})
- func SetDBController(controller *database.Controller)
- type Process
- func GetOrFindPrimaryProcess(ctx context.Context, pid int) (*Process, error)
- func GetOrFindProcess(ctx context.Context, pid int) (*Process, error)
- func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)
- func GetProcessFromStorage(pid int) (*Process, bool)
- func GetSystemProcess(ctx context.Context) *Process
- func GetUnidentifiedProcess(ctx context.Context) *Process
- func (p *Process) Delete()
- func (p *Process) GetExecHash(algorithm string) (string, error)
- func (p *Process) GetProfile(ctx context.Context) error
- func (p *Process) IsAdmin() bool
- func (p *Process) IsKernel() bool
- func (p *Process) IsSystem() bool
- func (p *Process) IsUser() bool
- func (p *Process) Profile() *profile.LayeredProfile
- func (p *Process) Save()
- func (p *Process) String() string
Constants ¶
const ( UnidentifiedProcessID = -1 SystemProcessID = 0 )
Special Process IDs
Variables ¶
var (
CfgOptionEnableProcessDetectionKey = "core/enableProcessDetection"
)
Configuration Keys
var (
ErrProcessNotFound = errors.New("could not find process in system state tables")
)
Errors
Functions ¶
func CleanProcessStorage ¶
func CleanProcessStorage(activePIDs map[int]struct{})
CleanProcessStorage cleans the storage from old processes.
func SetDBController ¶
func SetDBController(controller *database.Controller)
SetDBController sets the database controller and allows the package to push database updates on a save. It must be set by the package that registers the "network" database.
Types ¶
type Process ¶
type Process struct { record.Base sync.Mutex UserID int UserName string UserHome string Pid int ParentPid int Path string Cwd string CmdLine string FirstArg string ExecName string ExecHashes map[string]string LocalProfileKey string Name string Icon string FirstSeen int64 LastSeen int64 Virtual bool // This process is either merged into another process or is not needed. Error string // Cache errors // contains filtered or unexported fields }
A Process represents a process running on the operating system
func GetOrFindPrimaryProcess ¶ added in v0.2.5
GetOrFindPrimaryProcess returns the highest process in the tree that matches the given PID.
func GetOrFindProcess ¶
GetOrFindProcess returns the process for the given PID.
func GetProcessByConnection ¶ added in v0.4.4
func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)
GetProcessByConnection returns the process that owns the described connection.
func GetProcessFromStorage ¶
GetProcessFromStorage returns a process from the internal storage.
func GetSystemProcess ¶ added in v0.4.1
GetSystemProcess returns the special process used for the Kernel.
func GetUnidentifiedProcess ¶ added in v0.4.1
GetUnidentifiedProcess returns the special process assigned to unidentified processes.
func (*Process) Delete ¶
func (p *Process) Delete()
Delete deletes a process from the storage and propagates the change.
func (*Process) GetExecHash ¶
GetExecHash returns the hash of the executable with the given algorithm.
func (*Process) GetProfile ¶ added in v0.4.0
GetProfile finds and assigns a profile set to the process.
func (*Process) Profile ¶ added in v0.4.0
func (p *Process) Profile() *profile.LayeredProfile
Profile returns the assigned layered profile.