process

package
v1.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 13, 2023 License: AGPL-3.0 Imports: 30 Imported by: 0

Documentation

Overview

Package process fetches process and socket information from the operating system. It can find the process owning a network connection.

Index

Constants

View Source
const (
	// UndefinedProcessID is not used by any (virtual) process and signifies that
	// the PID is unset.
	UndefinedProcessID = -1

	// UnidentifiedProcessID is the PID used for outgoing connections that could
	// not be attributed to a PID for any reason.
	UnidentifiedProcessID = -2

	// UnsolicitedProcessID is the PID used for incoming connections that could
	// not be attributed to a PID for any reason.
	UnsolicitedProcessID = -3

	// NetworkHostProcessID is the PID used for requests served to the network.
	NetworkHostProcessID = -255
)
View Source
const SystemProcessID = 0

SystemProcessID is the PID of the System/Kernel itself.

Variables

View Source
var (
	CfgOptionEnableProcessDetectionKey = "core/enableProcessDetection"
)

Configuration Keys.

Functions

func All

func All() map[int]*Process

All returns a copy of all process objects.

func CleanProcessStorage

func CleanProcessStorage(activePIDs map[int]struct{})

CleanProcessStorage cleans the storage from old processes.

func RegisterTagHandler added in v0.9.9

func RegisterTagHandler(th TagHandler) error

RegisterTagHandler registers a tag handler.

func SetDBController

func SetDBController(controller *database.Controller)

SetDBController sets the database controller and allows the package to push database updates on a save. It must be set by the package that registers the "network" database.

Types

type MatchingData added in v0.9.9

type MatchingData struct {
	// contains filtered or unexported fields
}

MatchingData provides a interface compatible view on the process for profile matching.

func (*MatchingData) Cmdline added in v0.9.9

func (md *MatchingData) Cmdline() string

Cmdline returns the command line of the process.

func (*MatchingData) Env added in v0.9.9

func (md *MatchingData) Env() map[string]string

Env returns process.Env.

func (*MatchingData) MatchingPath added in v0.9.9

func (md *MatchingData) MatchingPath() string

MatchingPath returns process.MatchingPath.

func (*MatchingData) Path added in v0.9.9

func (md *MatchingData) Path() string

Path returns process.Path.

func (*MatchingData) Tags added in v0.9.9

func (md *MatchingData) Tags() []profile.Tag

Tags returns process.Tags.

type Process

type Process struct {
	record.Base
	sync.Mutex

	Name      string
	UserID    int
	UserName  string
	UserHome  string
	Pid       int
	ParentPid int
	Path      string
	ExecName  string
	Cwd       string
	CmdLine   string
	FirstArg  string
	Env       map[string]string

	// Tags holds extended information about the (virtual) process, which is used
	// to find a profile.
	Tags []profile.Tag
	// MatchingPath holds an alternative binary path that can be used to find a
	// profile.
	MatchingPath string

	// PrimaryProfileID holds the scoped ID of the primary profile.
	PrimaryProfileID string

	FirstSeen int64
	LastSeen  int64
	Error     string // Cache errors

	ExecHashes map[string]string
	// contains filtered or unexported fields
}

A Process represents a process running on the operating system.

func GetNetworkHost added in v0.6.5

func GetNetworkHost(ctx context.Context, remoteIP net.IP) (process *Process, err error)

GetNetworkHost returns a *Process that represents a host on the network.

func GetOrFindProcess

func GetOrFindProcess(ctx context.Context, pid int) (*Process, error)

GetOrFindProcess returns the process for the given PID.

func GetProcessByConnection added in v0.4.4

func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)

GetProcessByConnection returns the process that owns the described connection.

func GetProcessByRequestOrigin added in v0.9.1

func GetProcessByRequestOrigin(ar *api.Request) (*Process, error)

GetProcessByRequestOrigin returns the process that initiated the API request ar.

func GetProcessFromStorage

func GetProcessFromStorage(pid int) (*Process, bool)

GetProcessFromStorage returns a process from the internal storage.

func GetSystemProcess added in v0.4.1

func GetSystemProcess(ctx context.Context) *Process

GetSystemProcess returns the special process used for the Kernel.

func GetUnidentifiedProcess added in v0.4.1

func GetUnidentifiedProcess(ctx context.Context) *Process

GetUnidentifiedProcess returns the special process assigned to non-attributed outgoing connections.

func GetUnsolicitedProcess added in v0.8.6

func GetUnsolicitedProcess(ctx context.Context) *Process

GetUnsolicitedProcess returns the special process assigned to non-attributed incoming connections.

func (*Process) CreateProfileCallback added in v0.9.9

func (p *Process) CreateProfileCallback() *profile.Profile

CreateProfileCallback attempts to create a profile on special attributes of the process.

func (*Process) Delete

func (p *Process) Delete()

Delete deletes a process from the storage and propagates the change.

func (*Process) Equal added in v0.8.13

func (p *Process) Equal(other *Process) bool

Equal returns if the two processes are both identified and have the same PID.

func (*Process) GetExecHash

func (p *Process) GetExecHash(algorithm string) (string, error)

GetExecHash returns the hash of the executable with the given algorithm.

func (*Process) GetLastSeen added in v0.6.0

func (p *Process) GetLastSeen() int64

GetLastSeen returns the unix timestamp when the process was last seen.

func (*Process) GetProfile added in v0.4.0

func (p *Process) GetProfile(ctx context.Context) (changed bool, err error)

GetProfile finds and assigns a profile set to the process.

func (*Process) GetTag added in v0.9.9

func (p *Process) GetTag(tagID string) (profile.Tag, bool)

GetTag returns the process tag with the given ID.

func (*Process) IsIdentified added in v0.8.13

func (p *Process) IsIdentified() bool

IsIdentified returns whether the process has been identified or if it represents some kind of unidentified process.

func (*Process) IsSystemResolver added in v0.6.7

func (p *Process) IsSystemResolver() bool

IsSystemResolver is a shortcut to check if the process is or belongs to the system resolver and needs special handling.

func (*Process) MatchingData added in v0.9.9

func (p *Process) MatchingData() *MatchingData

MatchingData returns the matching data for the process.

func (*Process) Profile added in v0.4.0

func (p *Process) Profile() *profile.LayeredProfile

Profile returns the assigned layered profile.

func (*Process) Save

func (p *Process) Save()

Save saves the process to the internal state and pushes an update.

func (*Process) SetLastSeen added in v0.6.0

func (p *Process) SetLastSeen(lastSeen int64)

SetLastSeen sets the unix timestamp when the process was last seen.

func (*Process) String

func (p *Process) String() string

String returns a string representation of process.

type TagDescription added in v0.9.9

type TagDescription struct {
	ID          string
	Name        string
	Description string
}

TagDescription describes a tag.

type TagHandler added in v0.9.9

type TagHandler interface {
	// Name returns the tag handler name.
	Name() string

	// TagDescriptions returns a list of all possible tags and their description
	// of this handler.
	TagDescriptions() []TagDescription

	// AddTags adds tags to the given process.
	AddTags(p *Process)

	// CreateProfile creates a profile based on the tags of the process.
	// Returns nil to skip.
	CreateProfile(p *Process) *profile.Profile
}

TagHandler is a collection of process tag related interfaces.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL