module

package
v0.0.0-...-9a03fcd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 41 Imported by: 0

Documentation

Overview

Package module holds module related files

Package module holds module related files

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DisableRuntimeSecurity 

func DisableRuntimeSecurity(config *config.Config)

DisableRuntimeSecurity disables all the runtime security features

func ReportSelfTest 

func ReportSelfTest(sender events.EventSender, statsdClient statsd.ClientInterface, success []eval.RuleID, fails []eval.RuleID, testEvents map[eval.RuleID]*serializers.EventSerializer)

ReportSelfTest reports to Datadog that a self test was performed

func UpdateEventMonitorOpts 

func UpdateEventMonitorOpts(opts *eventmonitor.Opts, config *config.Config)

UpdateEventMonitorOpts adapt the event monitor options

Types

type APIServer 

type APIServer struct {
	api.UnimplementedSecurityModuleServer
	// contains filtered or unexported fields
}

APIServer represents a gRPC server in charge of receiving events sent by the runtime security system-probe module and forwards them to Datadog

func NewAPIServer 

func NewAPIServer(cfg *config.RuntimeSecurityConfig, probe *sprobe.Probe, msgSender MsgSender, client statsd.ClientInterface, selfTester *selftests.SelfTester) *APIServer

NewAPIServer returns a new gRPC event server

func (*APIServer) ApplyPolicyStates 

func (a *APIServer) ApplyPolicyStates(policies []*monitor.PolicyState)

ApplyPolicyStates the policy states

func (*APIServer) ApplyRuleIDs 

func (a *APIServer) ApplyRuleIDs(ruleIDs []rules.RuleID)

ApplyRuleIDs the rule ids

func (*APIServer) DumpActivity 

func (a *APIServer) DumpActivity(_ context.Context, params *api.ActivityDumpParams) (*api.ActivityDumpMessage, error)

DumpActivity handle an activity dump request

func (*APIServer) DumpDiscarders 

func (a *APIServer) DumpDiscarders(_ context.Context, _ *api.DumpDiscardersParams) (*api.DumpDiscardersMessage, error)

DumpDiscarders handles discarder dump requests

func (*APIServer) DumpNetworkNamespace 

func (a *APIServer) DumpNetworkNamespace(_ context.Context, params *api.DumpNetworkNamespaceParams) (*api.DumpNetworkNamespaceMessage, error)

DumpNetworkNamespace handles network namespace cache dump requests

func (*APIServer) DumpProcessCache 

func (a *APIServer) DumpProcessCache(_ context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)

DumpProcessCache handles process cache dump requests

func (*APIServer) GetActivityDumpStream 

func (a *APIServer) GetActivityDumpStream(_ *api.ActivityDumpStreamParams, stream api.SecurityModule_GetActivityDumpStreamServer) error

GetActivityDumpStream waits for activity dumps and forwards them to the stream

func (*APIServer) GetConfig 

func (a *APIServer) GetConfig(_ context.Context, _ *api.GetConfigParams) (*api.SecurityConfigMessage, error)

GetConfig returns config of the runtime security module required by the security agent

func (*APIServer) GetEvents 

func (a *APIServer) GetEvents(_ *api.GetEventParams, stream api.SecurityModule_GetEventsServer) error

GetEvents waits for security events

func (*APIServer) GetRuleSetReport 

func (a *APIServer) GetRuleSetReport(_ context.Context, _ *api.GetRuleSetReportParams) (*api.GetRuleSetReportResultMessage, error)

GetRuleSetReport reports the ruleset loaded

func (*APIServer) GetStats 

func (a *APIServer) GetStats() map[string]int64

GetStats returns a map indexed by ruleIDs that describes the amount of events that were expired or rate limited before reaching

func (*APIServer) GetStatus 

func (a *APIServer) GetStatus(_ context.Context, _ *api.GetStatusParams) (*api.Status, error)

GetStatus returns the status of the module

func (*APIServer) ListActivityDumps 

func (a *APIServer) ListActivityDumps(_ context.Context, params *api.ActivityDumpListParams) (*api.ActivityDumpListMessage, error)

ListActivityDumps returns the list of active dumps

func (*APIServer) ListSecurityProfiles 

func (a *APIServer) ListSecurityProfiles(_ context.Context, params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)

ListSecurityProfiles returns the list of security profiles

func (*APIServer) ReloadPolicies 

func (a *APIServer) ReloadPolicies(_ context.Context, _ *api.ReloadPoliciesParams) (*api.ReloadPoliciesResultMessage, error)

ReloadPolicies reloads the policies

func (*APIServer) RunSelfTest 

func (a *APIServer) RunSelfTest(_ context.Context, _ *api.RunSelfTestParams) (*api.SecuritySelfTestResultMessage, error)

RunSelfTest runs self test and then reload the current policies

func (*APIServer) SaveSecurityProfile 

func (a *APIServer) SaveSecurityProfile(_ context.Context, params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)

SaveSecurityProfile saves the requested security profile to disk

func (*APIServer) SendActivityDump 

func (a *APIServer) SendActivityDump(dump *api.ActivityDumpStreamMessage)

SendActivityDump queues an activity dump to the chan of activity dumps

func (*APIServer) SendEvent 

func (a *APIServer) SendEvent(rule *rules.Rule, e events.Event, extTagsCb func() []string, service string)

SendEvent forwards events sent by the runtime security module to Datadog

func (*APIServer) SendStats 

func (a *APIServer) SendStats() error

SendStats sends statistics about the number of dropped events

func (*APIServer) SetCWSConsumer 

func (a *APIServer) SetCWSConsumer(consumer *CWSConsumer)

SetCWSConsumer sets the CWS consumer

func (*APIServer) Start 

func (a *APIServer) Start(ctx context.Context)

Start the api server, starts to consume the msg queue

func (*APIServer) Stop 

func (a *APIServer) Stop()

Stop stops the API server

func (*APIServer) StopActivityDump 

func (a *APIServer) StopActivityDump(_ context.Context, params *api.ActivityDumpStopParams) (*api.ActivityDumpStopMessage, error)

StopActivityDump stops an active activity dump if it exists

func (*APIServer) TranscodingRequest 

func (a *APIServer) TranscodingRequest(_ context.Context, params *api.TranscodingRequestParams) (*api.TranscodingRequestMessage, error)

TranscodingRequest encodes an activity dump following the requested parameters

type CWSConsumer 

type CWSConsumer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

CWSConsumer represents the system-probe module for the runtime security agent

func NewCWSConsumer 

func NewCWSConsumer(evm *eventmonitor.EventMonitor, cfg *config.RuntimeSecurityConfig, opts Opts) (*CWSConsumer, error)

NewCWSConsumer initializes the module with options

func (*CWSConsumer) APIServer 

func (c *CWSConsumer) APIServer() *APIServer

APIServer returns the api server

func (*CWSConsumer) GetRuleEngine 

func (c *CWSConsumer) GetRuleEngine() *rulesmodule.RuleEngine

GetRuleEngine returns new current rule engine

func (*CWSConsumer) HandleActivityDump 

func (c *CWSConsumer) HandleActivityDump(dump *api.ActivityDumpStreamMessage)

HandleActivityDump sends an activity dump to the backend

func (*CWSConsumer) HandleCustomEvent 

func (c *CWSConsumer) HandleCustomEvent(rule *rules.Rule, event *events.CustomEvent)

HandleCustomEvent is called by the probe when an event should be sent to Datadog but doesn't need evaluation

func (*CWSConsumer) ID 

func (c *CWSConsumer) ID() string

ID returns id for CWS

func (*CWSConsumer) PostProbeStart 

func (c *CWSConsumer) PostProbeStart() error

PostProbeStart is called after the event stream is started

func (*CWSConsumer) RunSelfTest 

func (c *CWSConsumer) RunSelfTest(gRPC bool) (bool, error)

RunSelfTest runs the self tests

func (*CWSConsumer) SendEvent 

func (c *CWSConsumer) SendEvent(rule *rules.Rule, event events.Event, extTagsCb func() []string, service string)

SendEvent sends an event to the backend after checking that the rate limiter allows it for the provided rule

func (*CWSConsumer) SendStats 

func (c *CWSConsumer) SendStats()

SendStats send stats

func (*CWSConsumer) Start 

func (c *CWSConsumer) Start() error

Start the module

func (*CWSConsumer) Stop 

func (c *CWSConsumer) Stop()

Stop closes the module

type ChanMsgSender 

type ChanMsgSender struct {
	// contains filtered or unexported fields
}

ChanMsgSender defines a chan message sender

func NewChanMsgSender 

func NewChanMsgSender(msgs chan *api.SecurityEventMessage) *ChanMsgSender

NewChanMsgSender returns a new chan sender

func (*ChanMsgSender) Send 

func (cs *ChanMsgSender) Send(msg *api.SecurityEventMessage, expireFnc func(*api.SecurityEventMessage))

Send the message

type DirectMsgSender 

type DirectMsgSender struct {
	// contains filtered or unexported fields
}

DirectMsgSender defines a direct sender

func NewDirectMsgSender 

func NewDirectMsgSender(stopper startstop.Stopper) (*DirectMsgSender, error)

NewDirectMsgSender returns a new direct sender

func (*DirectMsgSender) Send 

func (ds *DirectMsgSender) Send(msg *api.SecurityEventMessage, _ func(*api.SecurityEventMessage))

Send the message

type GRPCServer 

type GRPCServer struct {
	// contains filtered or unexported fields
}

GRPCServer defines a gRPC server

func NewGRPCServer 

func NewGRPCServer(family string, address string) *GRPCServer

NewGRPCServer returns a new gRPC server

func (*GRPCServer) Start 

func (g *GRPCServer) Start() error

Start the server

func (*GRPCServer) Stop 

func (g *GRPCServer) Stop()

Stop the server

type MsgSender 

type MsgSender interface {
	Send(msg *api.SecurityEventMessage, expireFnc func(*api.SecurityEventMessage))
}

MsgSender defines a message sender

type Opts 

type Opts struct {
	EventSender events.EventSender
	MsgSender   MsgSender
}

Opts define module options

type Reloader 

type Reloader struct {
	// contains filtered or unexported fields
}

Reloader aims to handle policies reloading triggers

func NewReloader 

func NewReloader() *Reloader

NewReloader returns a new Reloader

func (*Reloader) Chan 

func (r *Reloader) Chan() <-chan struct{}

Chan returns the chan of reload events

func (*Reloader) Start 

func (r *Reloader) Start() error

Start the reloader

func (*Reloader) Stop 

func (r *Reloader) Stop()

Stop the Reloader

type ReloaderInterface 

type ReloaderInterface interface {
	Start() error
	Stop()
	Chan() <-chan struct{}
}

ReloaderInterface aims to handle policies reloading triggers

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.