Documentation ¶
Overview ¶
Package hash holds hash related files
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrSizeLimitReached indicates that the size limit was reached ErrSizeLimitReached = fmt.Errorf("size limit reached") )
Functions ¶
This section is empty.
Types ¶
type LRUCacheEntry ¶
type LRUCacheEntry struct {
// contains filtered or unexported fields
}
LRUCacheEntry is the structure used to cache hashes
type LRUCacheKey ¶
type LRUCacheKey struct {
// contains filtered or unexported fields
}
LRUCacheKey is the structure used to access cached hashes
type Resolver ¶
type Resolver struct {
// contains filtered or unexported fields
}
Resolver represents a cache for mountpoints and the corresponding file systems
func NewResolver ¶
func NewResolver(c *config.RuntimeSecurityConfig, statsdClient statsd.ClientInterface, cgroupResolver *cgroup.Resolver) (*Resolver, error)
NewResolver returns a new instance of the hash resolver
func (*Resolver) ComputeHashes ¶
func (resolver *Resolver) ComputeHashes(eventType model.EventType, process *model.Process, file *model.FileEvent) []string
ComputeHashes computes the hashes of the provided file event. Disclaimer: This resolver considers that the FileEvent has already been resolved
type ResolverOpts ¶
type ResolverOpts struct { // Enabled defines if the hash resolver should be enabled Enabled bool // MaxFileSize defines the maximum size of the files that the hash resolver is allowed to hash MaxFileSize int64 // HashAlgorithms defines the hashes that hash resolver needs to compute HashAlgorithms []model.HashAlgorithm // EventTypes defines the list of event types for which we may compute hashes. Warning: enabling a FIM event will // automatically make the hash resolver also hash process binary files. EventTypes []model.EventType }
ResolverOpts defines hash resolver options
type SizeLimitedWriter ¶
type SizeLimitedWriter struct {
// contains filtered or unexported fields
}
SizeLimitedWriter implements io.Writer and returns an error if more than the configured amount of data is read
Click to show internal directories.
Click to hide internal directories.