Documentation ¶
Index ¶
- func CheckerLogPrefix(checker interface{ ... }) string
- func NextResponseCheck(c MultiEventChecker, res *tetragon.GetEventsResponse, l *logrus.Logger) (bool, error)
- type BinaryPropertiesChecker
- func (checker *BinaryPropertiesChecker) Check(event *tetragon.BinaryProperties) error
- func (checker *BinaryPropertiesChecker) FromBinaryProperties(event *tetragon.BinaryProperties) *BinaryPropertiesChecker
- func (checker *BinaryPropertiesChecker) GetCheckerType() string
- func (checker *BinaryPropertiesChecker) WithFile(check *FilePropertiesChecker) *BinaryPropertiesChecker
- func (checker *BinaryPropertiesChecker) WithPrivilegesChanged(check *ProcessPrivilegesChangedListMatcher) *BinaryPropertiesChecker
- func (checker *BinaryPropertiesChecker) WithSetgid(check uint32) *BinaryPropertiesChecker
- func (checker *BinaryPropertiesChecker) WithSetuid(check uint32) *BinaryPropertiesChecker
- type CapabilitiesChecker
- func (checker *CapabilitiesChecker) Check(event *tetragon.Capabilities) error
- func (checker *CapabilitiesChecker) FromCapabilities(event *tetragon.Capabilities) *CapabilitiesChecker
- func (checker *CapabilitiesChecker) GetCheckerType() string
- func (checker *CapabilitiesChecker) WithEffective(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker
- func (checker *CapabilitiesChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker
- func (checker *CapabilitiesChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker
- type CapabilitiesTypeChecker
- type CapabilitiesTypeListMatcher
- func (checker *CapabilitiesTypeListMatcher) Check(values []tetragon.CapabilitiesType) error
- func (checker *CapabilitiesTypeListMatcher) WithOperator(operator listmatcher.Operator) *CapabilitiesTypeListMatcher
- func (checker *CapabilitiesTypeListMatcher) WithValues(values ...*CapabilitiesTypeChecker) *CapabilitiesTypeListMatcher
- type ContainerChecker
- func (checker *ContainerChecker) Check(event *tetragon.Container) error
- func (checker *ContainerChecker) FromContainer(event *tetragon.Container) *ContainerChecker
- func (checker *ContainerChecker) GetCheckerType() string
- func (checker *ContainerChecker) WithId(check *stringmatcher.StringMatcher) *ContainerChecker
- func (checker *ContainerChecker) WithImage(check *ImageChecker) *ContainerChecker
- func (checker *ContainerChecker) WithMaybeExecProbe(check bool) *ContainerChecker
- func (checker *ContainerChecker) WithName(check *stringmatcher.StringMatcher) *ContainerChecker
- func (checker *ContainerChecker) WithPid(check uint32) *ContainerChecker
- func (checker *ContainerChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ContainerChecker
- type Event
- type EventChecker
- type FilePropertiesChecker
- func (checker *FilePropertiesChecker) Check(event *tetragon.FileProperties) error
- func (checker *FilePropertiesChecker) FromFileProperties(event *tetragon.FileProperties) *FilePropertiesChecker
- func (checker *FilePropertiesChecker) GetCheckerType() string
- func (checker *FilePropertiesChecker) WithInode(check *InodePropertiesChecker) *FilePropertiesChecker
- func (checker *FilePropertiesChecker) WithPath(check *stringmatcher.StringMatcher) *FilePropertiesChecker
- type FnEventChecker
- type ImageChecker
- func (checker *ImageChecker) Check(event *tetragon.Image) error
- func (checker *ImageChecker) FromImage(event *tetragon.Image) *ImageChecker
- func (checker *ImageChecker) GetCheckerType() string
- func (checker *ImageChecker) WithId(check *stringmatcher.StringMatcher) *ImageChecker
- func (checker *ImageChecker) WithName(check *stringmatcher.StringMatcher) *ImageChecker
- type InodePropertiesChecker
- func (checker *InodePropertiesChecker) Check(event *tetragon.InodeProperties) error
- func (checker *InodePropertiesChecker) FromInodeProperties(event *tetragon.InodeProperties) *InodePropertiesChecker
- func (checker *InodePropertiesChecker) GetCheckerType() string
- func (checker *InodePropertiesChecker) WithLinks(check uint32) *InodePropertiesChecker
- func (checker *InodePropertiesChecker) WithNumber(check uint64) *InodePropertiesChecker
- type KernelModuleChecker
- func (checker *KernelModuleChecker) Check(event *tetragon.KernelModule) error
- func (checker *KernelModuleChecker) FromKernelModule(event *tetragon.KernelModule) *KernelModuleChecker
- func (checker *KernelModuleChecker) GetCheckerType() string
- func (checker *KernelModuleChecker) WithName(check *stringmatcher.StringMatcher) *KernelModuleChecker
- func (checker *KernelModuleChecker) WithSignatureOk(check bool) *KernelModuleChecker
- func (checker *KernelModuleChecker) WithTainted(check *TaintedBitsTypeListMatcher) *KernelModuleChecker
- type KprobeActionChecker
- type KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) Check(event *tetragon.KprobeArgument) error
- func (checker *KprobeArgumentChecker) FromKprobeArgument(event *tetragon.KprobeArgument) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) GetCheckerType() string
- func (checker *KprobeArgumentChecker) WithBpfAttrArg(check *KprobeBpfAttrChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithBpfMapArg(check *KprobeBpfMapChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithBytesArg(check *bytesmatcher.BytesMatcher) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithCapEffectiveArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithCapInheritableArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithCapPermittedArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithCapabilityArg(check *KprobeCapabilityChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithCredArg(check *KprobeCredChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithFileArg(check *KprobeFileChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithIntArg(check int32) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithKernelCapTArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithLabel(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithLinuxBinprmArg(check *KprobeLinuxBinprmChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithLongArg(check int64) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithModuleArg(check *KernelModuleChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithNetDevArg(check *KprobeNetDevChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithPathArg(check *KprobePathChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithPerfEventArg(check *KprobePerfEventChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithProcessCredentialsArg(check *ProcessCredentialsChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithSizeArg(check uint64) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithSkbArg(check *KprobeSkbChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithSockArg(check *KprobeSockChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithStringArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithTruncatedBytesArg(check *KprobeTruncatedBytesChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithUintArg(check uint32) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithUserNamespaceArg(check *KprobeUserNamespaceChecker) *KprobeArgumentChecker
- func (checker *KprobeArgumentChecker) WithUserNsArg(check *UserNamespaceChecker) *KprobeArgumentChecker
- type KprobeArgumentListMatcher
- func (checker *KprobeArgumentListMatcher) Check(values []*tetragon.KprobeArgument) error
- func (checker *KprobeArgumentListMatcher) WithOperator(operator listmatcher.Operator) *KprobeArgumentListMatcher
- func (checker *KprobeArgumentListMatcher) WithValues(values ...*KprobeArgumentChecker) *KprobeArgumentListMatcher
- type KprobeBpfAttrChecker
- func (checker *KprobeBpfAttrChecker) Check(event *tetragon.KprobeBpfAttr) error
- func (checker *KprobeBpfAttrChecker) FromKprobeBpfAttr(event *tetragon.KprobeBpfAttr) *KprobeBpfAttrChecker
- func (checker *KprobeBpfAttrChecker) GetCheckerType() string
- func (checker *KprobeBpfAttrChecker) WithInsnCnt(check uint32) *KprobeBpfAttrChecker
- func (checker *KprobeBpfAttrChecker) WithProgName(check *stringmatcher.StringMatcher) *KprobeBpfAttrChecker
- func (checker *KprobeBpfAttrChecker) WithProgType(check *stringmatcher.StringMatcher) *KprobeBpfAttrChecker
- type KprobeBpfMapChecker
- func (checker *KprobeBpfMapChecker) Check(event *tetragon.KprobeBpfMap) error
- func (checker *KprobeBpfMapChecker) FromKprobeBpfMap(event *tetragon.KprobeBpfMap) *KprobeBpfMapChecker
- func (checker *KprobeBpfMapChecker) GetCheckerType() string
- func (checker *KprobeBpfMapChecker) WithKeySize(check uint32) *KprobeBpfMapChecker
- func (checker *KprobeBpfMapChecker) WithMapName(check *stringmatcher.StringMatcher) *KprobeBpfMapChecker
- func (checker *KprobeBpfMapChecker) WithMapType(check *stringmatcher.StringMatcher) *KprobeBpfMapChecker
- func (checker *KprobeBpfMapChecker) WithMaxEntries(check uint32) *KprobeBpfMapChecker
- func (checker *KprobeBpfMapChecker) WithValueSize(check uint32) *KprobeBpfMapChecker
- type KprobeCapabilityChecker
- func (checker *KprobeCapabilityChecker) Check(event *tetragon.KprobeCapability) error
- func (checker *KprobeCapabilityChecker) FromKprobeCapability(event *tetragon.KprobeCapability) *KprobeCapabilityChecker
- func (checker *KprobeCapabilityChecker) GetCheckerType() string
- func (checker *KprobeCapabilityChecker) WithName(check *stringmatcher.StringMatcher) *KprobeCapabilityChecker
- func (checker *KprobeCapabilityChecker) WithValue(check int32) *KprobeCapabilityChecker
- type KprobeCredChecker
- func (checker *KprobeCredChecker) Check(event *tetragon.KprobeCred) error
- func (checker *KprobeCredChecker) FromKprobeCred(event *tetragon.KprobeCred) *KprobeCredChecker
- func (checker *KprobeCredChecker) GetCheckerType() string
- func (checker *KprobeCredChecker) WithEffective(check *CapabilitiesTypeListMatcher) *KprobeCredChecker
- func (checker *KprobeCredChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *KprobeCredChecker
- func (checker *KprobeCredChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *KprobeCredChecker
- type KprobeFileChecker
- func (checker *KprobeFileChecker) Check(event *tetragon.KprobeFile) error
- func (checker *KprobeFileChecker) FromKprobeFile(event *tetragon.KprobeFile) *KprobeFileChecker
- func (checker *KprobeFileChecker) GetCheckerType() string
- func (checker *KprobeFileChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeFileChecker
- func (checker *KprobeFileChecker) WithMount(check *stringmatcher.StringMatcher) *KprobeFileChecker
- func (checker *KprobeFileChecker) WithPath(check *stringmatcher.StringMatcher) *KprobeFileChecker
- func (checker *KprobeFileChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobeFileChecker
- type KprobeLinuxBinprmChecker
- func (checker *KprobeLinuxBinprmChecker) Check(event *tetragon.KprobeLinuxBinprm) error
- func (checker *KprobeLinuxBinprmChecker) FromKprobeLinuxBinprm(event *tetragon.KprobeLinuxBinprm) *KprobeLinuxBinprmChecker
- func (checker *KprobeLinuxBinprmChecker) GetCheckerType() string
- func (checker *KprobeLinuxBinprmChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker
- func (checker *KprobeLinuxBinprmChecker) WithPath(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker
- func (checker *KprobeLinuxBinprmChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker
- type KprobeNetDevChecker
- func (checker *KprobeNetDevChecker) Check(event *tetragon.KprobeNetDev) error
- func (checker *KprobeNetDevChecker) FromKprobeNetDev(event *tetragon.KprobeNetDev) *KprobeNetDevChecker
- func (checker *KprobeNetDevChecker) GetCheckerType() string
- func (checker *KprobeNetDevChecker) WithName(check *stringmatcher.StringMatcher) *KprobeNetDevChecker
- type KprobePathChecker
- func (checker *KprobePathChecker) Check(event *tetragon.KprobePath) error
- func (checker *KprobePathChecker) FromKprobePath(event *tetragon.KprobePath) *KprobePathChecker
- func (checker *KprobePathChecker) GetCheckerType() string
- func (checker *KprobePathChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobePathChecker
- func (checker *KprobePathChecker) WithMount(check *stringmatcher.StringMatcher) *KprobePathChecker
- func (checker *KprobePathChecker) WithPath(check *stringmatcher.StringMatcher) *KprobePathChecker
- func (checker *KprobePathChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobePathChecker
- type KprobePerfEventChecker
- func (checker *KprobePerfEventChecker) Check(event *tetragon.KprobePerfEvent) error
- func (checker *KprobePerfEventChecker) FromKprobePerfEvent(event *tetragon.KprobePerfEvent) *KprobePerfEventChecker
- func (checker *KprobePerfEventChecker) GetCheckerType() string
- func (checker *KprobePerfEventChecker) WithConfig(check uint64) *KprobePerfEventChecker
- func (checker *KprobePerfEventChecker) WithKprobeFunc(check *stringmatcher.StringMatcher) *KprobePerfEventChecker
- func (checker *KprobePerfEventChecker) WithProbeOffset(check uint64) *KprobePerfEventChecker
- func (checker *KprobePerfEventChecker) WithType(check *stringmatcher.StringMatcher) *KprobePerfEventChecker
- type KprobeSkbChecker
- func (checker *KprobeSkbChecker) Check(event *tetragon.KprobeSkb) error
- func (checker *KprobeSkbChecker) FromKprobeSkb(event *tetragon.KprobeSkb) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) GetCheckerType() string
- func (checker *KprobeSkbChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithDport(check uint32) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithHash(check uint32) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithLen(check uint32) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithMark(check uint32) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithPriority(check uint32) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithProto(check uint32) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithSecPathLen(check uint32) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithSecPathOlen(check uint32) *KprobeSkbChecker
- func (checker *KprobeSkbChecker) WithSport(check uint32) *KprobeSkbChecker
- type KprobeSockChecker
- func (checker *KprobeSockChecker) Check(event *tetragon.KprobeSock) error
- func (checker *KprobeSockChecker) FromKprobeSock(event *tetragon.KprobeSock) *KprobeSockChecker
- func (checker *KprobeSockChecker) GetCheckerType() string
- func (checker *KprobeSockChecker) WithCookie(check uint64) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithDport(check uint32) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithMark(check uint32) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithPriority(check uint32) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithSport(check uint32) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithState(check *stringmatcher.StringMatcher) *KprobeSockChecker
- func (checker *KprobeSockChecker) WithType(check *stringmatcher.StringMatcher) *KprobeSockChecker
- type KprobeTruncatedBytesChecker
- func (checker *KprobeTruncatedBytesChecker) Check(event *tetragon.KprobeTruncatedBytes) error
- func (checker *KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes(event *tetragon.KprobeTruncatedBytes) *KprobeTruncatedBytesChecker
- func (checker *KprobeTruncatedBytesChecker) GetCheckerType() string
- func (checker *KprobeTruncatedBytesChecker) WithBytesArg(check *bytesmatcher.BytesMatcher) *KprobeTruncatedBytesChecker
- func (checker *KprobeTruncatedBytesChecker) WithOrigSize(check uint64) *KprobeTruncatedBytesChecker
- type KprobeUserNamespaceChecker
- func (checker *KprobeUserNamespaceChecker) Check(event *tetragon.KprobeUserNamespace) error
- func (checker *KprobeUserNamespaceChecker) FromKprobeUserNamespace(event *tetragon.KprobeUserNamespace) *KprobeUserNamespaceChecker
- func (checker *KprobeUserNamespaceChecker) GetCheckerType() string
- func (checker *KprobeUserNamespaceChecker) WithGroup(check uint32) *KprobeUserNamespaceChecker
- func (checker *KprobeUserNamespaceChecker) WithLevel(check int32) *KprobeUserNamespaceChecker
- func (checker *KprobeUserNamespaceChecker) WithNs(check *NamespaceChecker) *KprobeUserNamespaceChecker
- func (checker *KprobeUserNamespaceChecker) WithOwner(check uint32) *KprobeUserNamespaceChecker
- type MultiEventChecker
- type NamespaceChecker
- func (checker *NamespaceChecker) Check(event *tetragon.Namespace) error
- func (checker *NamespaceChecker) FromNamespace(event *tetragon.Namespace) *NamespaceChecker
- func (checker *NamespaceChecker) GetCheckerType() string
- func (checker *NamespaceChecker) WithInum(check uint32) *NamespaceChecker
- func (checker *NamespaceChecker) WithIsHost(check bool) *NamespaceChecker
- type NamespacesChecker
- func (checker *NamespacesChecker) Check(event *tetragon.Namespaces) error
- func (checker *NamespacesChecker) FromNamespaces(event *tetragon.Namespaces) *NamespacesChecker
- func (checker *NamespacesChecker) GetCheckerType() string
- func (checker *NamespacesChecker) WithCgroup(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithIpc(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithMnt(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithNet(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithPid(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithPidForChildren(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithTime(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithTimeForChildren(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithUser(check *NamespaceChecker) *NamespacesChecker
- func (checker *NamespacesChecker) WithUts(check *NamespaceChecker) *NamespacesChecker
- type OrderedEventChecker
- func (checker *OrderedEventChecker) AddChecks(checks ...EventChecker)
- func (checker *OrderedEventChecker) FinalCheck(logger *logrus.Logger) error
- func (checker *OrderedEventChecker) GetChecks() []EventChecker
- func (checker *OrderedEventChecker) GetRemainingChecks() []EventChecker
- func (checker *OrderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)
- type PodChecker
- func (checker *PodChecker) Check(event *tetragon.Pod) error
- func (checker *PodChecker) FromPod(event *tetragon.Pod) *PodChecker
- func (checker *PodChecker) GetCheckerType() string
- func (checker *PodChecker) WithContainer(check *ContainerChecker) *PodChecker
- func (checker *PodChecker) WithName(check *stringmatcher.StringMatcher) *PodChecker
- func (checker *PodChecker) WithNamespace(check *stringmatcher.StringMatcher) *PodChecker
- func (checker *PodChecker) WithPodLabels(check map[string]stringmatcher.StringMatcher) *PodChecker
- func (checker *PodChecker) WithWorkload(check *stringmatcher.StringMatcher) *PodChecker
- func (checker *PodChecker) WithWorkloadKind(check *stringmatcher.StringMatcher) *PodChecker
- type ProcessChecker
- func (checker *ProcessChecker) Check(event *tetragon.Process) error
- func (checker *ProcessChecker) FromProcess(event *tetragon.Process) *ProcessChecker
- func (checker *ProcessChecker) GetCheckerType() string
- func (checker *ProcessChecker) WithArguments(check *stringmatcher.StringMatcher) *ProcessChecker
- func (checker *ProcessChecker) WithAuid(check uint32) *ProcessChecker
- func (checker *ProcessChecker) WithBinary(check *stringmatcher.StringMatcher) *ProcessChecker
- func (checker *ProcessChecker) WithBinaryProperties(check *BinaryPropertiesChecker) *ProcessChecker
- func (checker *ProcessChecker) WithCap(check *CapabilitiesChecker) *ProcessChecker
- func (checker *ProcessChecker) WithCwd(check *stringmatcher.StringMatcher) *ProcessChecker
- func (checker *ProcessChecker) WithDocker(check *stringmatcher.StringMatcher) *ProcessChecker
- func (checker *ProcessChecker) WithExecId(check *stringmatcher.StringMatcher) *ProcessChecker
- func (checker *ProcessChecker) WithFlags(check *stringmatcher.StringMatcher) *ProcessChecker
- func (checker *ProcessChecker) WithNs(check *NamespacesChecker) *ProcessChecker
- func (checker *ProcessChecker) WithParentExecId(check *stringmatcher.StringMatcher) *ProcessChecker
- func (checker *ProcessChecker) WithPid(check uint32) *ProcessChecker
- func (checker *ProcessChecker) WithPod(check *PodChecker) *ProcessChecker
- func (checker *ProcessChecker) WithProcessCredentials(check *ProcessCredentialsChecker) *ProcessChecker
- func (checker *ProcessChecker) WithRefcnt(check uint32) *ProcessChecker
- func (checker *ProcessChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ProcessChecker
- func (checker *ProcessChecker) WithTid(check uint32) *ProcessChecker
- func (checker *ProcessChecker) WithUid(check uint32) *ProcessChecker
- type ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) Check(event *tetragon.ProcessCredentials) error
- func (checker *ProcessCredentialsChecker) FromProcessCredentials(event *tetragon.ProcessCredentials) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) GetCheckerType() string
- func (checker *ProcessCredentialsChecker) WithCaps(check *CapabilitiesChecker) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithEgid(check uint32) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithEuid(check uint32) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithFsgid(check uint32) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithFsuid(check uint32) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithGid(check uint32) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithSecurebits(check *SecureBitsTypeListMatcher) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithSgid(check uint32) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithSuid(check uint32) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithUid(check uint32) *ProcessCredentialsChecker
- func (checker *ProcessCredentialsChecker) WithUserNs(check *UserNamespaceChecker) *ProcessCredentialsChecker
- type ProcessExecChecker
- func (checker *ProcessExecChecker) Check(event *tetragon.ProcessExec) error
- func (checker *ProcessExecChecker) CheckEvent(event Event) error
- func (checker *ProcessExecChecker) CheckResponse(response *tetragon.GetEventsResponse) error
- func (checker *ProcessExecChecker) FromProcessExec(event *tetragon.ProcessExec) *ProcessExecChecker
- func (checker *ProcessExecChecker) GetCheckerName() string
- func (checker *ProcessExecChecker) GetCheckerType() string
- func (checker *ProcessExecChecker) WithAncestors(check *ProcessListMatcher) *ProcessExecChecker
- func (checker *ProcessExecChecker) WithParent(check *ProcessChecker) *ProcessExecChecker
- func (checker *ProcessExecChecker) WithProcess(check *ProcessChecker) *ProcessExecChecker
- type ProcessExitChecker
- func (checker *ProcessExitChecker) Check(event *tetragon.ProcessExit) error
- func (checker *ProcessExitChecker) CheckEvent(event Event) error
- func (checker *ProcessExitChecker) CheckResponse(response *tetragon.GetEventsResponse) error
- func (checker *ProcessExitChecker) FromProcessExit(event *tetragon.ProcessExit) *ProcessExitChecker
- func (checker *ProcessExitChecker) GetCheckerName() string
- func (checker *ProcessExitChecker) GetCheckerType() string
- func (checker *ProcessExitChecker) WithParent(check *ProcessChecker) *ProcessExitChecker
- func (checker *ProcessExitChecker) WithProcess(check *ProcessChecker) *ProcessExitChecker
- func (checker *ProcessExitChecker) WithSignal(check *stringmatcher.StringMatcher) *ProcessExitChecker
- func (checker *ProcessExitChecker) WithStatus(check uint32) *ProcessExitChecker
- func (checker *ProcessExitChecker) WithTime(check *timestampmatcher.TimestampMatcher) *ProcessExitChecker
- type ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) Check(event *tetragon.ProcessKprobe) error
- func (checker *ProcessKprobeChecker) CheckEvent(event Event) error
- func (checker *ProcessKprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error
- func (checker *ProcessKprobeChecker) FromProcessKprobe(event *tetragon.ProcessKprobe) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) GetCheckerName() string
- func (checker *ProcessKprobeChecker) GetCheckerType() string
- func (checker *ProcessKprobeChecker) WithAction(check tetragon.KprobeAction) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithFunctionName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithKernelStackTrace(check *StackTraceEntryListMatcher) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithParent(check *ProcessChecker) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithProcess(check *ProcessChecker) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithReturn(check *KprobeArgumentChecker) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithReturnAction(check tetragon.KprobeAction) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithTags(check *StringListMatcher) *ProcessKprobeChecker
- func (checker *ProcessKprobeChecker) WithUserStackTrace(check *StackTraceEntryListMatcher) *ProcessKprobeChecker
- type ProcessListMatcher
- type ProcessLoaderChecker
- func (checker *ProcessLoaderChecker) Check(event *tetragon.ProcessLoader) error
- func (checker *ProcessLoaderChecker) CheckEvent(event Event) error
- func (checker *ProcessLoaderChecker) CheckResponse(response *tetragon.GetEventsResponse) error
- func (checker *ProcessLoaderChecker) FromProcessLoader(event *tetragon.ProcessLoader) *ProcessLoaderChecker
- func (checker *ProcessLoaderChecker) GetCheckerName() string
- func (checker *ProcessLoaderChecker) GetCheckerType() string
- func (checker *ProcessLoaderChecker) WithBuildid(check *bytesmatcher.BytesMatcher) *ProcessLoaderChecker
- func (checker *ProcessLoaderChecker) WithPath(check *stringmatcher.StringMatcher) *ProcessLoaderChecker
- func (checker *ProcessLoaderChecker) WithProcess(check *ProcessChecker) *ProcessLoaderChecker
- type ProcessPrivilegesChangedChecker
- type ProcessPrivilegesChangedListMatcher
- func (checker *ProcessPrivilegesChangedListMatcher) Check(values []tetragon.ProcessPrivilegesChanged) error
- func (checker *ProcessPrivilegesChangedListMatcher) WithOperator(operator listmatcher.Operator) *ProcessPrivilegesChangedListMatcher
- func (checker *ProcessPrivilegesChangedListMatcher) WithValues(values ...*ProcessPrivilegesChangedChecker) *ProcessPrivilegesChangedListMatcher
- type ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) Check(event *tetragon.ProcessTracepoint) error
- func (checker *ProcessTracepointChecker) CheckEvent(event Event) error
- func (checker *ProcessTracepointChecker) CheckResponse(response *tetragon.GetEventsResponse) error
- func (checker *ProcessTracepointChecker) FromProcessTracepoint(event *tetragon.ProcessTracepoint) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) GetCheckerName() string
- func (checker *ProcessTracepointChecker) GetCheckerType() string
- func (checker *ProcessTracepointChecker) WithAction(check tetragon.KprobeAction) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) WithEvent(check *stringmatcher.StringMatcher) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) WithParent(check *ProcessChecker) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) WithProcess(check *ProcessChecker) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) WithSubsys(check *stringmatcher.StringMatcher) *ProcessTracepointChecker
- func (checker *ProcessTracepointChecker) WithTags(check *StringListMatcher) *ProcessTracepointChecker
- type ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) Check(event *tetragon.ProcessUprobe) error
- func (checker *ProcessUprobeChecker) CheckEvent(event Event) error
- func (checker *ProcessUprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error
- func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUprobe) *ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) GetCheckerName() string
- func (checker *ProcessUprobeChecker) GetCheckerType() string
- func (checker *ProcessUprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) WithParent(check *ProcessChecker) *ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) WithPath(check *stringmatcher.StringMatcher) *ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) WithProcess(check *ProcessChecker) *ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) WithSymbol(check *stringmatcher.StringMatcher) *ProcessUprobeChecker
- func (checker *ProcessUprobeChecker) WithTags(check *StringListMatcher) *ProcessUprobeChecker
- type RateLimitInfoChecker
- func (checker *RateLimitInfoChecker) Check(event *tetragon.RateLimitInfo) error
- func (checker *RateLimitInfoChecker) CheckEvent(event Event) error
- func (checker *RateLimitInfoChecker) CheckResponse(response *tetragon.GetEventsResponse) error
- func (checker *RateLimitInfoChecker) FromRateLimitInfo(event *tetragon.RateLimitInfo) *RateLimitInfoChecker
- func (checker *RateLimitInfoChecker) GetCheckerName() string
- func (checker *RateLimitInfoChecker) GetCheckerType() string
- func (checker *RateLimitInfoChecker) WithNumberOfDroppedProcessEvents(check uint64) *RateLimitInfoChecker
- type SecureBitsTypeChecker
- type SecureBitsTypeListMatcher
- func (checker *SecureBitsTypeListMatcher) Check(values []tetragon.SecureBitsType) error
- func (checker *SecureBitsTypeListMatcher) WithOperator(operator listmatcher.Operator) *SecureBitsTypeListMatcher
- func (checker *SecureBitsTypeListMatcher) WithValues(values ...*SecureBitsTypeChecker) *SecureBitsTypeListMatcher
- type StackTraceEntryChecker
- func (checker *StackTraceEntryChecker) Check(event *tetragon.StackTraceEntry) error
- func (checker *StackTraceEntryChecker) FromStackTraceEntry(event *tetragon.StackTraceEntry) *StackTraceEntryChecker
- func (checker *StackTraceEntryChecker) GetCheckerType() string
- func (checker *StackTraceEntryChecker) WithAddress(check uint64) *StackTraceEntryChecker
- func (checker *StackTraceEntryChecker) WithModule(check *stringmatcher.StringMatcher) *StackTraceEntryChecker
- func (checker *StackTraceEntryChecker) WithOffset(check uint64) *StackTraceEntryChecker
- func (checker *StackTraceEntryChecker) WithSymbol(check *stringmatcher.StringMatcher) *StackTraceEntryChecker
- type StackTraceEntryListMatcher
- func (checker *StackTraceEntryListMatcher) Check(values []*tetragon.StackTraceEntry) error
- func (checker *StackTraceEntryListMatcher) WithOperator(operator listmatcher.Operator) *StackTraceEntryListMatcher
- func (checker *StackTraceEntryListMatcher) WithValues(values ...*StackTraceEntryChecker) *StackTraceEntryListMatcher
- type StringListMatcher
- type TaintedBitsTypeChecker
- type TaintedBitsTypeListMatcher
- func (checker *TaintedBitsTypeListMatcher) Check(values []tetragon.TaintedBitsType) error
- func (checker *TaintedBitsTypeListMatcher) WithOperator(operator listmatcher.Operator) *TaintedBitsTypeListMatcher
- func (checker *TaintedBitsTypeListMatcher) WithValues(values ...*TaintedBitsTypeChecker) *TaintedBitsTypeListMatcher
- type TestChecker
- func (checker *TestChecker) Check(event *tetragon.Test) error
- func (checker *TestChecker) CheckEvent(event Event) error
- func (checker *TestChecker) CheckResponse(response *tetragon.GetEventsResponse) error
- func (checker *TestChecker) FromTest(event *tetragon.Test) *TestChecker
- func (checker *TestChecker) GetCheckerName() string
- func (checker *TestChecker) GetCheckerType() string
- func (checker *TestChecker) WithArg0(check uint64) *TestChecker
- func (checker *TestChecker) WithArg1(check uint64) *TestChecker
- func (checker *TestChecker) WithArg2(check uint64) *TestChecker
- func (checker *TestChecker) WithArg3(check uint64) *TestChecker
- type UnorderedEventChecker
- func (checker *UnorderedEventChecker) AddChecks(checks ...EventChecker)
- func (checker *UnorderedEventChecker) FinalCheck(logger *logrus.Logger) error
- func (checker *UnorderedEventChecker) GetChecks() []EventChecker
- func (checker *UnorderedEventChecker) GetRemainingChecks() []EventChecker
- func (checker *UnorderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)
- type UserNamespaceChecker
- func (checker *UserNamespaceChecker) Check(event *tetragon.UserNamespace) error
- func (checker *UserNamespaceChecker) FromUserNamespace(event *tetragon.UserNamespace) *UserNamespaceChecker
- func (checker *UserNamespaceChecker) GetCheckerType() string
- func (checker *UserNamespaceChecker) WithGid(check uint32) *UserNamespaceChecker
- func (checker *UserNamespaceChecker) WithLevel(check int32) *UserNamespaceChecker
- func (checker *UserNamespaceChecker) WithNs(check *NamespaceChecker) *UserNamespaceChecker
- func (checker *UserNamespaceChecker) WithUid(check uint32) *UserNamespaceChecker
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckerLogPrefix ¶
CheckerLogPrefix is a helper that outputs the log prefix for an event checker, which is a combination of the checker type and the checker name if applicable.
func NextResponseCheck ¶
func NextResponseCheck(c MultiEventChecker, res *tetragon.GetEventsResponse, l *logrus.Logger) (bool, error)
NextResponseCheck checks the next response
Types ¶
type BinaryPropertiesChecker ¶
type BinaryPropertiesChecker struct { Setuid *uint32 `json:"setuid,omitempty"` Setgid *uint32 `json:"setgid,omitempty"` PrivilegesChanged *ProcessPrivilegesChangedListMatcher `json:"privilegesChanged,omitempty"` File *FilePropertiesChecker `json:"file,omitempty"` }
BinaryPropertiesChecker implements a checker struct to check a BinaryProperties field
func NewBinaryPropertiesChecker ¶
func NewBinaryPropertiesChecker() *BinaryPropertiesChecker
NewBinaryPropertiesChecker creates a new BinaryPropertiesChecker
func (*BinaryPropertiesChecker) Check ¶
func (checker *BinaryPropertiesChecker) Check(event *tetragon.BinaryProperties) error
Check checks a BinaryProperties field
func (*BinaryPropertiesChecker) FromBinaryProperties ¶
func (checker *BinaryPropertiesChecker) FromBinaryProperties(event *tetragon.BinaryProperties) *BinaryPropertiesChecker
FromBinaryProperties populates the BinaryPropertiesChecker using data from a BinaryProperties field
func (*BinaryPropertiesChecker) GetCheckerType ¶
func (checker *BinaryPropertiesChecker) GetCheckerType() string
Get the type of the checker as a string
func (*BinaryPropertiesChecker) WithFile ¶
func (checker *BinaryPropertiesChecker) WithFile(check *FilePropertiesChecker) *BinaryPropertiesChecker
WithFile adds a File check to the BinaryPropertiesChecker
func (*BinaryPropertiesChecker) WithPrivilegesChanged ¶
func (checker *BinaryPropertiesChecker) WithPrivilegesChanged(check *ProcessPrivilegesChangedListMatcher) *BinaryPropertiesChecker
WithPrivilegesChanged adds a PrivilegesChanged check to the BinaryPropertiesChecker
func (*BinaryPropertiesChecker) WithSetgid ¶
func (checker *BinaryPropertiesChecker) WithSetgid(check uint32) *BinaryPropertiesChecker
WithSetgid adds a Setgid check to the BinaryPropertiesChecker
func (*BinaryPropertiesChecker) WithSetuid ¶
func (checker *BinaryPropertiesChecker) WithSetuid(check uint32) *BinaryPropertiesChecker
WithSetuid adds a Setuid check to the BinaryPropertiesChecker
type CapabilitiesChecker ¶
type CapabilitiesChecker struct { Permitted *CapabilitiesTypeListMatcher `json:"permitted,omitempty"` Effective *CapabilitiesTypeListMatcher `json:"effective,omitempty"` Inheritable *CapabilitiesTypeListMatcher `json:"inheritable,omitempty"` }
CapabilitiesChecker implements a checker struct to check a Capabilities field
func NewCapabilitiesChecker ¶
func NewCapabilitiesChecker() *CapabilitiesChecker
NewCapabilitiesChecker creates a new CapabilitiesChecker
func (*CapabilitiesChecker) Check ¶
func (checker *CapabilitiesChecker) Check(event *tetragon.Capabilities) error
Check checks a Capabilities field
func (*CapabilitiesChecker) FromCapabilities ¶
func (checker *CapabilitiesChecker) FromCapabilities(event *tetragon.Capabilities) *CapabilitiesChecker
FromCapabilities populates the CapabilitiesChecker using data from a Capabilities field
func (*CapabilitiesChecker) GetCheckerType ¶
func (checker *CapabilitiesChecker) GetCheckerType() string
Get the type of the checker as a string
func (*CapabilitiesChecker) WithEffective ¶
func (checker *CapabilitiesChecker) WithEffective(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker
WithEffective adds a Effective check to the CapabilitiesChecker
func (*CapabilitiesChecker) WithInheritable ¶
func (checker *CapabilitiesChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker
WithInheritable adds a Inheritable check to the CapabilitiesChecker
func (*CapabilitiesChecker) WithPermitted ¶
func (checker *CapabilitiesChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *CapabilitiesChecker
WithPermitted adds a Permitted check to the CapabilitiesChecker
type CapabilitiesTypeChecker ¶
type CapabilitiesTypeChecker tetragon.CapabilitiesType
CapabilitiesTypeChecker checks a tetragon.CapabilitiesType
func NewCapabilitiesTypeChecker ¶
func NewCapabilitiesTypeChecker(val tetragon.CapabilitiesType) *CapabilitiesTypeChecker
NewCapabilitiesTypeChecker creates a new CapabilitiesTypeChecker
func (*CapabilitiesTypeChecker) Check ¶
func (enum *CapabilitiesTypeChecker) Check(val *tetragon.CapabilitiesType) error
Check checks a CapabilitiesType against the checker
func (CapabilitiesTypeChecker) MarshalJSON ¶
func (enum CapabilitiesTypeChecker) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler interface
func (*CapabilitiesTypeChecker) UnmarshalJSON ¶
func (enum *CapabilitiesTypeChecker) UnmarshalJSON(b []byte) error
UnmarshalJSON implements json.Unmarshaler interface
type CapabilitiesTypeListMatcher ¶
type CapabilitiesTypeListMatcher struct { Operator listmatcher.Operator `json:"operator"` Values []*CapabilitiesTypeChecker `json:"values"` }
CapabilitiesTypeListMatcher checks a list of tetragon.CapabilitiesType fields
func NewCapabilitiesTypeListMatcher ¶
func NewCapabilitiesTypeListMatcher() *CapabilitiesTypeListMatcher
NewCapabilitiesTypeListMatcher creates a new CapabilitiesTypeListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()
func (*CapabilitiesTypeListMatcher) Check ¶
func (checker *CapabilitiesTypeListMatcher) Check(values []tetragon.CapabilitiesType) error
Check checks a list of tetragon.CapabilitiesType fields
func (*CapabilitiesTypeListMatcher) WithOperator ¶
func (checker *CapabilitiesTypeListMatcher) WithOperator(operator listmatcher.Operator) *CapabilitiesTypeListMatcher
WithOperator sets the match kind for the CapabilitiesTypeListMatcher
func (*CapabilitiesTypeListMatcher) WithValues ¶
func (checker *CapabilitiesTypeListMatcher) WithValues(values ...*CapabilitiesTypeChecker) *CapabilitiesTypeListMatcher
WithValues sets the checkers that the CapabilitiesTypeListMatcher should use
type ContainerChecker ¶
type ContainerChecker struct { Id *stringmatcher.StringMatcher `json:"id,omitempty"` Name *stringmatcher.StringMatcher `json:"name,omitempty"` Image *ImageChecker `json:"image,omitempty"` StartTime *timestampmatcher.TimestampMatcher `json:"startTime,omitempty"` Pid *uint32 `json:"pid,omitempty"` MaybeExecProbe *bool `json:"maybeExecProbe,omitempty"` }
ContainerChecker implements a checker struct to check a Container field
func NewContainerChecker ¶
func NewContainerChecker() *ContainerChecker
NewContainerChecker creates a new ContainerChecker
func (*ContainerChecker) Check ¶
func (checker *ContainerChecker) Check(event *tetragon.Container) error
Check checks a Container field
func (*ContainerChecker) FromContainer ¶
func (checker *ContainerChecker) FromContainer(event *tetragon.Container) *ContainerChecker
FromContainer populates the ContainerChecker using data from a Container field
func (*ContainerChecker) GetCheckerType ¶
func (checker *ContainerChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ContainerChecker) WithId ¶
func (checker *ContainerChecker) WithId(check *stringmatcher.StringMatcher) *ContainerChecker
WithId adds a Id check to the ContainerChecker
func (*ContainerChecker) WithImage ¶
func (checker *ContainerChecker) WithImage(check *ImageChecker) *ContainerChecker
WithImage adds a Image check to the ContainerChecker
func (*ContainerChecker) WithMaybeExecProbe ¶
func (checker *ContainerChecker) WithMaybeExecProbe(check bool) *ContainerChecker
WithMaybeExecProbe adds a MaybeExecProbe check to the ContainerChecker
func (*ContainerChecker) WithName ¶
func (checker *ContainerChecker) WithName(check *stringmatcher.StringMatcher) *ContainerChecker
WithName adds a Name check to the ContainerChecker
func (*ContainerChecker) WithPid ¶
func (checker *ContainerChecker) WithPid(check uint32) *ContainerChecker
WithPid adds a Pid check to the ContainerChecker
func (*ContainerChecker) WithStartTime ¶
func (checker *ContainerChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ContainerChecker
WithStartTime adds a StartTime check to the ContainerChecker
type Event ¶
Event is an empty interface used for events like ProcessExec, etc.
func EventFromResponse ¶
func EventFromResponse(response *tetragon.GetEventsResponse) (Event, error)
EventFromResponse coerces an event from a Tetragon gRPC response
type EventChecker ¶
type EventChecker interface { // CheckEvent checks a single event CheckEvent(Event) error // CheckEvent checks a single gRPC response CheckResponse(*tetragon.GetEventsResponse) error }
EventChecker is an interface for checking a Tetragon event
func CheckerFromEvent ¶
func CheckerFromEvent(event Event) (EventChecker, error)
CheckerFromEvent converts an event into an EventChecker
func CheckerFromResponse ¶
func CheckerFromResponse(response *tetragon.GetEventsResponse) (EventChecker, error)
ResponseToChecker converts a gRPC response into an EventChecker
type FilePropertiesChecker ¶
type FilePropertiesChecker struct { Inode *InodePropertiesChecker `json:"inode,omitempty"` Path *stringmatcher.StringMatcher `json:"path,omitempty"` }
FilePropertiesChecker implements a checker struct to check a FileProperties field
func NewFilePropertiesChecker ¶
func NewFilePropertiesChecker() *FilePropertiesChecker
NewFilePropertiesChecker creates a new FilePropertiesChecker
func (*FilePropertiesChecker) Check ¶
func (checker *FilePropertiesChecker) Check(event *tetragon.FileProperties) error
Check checks a FileProperties field
func (*FilePropertiesChecker) FromFileProperties ¶
func (checker *FilePropertiesChecker) FromFileProperties(event *tetragon.FileProperties) *FilePropertiesChecker
FromFileProperties populates the FilePropertiesChecker using data from a FileProperties field
func (*FilePropertiesChecker) GetCheckerType ¶
func (checker *FilePropertiesChecker) GetCheckerType() string
Get the type of the checker as a string
func (*FilePropertiesChecker) WithInode ¶
func (checker *FilePropertiesChecker) WithInode(check *InodePropertiesChecker) *FilePropertiesChecker
WithInode adds a Inode check to the FilePropertiesChecker
func (*FilePropertiesChecker) WithPath ¶
func (checker *FilePropertiesChecker) WithPath(check *stringmatcher.StringMatcher) *FilePropertiesChecker
WithPath adds a Path check to the FilePropertiesChecker
type FnEventChecker ¶
type FnEventChecker struct { // NextCheckFn checks an event and returns a boolean value indicating // whether the checker has concluded, and an error indicating whether the // check was successful. The boolean value allows short-circuiting checks. // // Specifically: // (false, nil): this event check was successful, but need to check more events // (false, !nil): this event check not was successful, but need to check more events // (true, nil): checker was successful, no need to check more events // (true, !nil): checker failed, no need to check more events NextCheckFn func(Event, *logrus.Logger) (bool, error) // FinalCheckFn indicates that the sequence of events has ended, and asks the // checker to make a final decision. Any cleanup should also be performed here. FinalCheckFn func(*logrus.Logger) error }
FnEventChecker checks a series of events using custom-defined functions for the MultiEventChecker implementation
func (*FnEventChecker) FinalCheck ¶
func (checker *FnEventChecker) FinalCheck(logger *logrus.Logger) error
FinalCheck implements the MultiEventChecker interface
func (*FnEventChecker) NextEventCheck ¶
NextEventCheck implements the MultiEventChecker interface
type ImageChecker ¶
type ImageChecker struct { Id *stringmatcher.StringMatcher `json:"id,omitempty"` Name *stringmatcher.StringMatcher `json:"name,omitempty"` }
ImageChecker implements a checker struct to check a Image field
func NewImageChecker ¶
func NewImageChecker() *ImageChecker
NewImageChecker creates a new ImageChecker
func (*ImageChecker) Check ¶
func (checker *ImageChecker) Check(event *tetragon.Image) error
Check checks a Image field
func (*ImageChecker) FromImage ¶
func (checker *ImageChecker) FromImage(event *tetragon.Image) *ImageChecker
FromImage populates the ImageChecker using data from a Image field
func (*ImageChecker) GetCheckerType ¶
func (checker *ImageChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ImageChecker) WithId ¶
func (checker *ImageChecker) WithId(check *stringmatcher.StringMatcher) *ImageChecker
WithId adds a Id check to the ImageChecker
func (*ImageChecker) WithName ¶
func (checker *ImageChecker) WithName(check *stringmatcher.StringMatcher) *ImageChecker
WithName adds a Name check to the ImageChecker
type InodePropertiesChecker ¶
type InodePropertiesChecker struct { Number *uint64 `json:"number,omitempty"` Links *uint32 `json:"links,omitempty"` }
InodePropertiesChecker implements a checker struct to check a InodeProperties field
func NewInodePropertiesChecker ¶
func NewInodePropertiesChecker() *InodePropertiesChecker
NewInodePropertiesChecker creates a new InodePropertiesChecker
func (*InodePropertiesChecker) Check ¶
func (checker *InodePropertiesChecker) Check(event *tetragon.InodeProperties) error
Check checks a InodeProperties field
func (*InodePropertiesChecker) FromInodeProperties ¶
func (checker *InodePropertiesChecker) FromInodeProperties(event *tetragon.InodeProperties) *InodePropertiesChecker
FromInodeProperties populates the InodePropertiesChecker using data from a InodeProperties field
func (*InodePropertiesChecker) GetCheckerType ¶
func (checker *InodePropertiesChecker) GetCheckerType() string
Get the type of the checker as a string
func (*InodePropertiesChecker) WithLinks ¶
func (checker *InodePropertiesChecker) WithLinks(check uint32) *InodePropertiesChecker
WithLinks adds a Links check to the InodePropertiesChecker
func (*InodePropertiesChecker) WithNumber ¶
func (checker *InodePropertiesChecker) WithNumber(check uint64) *InodePropertiesChecker
WithNumber adds a Number check to the InodePropertiesChecker
type KernelModuleChecker ¶
type KernelModuleChecker struct { Name *stringmatcher.StringMatcher `json:"name,omitempty"` SignatureOk *bool `json:"signatureOk,omitempty"` Tainted *TaintedBitsTypeListMatcher `json:"tainted,omitempty"` }
KernelModuleChecker implements a checker struct to check a KernelModule field
func NewKernelModuleChecker ¶
func NewKernelModuleChecker() *KernelModuleChecker
NewKernelModuleChecker creates a new KernelModuleChecker
func (*KernelModuleChecker) Check ¶
func (checker *KernelModuleChecker) Check(event *tetragon.KernelModule) error
Check checks a KernelModule field
func (*KernelModuleChecker) FromKernelModule ¶
func (checker *KernelModuleChecker) FromKernelModule(event *tetragon.KernelModule) *KernelModuleChecker
FromKernelModule populates the KernelModuleChecker using data from a KernelModule field
func (*KernelModuleChecker) GetCheckerType ¶
func (checker *KernelModuleChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KernelModuleChecker) WithName ¶
func (checker *KernelModuleChecker) WithName(check *stringmatcher.StringMatcher) *KernelModuleChecker
WithName adds a Name check to the KernelModuleChecker
func (*KernelModuleChecker) WithSignatureOk ¶
func (checker *KernelModuleChecker) WithSignatureOk(check bool) *KernelModuleChecker
WithSignatureOk adds a SignatureOk check to the KernelModuleChecker
func (*KernelModuleChecker) WithTainted ¶
func (checker *KernelModuleChecker) WithTainted(check *TaintedBitsTypeListMatcher) *KernelModuleChecker
WithTainted adds a Tainted check to the KernelModuleChecker
type KprobeActionChecker ¶
type KprobeActionChecker tetragon.KprobeAction
KprobeActionChecker checks a tetragon.KprobeAction
func NewKprobeActionChecker ¶
func NewKprobeActionChecker(val tetragon.KprobeAction) *KprobeActionChecker
NewKprobeActionChecker creates a new KprobeActionChecker
func (*KprobeActionChecker) Check ¶
func (enum *KprobeActionChecker) Check(val *tetragon.KprobeAction) error
Check checks a KprobeAction against the checker
func (KprobeActionChecker) MarshalJSON ¶
func (enum KprobeActionChecker) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler interface
func (*KprobeActionChecker) UnmarshalJSON ¶
func (enum *KprobeActionChecker) UnmarshalJSON(b []byte) error
UnmarshalJSON implements json.Unmarshaler interface
type KprobeArgumentChecker ¶
type KprobeArgumentChecker struct { StringArg *stringmatcher.StringMatcher `json:"stringArg,omitempty"` IntArg *int32 `json:"intArg,omitempty"` SkbArg *KprobeSkbChecker `json:"skbArg,omitempty"` SizeArg *uint64 `json:"sizeArg,omitempty"` BytesArg *bytesmatcher.BytesMatcher `json:"bytesArg,omitempty"` PathArg *KprobePathChecker `json:"pathArg,omitempty"` FileArg *KprobeFileChecker `json:"fileArg,omitempty"` TruncatedBytesArg *KprobeTruncatedBytesChecker `json:"truncatedBytesArg,omitempty"` SockArg *KprobeSockChecker `json:"sockArg,omitempty"` CredArg *KprobeCredChecker `json:"credArg,omitempty"` LongArg *int64 `json:"longArg,omitempty"` BpfAttrArg *KprobeBpfAttrChecker `json:"bpfAttrArg,omitempty"` PerfEventArg *KprobePerfEventChecker `json:"perfEventArg,omitempty"` BpfMapArg *KprobeBpfMapChecker `json:"bpfMapArg,omitempty"` UintArg *uint32 `json:"uintArg,omitempty"` UserNamespaceArg *KprobeUserNamespaceChecker `json:"userNamespaceArg,omitempty"` CapabilityArg *KprobeCapabilityChecker `json:"capabilityArg,omitempty"` ProcessCredentialsArg *ProcessCredentialsChecker `json:"processCredentialsArg,omitempty"` UserNsArg *UserNamespaceChecker `json:"userNsArg,omitempty"` ModuleArg *KernelModuleChecker `json:"moduleArg,omitempty"` KernelCapTArg *stringmatcher.StringMatcher `json:"kernelCapTArg,omitempty"` CapInheritableArg *stringmatcher.StringMatcher `json:"capInheritableArg,omitempty"` CapPermittedArg *stringmatcher.StringMatcher `json:"capPermittedArg,omitempty"` CapEffectiveArg *stringmatcher.StringMatcher `json:"capEffectiveArg,omitempty"` LinuxBinprmArg *KprobeLinuxBinprmChecker `json:"linuxBinprmArg,omitempty"` NetDevArg *KprobeNetDevChecker `json:"netDevArg,omitempty"` Label *stringmatcher.StringMatcher `json:"label,omitempty"` }
KprobeArgumentChecker implements a checker struct to check a KprobeArgument field
func NewKprobeArgumentChecker ¶
func NewKprobeArgumentChecker() *KprobeArgumentChecker
NewKprobeArgumentChecker creates a new KprobeArgumentChecker
func (*KprobeArgumentChecker) Check ¶
func (checker *KprobeArgumentChecker) Check(event *tetragon.KprobeArgument) error
Check checks a KprobeArgument field
func (*KprobeArgumentChecker) FromKprobeArgument ¶
func (checker *KprobeArgumentChecker) FromKprobeArgument(event *tetragon.KprobeArgument) *KprobeArgumentChecker
FromKprobeArgument populates the KprobeArgumentChecker using data from a KprobeArgument field
func (*KprobeArgumentChecker) GetCheckerType ¶
func (checker *KprobeArgumentChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeArgumentChecker) WithBpfAttrArg ¶
func (checker *KprobeArgumentChecker) WithBpfAttrArg(check *KprobeBpfAttrChecker) *KprobeArgumentChecker
WithBpfAttrArg adds a BpfAttrArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithBpfMapArg ¶
func (checker *KprobeArgumentChecker) WithBpfMapArg(check *KprobeBpfMapChecker) *KprobeArgumentChecker
WithBpfMapArg adds a BpfMapArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithBytesArg ¶
func (checker *KprobeArgumentChecker) WithBytesArg(check *bytesmatcher.BytesMatcher) *KprobeArgumentChecker
WithBytesArg adds a BytesArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithCapEffectiveArg ¶
func (checker *KprobeArgumentChecker) WithCapEffectiveArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
WithCapEffectiveArg adds a CapEffectiveArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithCapInheritableArg ¶
func (checker *KprobeArgumentChecker) WithCapInheritableArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
WithCapInheritableArg adds a CapInheritableArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithCapPermittedArg ¶
func (checker *KprobeArgumentChecker) WithCapPermittedArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
WithCapPermittedArg adds a CapPermittedArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithCapabilityArg ¶
func (checker *KprobeArgumentChecker) WithCapabilityArg(check *KprobeCapabilityChecker) *KprobeArgumentChecker
WithCapabilityArg adds a CapabilityArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithCredArg ¶
func (checker *KprobeArgumentChecker) WithCredArg(check *KprobeCredChecker) *KprobeArgumentChecker
WithCredArg adds a CredArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithFileArg ¶
func (checker *KprobeArgumentChecker) WithFileArg(check *KprobeFileChecker) *KprobeArgumentChecker
WithFileArg adds a FileArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithIntArg ¶
func (checker *KprobeArgumentChecker) WithIntArg(check int32) *KprobeArgumentChecker
WithIntArg adds a IntArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithKernelCapTArg ¶
func (checker *KprobeArgumentChecker) WithKernelCapTArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
WithKernelCapTArg adds a KernelCapTArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithLabel ¶
func (checker *KprobeArgumentChecker) WithLabel(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
WithLabel adds a Label check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithLinuxBinprmArg ¶
func (checker *KprobeArgumentChecker) WithLinuxBinprmArg(check *KprobeLinuxBinprmChecker) *KprobeArgumentChecker
WithLinuxBinprmArg adds a LinuxBinprmArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithLongArg ¶
func (checker *KprobeArgumentChecker) WithLongArg(check int64) *KprobeArgumentChecker
WithLongArg adds a LongArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithModuleArg ¶
func (checker *KprobeArgumentChecker) WithModuleArg(check *KernelModuleChecker) *KprobeArgumentChecker
WithModuleArg adds a ModuleArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithNetDevArg ¶
func (checker *KprobeArgumentChecker) WithNetDevArg(check *KprobeNetDevChecker) *KprobeArgumentChecker
WithNetDevArg adds a NetDevArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithPathArg ¶
func (checker *KprobeArgumentChecker) WithPathArg(check *KprobePathChecker) *KprobeArgumentChecker
WithPathArg adds a PathArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithPerfEventArg ¶
func (checker *KprobeArgumentChecker) WithPerfEventArg(check *KprobePerfEventChecker) *KprobeArgumentChecker
WithPerfEventArg adds a PerfEventArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithProcessCredentialsArg ¶
func (checker *KprobeArgumentChecker) WithProcessCredentialsArg(check *ProcessCredentialsChecker) *KprobeArgumentChecker
WithProcessCredentialsArg adds a ProcessCredentialsArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithSizeArg ¶
func (checker *KprobeArgumentChecker) WithSizeArg(check uint64) *KprobeArgumentChecker
WithSizeArg adds a SizeArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithSkbArg ¶
func (checker *KprobeArgumentChecker) WithSkbArg(check *KprobeSkbChecker) *KprobeArgumentChecker
WithSkbArg adds a SkbArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithSockArg ¶
func (checker *KprobeArgumentChecker) WithSockArg(check *KprobeSockChecker) *KprobeArgumentChecker
WithSockArg adds a SockArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithStringArg ¶
func (checker *KprobeArgumentChecker) WithStringArg(check *stringmatcher.StringMatcher) *KprobeArgumentChecker
WithStringArg adds a StringArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithTruncatedBytesArg ¶
func (checker *KprobeArgumentChecker) WithTruncatedBytesArg(check *KprobeTruncatedBytesChecker) *KprobeArgumentChecker
WithTruncatedBytesArg adds a TruncatedBytesArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithUintArg ¶
func (checker *KprobeArgumentChecker) WithUintArg(check uint32) *KprobeArgumentChecker
WithUintArg adds a UintArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithUserNamespaceArg ¶
func (checker *KprobeArgumentChecker) WithUserNamespaceArg(check *KprobeUserNamespaceChecker) *KprobeArgumentChecker
WithUserNamespaceArg adds a UserNamespaceArg check to the KprobeArgumentChecker
func (*KprobeArgumentChecker) WithUserNsArg ¶
func (checker *KprobeArgumentChecker) WithUserNsArg(check *UserNamespaceChecker) *KprobeArgumentChecker
WithUserNsArg adds a UserNsArg check to the KprobeArgumentChecker
type KprobeArgumentListMatcher ¶
type KprobeArgumentListMatcher struct { Operator listmatcher.Operator `json:"operator"` Values []*KprobeArgumentChecker `json:"values"` }
KprobeArgumentListMatcher checks a list of *tetragon.KprobeArgument fields
func NewKprobeArgumentListMatcher ¶
func NewKprobeArgumentListMatcher() *KprobeArgumentListMatcher
NewKprobeArgumentListMatcher creates a new KprobeArgumentListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()
func (*KprobeArgumentListMatcher) Check ¶
func (checker *KprobeArgumentListMatcher) Check(values []*tetragon.KprobeArgument) error
Check checks a list of *tetragon.KprobeArgument fields
func (*KprobeArgumentListMatcher) WithOperator ¶
func (checker *KprobeArgumentListMatcher) WithOperator(operator listmatcher.Operator) *KprobeArgumentListMatcher
WithOperator sets the match kind for the KprobeArgumentListMatcher
func (*KprobeArgumentListMatcher) WithValues ¶
func (checker *KprobeArgumentListMatcher) WithValues(values ...*KprobeArgumentChecker) *KprobeArgumentListMatcher
WithValues sets the checkers that the KprobeArgumentListMatcher should use
type KprobeBpfAttrChecker ¶
type KprobeBpfAttrChecker struct { ProgType *stringmatcher.StringMatcher `json:"ProgType,omitempty"` InsnCnt *uint32 `json:"InsnCnt,omitempty"` ProgName *stringmatcher.StringMatcher `json:"ProgName,omitempty"` }
KprobeBpfAttrChecker implements a checker struct to check a KprobeBpfAttr field
func NewKprobeBpfAttrChecker ¶
func NewKprobeBpfAttrChecker() *KprobeBpfAttrChecker
NewKprobeBpfAttrChecker creates a new KprobeBpfAttrChecker
func (*KprobeBpfAttrChecker) Check ¶
func (checker *KprobeBpfAttrChecker) Check(event *tetragon.KprobeBpfAttr) error
Check checks a KprobeBpfAttr field
func (*KprobeBpfAttrChecker) FromKprobeBpfAttr ¶
func (checker *KprobeBpfAttrChecker) FromKprobeBpfAttr(event *tetragon.KprobeBpfAttr) *KprobeBpfAttrChecker
FromKprobeBpfAttr populates the KprobeBpfAttrChecker using data from a KprobeBpfAttr field
func (*KprobeBpfAttrChecker) GetCheckerType ¶
func (checker *KprobeBpfAttrChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeBpfAttrChecker) WithInsnCnt ¶
func (checker *KprobeBpfAttrChecker) WithInsnCnt(check uint32) *KprobeBpfAttrChecker
WithInsnCnt adds a InsnCnt check to the KprobeBpfAttrChecker
func (*KprobeBpfAttrChecker) WithProgName ¶
func (checker *KprobeBpfAttrChecker) WithProgName(check *stringmatcher.StringMatcher) *KprobeBpfAttrChecker
WithProgName adds a ProgName check to the KprobeBpfAttrChecker
func (*KprobeBpfAttrChecker) WithProgType ¶
func (checker *KprobeBpfAttrChecker) WithProgType(check *stringmatcher.StringMatcher) *KprobeBpfAttrChecker
WithProgType adds a ProgType check to the KprobeBpfAttrChecker
type KprobeBpfMapChecker ¶
type KprobeBpfMapChecker struct { MapType *stringmatcher.StringMatcher `json:"MapType,omitempty"` KeySize *uint32 `json:"KeySize,omitempty"` ValueSize *uint32 `json:"ValueSize,omitempty"` MaxEntries *uint32 `json:"MaxEntries,omitempty"` MapName *stringmatcher.StringMatcher `json:"MapName,omitempty"` }
KprobeBpfMapChecker implements a checker struct to check a KprobeBpfMap field
func NewKprobeBpfMapChecker ¶
func NewKprobeBpfMapChecker() *KprobeBpfMapChecker
NewKprobeBpfMapChecker creates a new KprobeBpfMapChecker
func (*KprobeBpfMapChecker) Check ¶
func (checker *KprobeBpfMapChecker) Check(event *tetragon.KprobeBpfMap) error
Check checks a KprobeBpfMap field
func (*KprobeBpfMapChecker) FromKprobeBpfMap ¶
func (checker *KprobeBpfMapChecker) FromKprobeBpfMap(event *tetragon.KprobeBpfMap) *KprobeBpfMapChecker
FromKprobeBpfMap populates the KprobeBpfMapChecker using data from a KprobeBpfMap field
func (*KprobeBpfMapChecker) GetCheckerType ¶
func (checker *KprobeBpfMapChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeBpfMapChecker) WithKeySize ¶
func (checker *KprobeBpfMapChecker) WithKeySize(check uint32) *KprobeBpfMapChecker
WithKeySize adds a KeySize check to the KprobeBpfMapChecker
func (*KprobeBpfMapChecker) WithMapName ¶
func (checker *KprobeBpfMapChecker) WithMapName(check *stringmatcher.StringMatcher) *KprobeBpfMapChecker
WithMapName adds a MapName check to the KprobeBpfMapChecker
func (*KprobeBpfMapChecker) WithMapType ¶
func (checker *KprobeBpfMapChecker) WithMapType(check *stringmatcher.StringMatcher) *KprobeBpfMapChecker
WithMapType adds a MapType check to the KprobeBpfMapChecker
func (*KprobeBpfMapChecker) WithMaxEntries ¶
func (checker *KprobeBpfMapChecker) WithMaxEntries(check uint32) *KprobeBpfMapChecker
WithMaxEntries adds a MaxEntries check to the KprobeBpfMapChecker
func (*KprobeBpfMapChecker) WithValueSize ¶
func (checker *KprobeBpfMapChecker) WithValueSize(check uint32) *KprobeBpfMapChecker
WithValueSize adds a ValueSize check to the KprobeBpfMapChecker
type KprobeCapabilityChecker ¶
type KprobeCapabilityChecker struct { Value *int32 `json:"value,omitempty"` Name *stringmatcher.StringMatcher `json:"name,omitempty"` }
KprobeCapabilityChecker implements a checker struct to check a KprobeCapability field
func NewKprobeCapabilityChecker ¶
func NewKprobeCapabilityChecker() *KprobeCapabilityChecker
NewKprobeCapabilityChecker creates a new KprobeCapabilityChecker
func (*KprobeCapabilityChecker) Check ¶
func (checker *KprobeCapabilityChecker) Check(event *tetragon.KprobeCapability) error
Check checks a KprobeCapability field
func (*KprobeCapabilityChecker) FromKprobeCapability ¶
func (checker *KprobeCapabilityChecker) FromKprobeCapability(event *tetragon.KprobeCapability) *KprobeCapabilityChecker
FromKprobeCapability populates the KprobeCapabilityChecker using data from a KprobeCapability field
func (*KprobeCapabilityChecker) GetCheckerType ¶
func (checker *KprobeCapabilityChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeCapabilityChecker) WithName ¶
func (checker *KprobeCapabilityChecker) WithName(check *stringmatcher.StringMatcher) *KprobeCapabilityChecker
WithName adds a Name check to the KprobeCapabilityChecker
func (*KprobeCapabilityChecker) WithValue ¶
func (checker *KprobeCapabilityChecker) WithValue(check int32) *KprobeCapabilityChecker
WithValue adds a Value check to the KprobeCapabilityChecker
type KprobeCredChecker ¶
type KprobeCredChecker struct { Permitted *CapabilitiesTypeListMatcher `json:"permitted,omitempty"` Effective *CapabilitiesTypeListMatcher `json:"effective,omitempty"` Inheritable *CapabilitiesTypeListMatcher `json:"inheritable,omitempty"` }
KprobeCredChecker implements a checker struct to check a KprobeCred field
func NewKprobeCredChecker ¶
func NewKprobeCredChecker() *KprobeCredChecker
NewKprobeCredChecker creates a new KprobeCredChecker
func (*KprobeCredChecker) Check ¶
func (checker *KprobeCredChecker) Check(event *tetragon.KprobeCred) error
Check checks a KprobeCred field
func (*KprobeCredChecker) FromKprobeCred ¶
func (checker *KprobeCredChecker) FromKprobeCred(event *tetragon.KprobeCred) *KprobeCredChecker
FromKprobeCred populates the KprobeCredChecker using data from a KprobeCred field
func (*KprobeCredChecker) GetCheckerType ¶
func (checker *KprobeCredChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeCredChecker) WithEffective ¶
func (checker *KprobeCredChecker) WithEffective(check *CapabilitiesTypeListMatcher) *KprobeCredChecker
WithEffective adds a Effective check to the KprobeCredChecker
func (*KprobeCredChecker) WithInheritable ¶
func (checker *KprobeCredChecker) WithInheritable(check *CapabilitiesTypeListMatcher) *KprobeCredChecker
WithInheritable adds a Inheritable check to the KprobeCredChecker
func (*KprobeCredChecker) WithPermitted ¶
func (checker *KprobeCredChecker) WithPermitted(check *CapabilitiesTypeListMatcher) *KprobeCredChecker
WithPermitted adds a Permitted check to the KprobeCredChecker
type KprobeFileChecker ¶
type KprobeFileChecker struct { Mount *stringmatcher.StringMatcher `json:"mount,omitempty"` Path *stringmatcher.StringMatcher `json:"path,omitempty"` Flags *stringmatcher.StringMatcher `json:"flags,omitempty"` Permission *stringmatcher.StringMatcher `json:"permission,omitempty"` }
KprobeFileChecker implements a checker struct to check a KprobeFile field
func NewKprobeFileChecker ¶
func NewKprobeFileChecker() *KprobeFileChecker
NewKprobeFileChecker creates a new KprobeFileChecker
func (*KprobeFileChecker) Check ¶
func (checker *KprobeFileChecker) Check(event *tetragon.KprobeFile) error
Check checks a KprobeFile field
func (*KprobeFileChecker) FromKprobeFile ¶
func (checker *KprobeFileChecker) FromKprobeFile(event *tetragon.KprobeFile) *KprobeFileChecker
FromKprobeFile populates the KprobeFileChecker using data from a KprobeFile field
func (*KprobeFileChecker) GetCheckerType ¶
func (checker *KprobeFileChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeFileChecker) WithFlags ¶
func (checker *KprobeFileChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeFileChecker
WithFlags adds a Flags check to the KprobeFileChecker
func (*KprobeFileChecker) WithMount ¶
func (checker *KprobeFileChecker) WithMount(check *stringmatcher.StringMatcher) *KprobeFileChecker
WithMount adds a Mount check to the KprobeFileChecker
func (*KprobeFileChecker) WithPath ¶
func (checker *KprobeFileChecker) WithPath(check *stringmatcher.StringMatcher) *KprobeFileChecker
WithPath adds a Path check to the KprobeFileChecker
func (*KprobeFileChecker) WithPermission ¶
func (checker *KprobeFileChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobeFileChecker
WithPermission adds a Permission check to the KprobeFileChecker
type KprobeLinuxBinprmChecker ¶
type KprobeLinuxBinprmChecker struct { Path *stringmatcher.StringMatcher `json:"path,omitempty"` Flags *stringmatcher.StringMatcher `json:"flags,omitempty"` Permission *stringmatcher.StringMatcher `json:"permission,omitempty"` }
KprobeLinuxBinprmChecker implements a checker struct to check a KprobeLinuxBinprm field
func NewKprobeLinuxBinprmChecker ¶
func NewKprobeLinuxBinprmChecker() *KprobeLinuxBinprmChecker
NewKprobeLinuxBinprmChecker creates a new KprobeLinuxBinprmChecker
func (*KprobeLinuxBinprmChecker) Check ¶
func (checker *KprobeLinuxBinprmChecker) Check(event *tetragon.KprobeLinuxBinprm) error
Check checks a KprobeLinuxBinprm field
func (*KprobeLinuxBinprmChecker) FromKprobeLinuxBinprm ¶
func (checker *KprobeLinuxBinprmChecker) FromKprobeLinuxBinprm(event *tetragon.KprobeLinuxBinprm) *KprobeLinuxBinprmChecker
FromKprobeLinuxBinprm populates the KprobeLinuxBinprmChecker using data from a KprobeLinuxBinprm field
func (*KprobeLinuxBinprmChecker) GetCheckerType ¶
func (checker *KprobeLinuxBinprmChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeLinuxBinprmChecker) WithFlags ¶
func (checker *KprobeLinuxBinprmChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker
WithFlags adds a Flags check to the KprobeLinuxBinprmChecker
func (*KprobeLinuxBinprmChecker) WithPath ¶
func (checker *KprobeLinuxBinprmChecker) WithPath(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker
WithPath adds a Path check to the KprobeLinuxBinprmChecker
func (*KprobeLinuxBinprmChecker) WithPermission ¶
func (checker *KprobeLinuxBinprmChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobeLinuxBinprmChecker
WithPermission adds a Permission check to the KprobeLinuxBinprmChecker
type KprobeNetDevChecker ¶
type KprobeNetDevChecker struct {
Name *stringmatcher.StringMatcher `json:"name,omitempty"`
}
KprobeNetDevChecker implements a checker struct to check a KprobeNetDev field
func NewKprobeNetDevChecker ¶
func NewKprobeNetDevChecker() *KprobeNetDevChecker
NewKprobeNetDevChecker creates a new KprobeNetDevChecker
func (*KprobeNetDevChecker) Check ¶
func (checker *KprobeNetDevChecker) Check(event *tetragon.KprobeNetDev) error
Check checks a KprobeNetDev field
func (*KprobeNetDevChecker) FromKprobeNetDev ¶
func (checker *KprobeNetDevChecker) FromKprobeNetDev(event *tetragon.KprobeNetDev) *KprobeNetDevChecker
FromKprobeNetDev populates the KprobeNetDevChecker using data from a KprobeNetDev field
func (*KprobeNetDevChecker) GetCheckerType ¶
func (checker *KprobeNetDevChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeNetDevChecker) WithName ¶
func (checker *KprobeNetDevChecker) WithName(check *stringmatcher.StringMatcher) *KprobeNetDevChecker
WithName adds a Name check to the KprobeNetDevChecker
type KprobePathChecker ¶
type KprobePathChecker struct { Mount *stringmatcher.StringMatcher `json:"mount,omitempty"` Path *stringmatcher.StringMatcher `json:"path,omitempty"` Flags *stringmatcher.StringMatcher `json:"flags,omitempty"` Permission *stringmatcher.StringMatcher `json:"permission,omitempty"` }
KprobePathChecker implements a checker struct to check a KprobePath field
func NewKprobePathChecker ¶
func NewKprobePathChecker() *KprobePathChecker
NewKprobePathChecker creates a new KprobePathChecker
func (*KprobePathChecker) Check ¶
func (checker *KprobePathChecker) Check(event *tetragon.KprobePath) error
Check checks a KprobePath field
func (*KprobePathChecker) FromKprobePath ¶
func (checker *KprobePathChecker) FromKprobePath(event *tetragon.KprobePath) *KprobePathChecker
FromKprobePath populates the KprobePathChecker using data from a KprobePath field
func (*KprobePathChecker) GetCheckerType ¶
func (checker *KprobePathChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobePathChecker) WithFlags ¶
func (checker *KprobePathChecker) WithFlags(check *stringmatcher.StringMatcher) *KprobePathChecker
WithFlags adds a Flags check to the KprobePathChecker
func (*KprobePathChecker) WithMount ¶
func (checker *KprobePathChecker) WithMount(check *stringmatcher.StringMatcher) *KprobePathChecker
WithMount adds a Mount check to the KprobePathChecker
func (*KprobePathChecker) WithPath ¶
func (checker *KprobePathChecker) WithPath(check *stringmatcher.StringMatcher) *KprobePathChecker
WithPath adds a Path check to the KprobePathChecker
func (*KprobePathChecker) WithPermission ¶
func (checker *KprobePathChecker) WithPermission(check *stringmatcher.StringMatcher) *KprobePathChecker
WithPermission adds a Permission check to the KprobePathChecker
type KprobePerfEventChecker ¶
type KprobePerfEventChecker struct { KprobeFunc *stringmatcher.StringMatcher `json:"KprobeFunc,omitempty"` Type *stringmatcher.StringMatcher `json:"Type,omitempty"` Config *uint64 `json:"Config,omitempty"` ProbeOffset *uint64 `json:"ProbeOffset,omitempty"` }
KprobePerfEventChecker implements a checker struct to check a KprobePerfEvent field
func NewKprobePerfEventChecker ¶
func NewKprobePerfEventChecker() *KprobePerfEventChecker
NewKprobePerfEventChecker creates a new KprobePerfEventChecker
func (*KprobePerfEventChecker) Check ¶
func (checker *KprobePerfEventChecker) Check(event *tetragon.KprobePerfEvent) error
Check checks a KprobePerfEvent field
func (*KprobePerfEventChecker) FromKprobePerfEvent ¶
func (checker *KprobePerfEventChecker) FromKprobePerfEvent(event *tetragon.KprobePerfEvent) *KprobePerfEventChecker
FromKprobePerfEvent populates the KprobePerfEventChecker using data from a KprobePerfEvent field
func (*KprobePerfEventChecker) GetCheckerType ¶
func (checker *KprobePerfEventChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobePerfEventChecker) WithConfig ¶
func (checker *KprobePerfEventChecker) WithConfig(check uint64) *KprobePerfEventChecker
WithConfig adds a Config check to the KprobePerfEventChecker
func (*KprobePerfEventChecker) WithKprobeFunc ¶
func (checker *KprobePerfEventChecker) WithKprobeFunc(check *stringmatcher.StringMatcher) *KprobePerfEventChecker
WithKprobeFunc adds a KprobeFunc check to the KprobePerfEventChecker
func (*KprobePerfEventChecker) WithProbeOffset ¶
func (checker *KprobePerfEventChecker) WithProbeOffset(check uint64) *KprobePerfEventChecker
WithProbeOffset adds a ProbeOffset check to the KprobePerfEventChecker
func (*KprobePerfEventChecker) WithType ¶
func (checker *KprobePerfEventChecker) WithType(check *stringmatcher.StringMatcher) *KprobePerfEventChecker
WithType adds a Type check to the KprobePerfEventChecker
type KprobeSkbChecker ¶
type KprobeSkbChecker struct { Hash *uint32 `json:"hash,omitempty"` Len *uint32 `json:"len,omitempty"` Priority *uint32 `json:"priority,omitempty"` Mark *uint32 `json:"mark,omitempty"` Saddr *stringmatcher.StringMatcher `json:"saddr,omitempty"` Daddr *stringmatcher.StringMatcher `json:"daddr,omitempty"` Sport *uint32 `json:"sport,omitempty"` Dport *uint32 `json:"dport,omitempty"` Proto *uint32 `json:"proto,omitempty"` SecPathLen *uint32 `json:"secPathLen,omitempty"` SecPathOlen *uint32 `json:"secPathOlen,omitempty"` Protocol *stringmatcher.StringMatcher `json:"protocol,omitempty"` Family *stringmatcher.StringMatcher `json:"family,omitempty"` }
KprobeSkbChecker implements a checker struct to check a KprobeSkb field
func NewKprobeSkbChecker ¶
func NewKprobeSkbChecker() *KprobeSkbChecker
NewKprobeSkbChecker creates a new KprobeSkbChecker
func (*KprobeSkbChecker) Check ¶
func (checker *KprobeSkbChecker) Check(event *tetragon.KprobeSkb) error
Check checks a KprobeSkb field
func (*KprobeSkbChecker) FromKprobeSkb ¶
func (checker *KprobeSkbChecker) FromKprobeSkb(event *tetragon.KprobeSkb) *KprobeSkbChecker
FromKprobeSkb populates the KprobeSkbChecker using data from a KprobeSkb field
func (*KprobeSkbChecker) GetCheckerType ¶
func (checker *KprobeSkbChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeSkbChecker) WithDaddr ¶
func (checker *KprobeSkbChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker
WithDaddr adds a Daddr check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithDport ¶
func (checker *KprobeSkbChecker) WithDport(check uint32) *KprobeSkbChecker
WithDport adds a Dport check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithFamily ¶
func (checker *KprobeSkbChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSkbChecker
WithFamily adds a Family check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithHash ¶
func (checker *KprobeSkbChecker) WithHash(check uint32) *KprobeSkbChecker
WithHash adds a Hash check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithLen ¶
func (checker *KprobeSkbChecker) WithLen(check uint32) *KprobeSkbChecker
WithLen adds a Len check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithMark ¶
func (checker *KprobeSkbChecker) WithMark(check uint32) *KprobeSkbChecker
WithMark adds a Mark check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithPriority ¶
func (checker *KprobeSkbChecker) WithPriority(check uint32) *KprobeSkbChecker
WithPriority adds a Priority check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithProto ¶
func (checker *KprobeSkbChecker) WithProto(check uint32) *KprobeSkbChecker
WithProto adds a Proto check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithProtocol ¶
func (checker *KprobeSkbChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSkbChecker
WithProtocol adds a Protocol check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithSaddr ¶
func (checker *KprobeSkbChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSkbChecker
WithSaddr adds a Saddr check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithSecPathLen ¶
func (checker *KprobeSkbChecker) WithSecPathLen(check uint32) *KprobeSkbChecker
WithSecPathLen adds a SecPathLen check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithSecPathOlen ¶
func (checker *KprobeSkbChecker) WithSecPathOlen(check uint32) *KprobeSkbChecker
WithSecPathOlen adds a SecPathOlen check to the KprobeSkbChecker
func (*KprobeSkbChecker) WithSport ¶
func (checker *KprobeSkbChecker) WithSport(check uint32) *KprobeSkbChecker
WithSport adds a Sport check to the KprobeSkbChecker
type KprobeSockChecker ¶
type KprobeSockChecker struct { Family *stringmatcher.StringMatcher `json:"family,omitempty"` Type *stringmatcher.StringMatcher `json:"type,omitempty"` Protocol *stringmatcher.StringMatcher `json:"protocol,omitempty"` Mark *uint32 `json:"mark,omitempty"` Priority *uint32 `json:"priority,omitempty"` Saddr *stringmatcher.StringMatcher `json:"saddr,omitempty"` Daddr *stringmatcher.StringMatcher `json:"daddr,omitempty"` Sport *uint32 `json:"sport,omitempty"` Dport *uint32 `json:"dport,omitempty"` Cookie *uint64 `json:"cookie,omitempty"` State *stringmatcher.StringMatcher `json:"state,omitempty"` }
KprobeSockChecker implements a checker struct to check a KprobeSock field
func NewKprobeSockChecker ¶
func NewKprobeSockChecker() *KprobeSockChecker
NewKprobeSockChecker creates a new KprobeSockChecker
func (*KprobeSockChecker) Check ¶
func (checker *KprobeSockChecker) Check(event *tetragon.KprobeSock) error
Check checks a KprobeSock field
func (*KprobeSockChecker) FromKprobeSock ¶
func (checker *KprobeSockChecker) FromKprobeSock(event *tetragon.KprobeSock) *KprobeSockChecker
FromKprobeSock populates the KprobeSockChecker using data from a KprobeSock field
func (*KprobeSockChecker) GetCheckerType ¶
func (checker *KprobeSockChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeSockChecker) WithCookie ¶
func (checker *KprobeSockChecker) WithCookie(check uint64) *KprobeSockChecker
WithCookie adds a Cookie check to the KprobeSockChecker
func (*KprobeSockChecker) WithDaddr ¶
func (checker *KprobeSockChecker) WithDaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker
WithDaddr adds a Daddr check to the KprobeSockChecker
func (*KprobeSockChecker) WithDport ¶
func (checker *KprobeSockChecker) WithDport(check uint32) *KprobeSockChecker
WithDport adds a Dport check to the KprobeSockChecker
func (*KprobeSockChecker) WithFamily ¶
func (checker *KprobeSockChecker) WithFamily(check *stringmatcher.StringMatcher) *KprobeSockChecker
WithFamily adds a Family check to the KprobeSockChecker
func (*KprobeSockChecker) WithMark ¶
func (checker *KprobeSockChecker) WithMark(check uint32) *KprobeSockChecker
WithMark adds a Mark check to the KprobeSockChecker
func (*KprobeSockChecker) WithPriority ¶
func (checker *KprobeSockChecker) WithPriority(check uint32) *KprobeSockChecker
WithPriority adds a Priority check to the KprobeSockChecker
func (*KprobeSockChecker) WithProtocol ¶
func (checker *KprobeSockChecker) WithProtocol(check *stringmatcher.StringMatcher) *KprobeSockChecker
WithProtocol adds a Protocol check to the KprobeSockChecker
func (*KprobeSockChecker) WithSaddr ¶
func (checker *KprobeSockChecker) WithSaddr(check *stringmatcher.StringMatcher) *KprobeSockChecker
WithSaddr adds a Saddr check to the KprobeSockChecker
func (*KprobeSockChecker) WithSport ¶
func (checker *KprobeSockChecker) WithSport(check uint32) *KprobeSockChecker
WithSport adds a Sport check to the KprobeSockChecker
func (*KprobeSockChecker) WithState ¶
func (checker *KprobeSockChecker) WithState(check *stringmatcher.StringMatcher) *KprobeSockChecker
WithState adds a State check to the KprobeSockChecker
func (*KprobeSockChecker) WithType ¶
func (checker *KprobeSockChecker) WithType(check *stringmatcher.StringMatcher) *KprobeSockChecker
WithType adds a Type check to the KprobeSockChecker
type KprobeTruncatedBytesChecker ¶
type KprobeTruncatedBytesChecker struct { BytesArg *bytesmatcher.BytesMatcher `json:"bytesArg,omitempty"` OrigSize *uint64 `json:"origSize,omitempty"` }
KprobeTruncatedBytesChecker implements a checker struct to check a KprobeTruncatedBytes field
func NewKprobeTruncatedBytesChecker ¶
func NewKprobeTruncatedBytesChecker() *KprobeTruncatedBytesChecker
NewKprobeTruncatedBytesChecker creates a new KprobeTruncatedBytesChecker
func (*KprobeTruncatedBytesChecker) Check ¶
func (checker *KprobeTruncatedBytesChecker) Check(event *tetragon.KprobeTruncatedBytes) error
Check checks a KprobeTruncatedBytes field
func (*KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes ¶
func (checker *KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes(event *tetragon.KprobeTruncatedBytes) *KprobeTruncatedBytesChecker
FromKprobeTruncatedBytes populates the KprobeTruncatedBytesChecker using data from a KprobeTruncatedBytes field
func (*KprobeTruncatedBytesChecker) GetCheckerType ¶
func (checker *KprobeTruncatedBytesChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeTruncatedBytesChecker) WithBytesArg ¶
func (checker *KprobeTruncatedBytesChecker) WithBytesArg(check *bytesmatcher.BytesMatcher) *KprobeTruncatedBytesChecker
WithBytesArg adds a BytesArg check to the KprobeTruncatedBytesChecker
func (*KprobeTruncatedBytesChecker) WithOrigSize ¶
func (checker *KprobeTruncatedBytesChecker) WithOrigSize(check uint64) *KprobeTruncatedBytesChecker
WithOrigSize adds a OrigSize check to the KprobeTruncatedBytesChecker
type KprobeUserNamespaceChecker ¶
type KprobeUserNamespaceChecker struct { Level *int32 `json:"level,omitempty"` Owner *uint32 `json:"owner,omitempty"` Group *uint32 `json:"group,omitempty"` Ns *NamespaceChecker `json:"ns,omitempty"` }
KprobeUserNamespaceChecker implements a checker struct to check a KprobeUserNamespace field
func NewKprobeUserNamespaceChecker ¶
func NewKprobeUserNamespaceChecker() *KprobeUserNamespaceChecker
NewKprobeUserNamespaceChecker creates a new KprobeUserNamespaceChecker
func (*KprobeUserNamespaceChecker) Check ¶
func (checker *KprobeUserNamespaceChecker) Check(event *tetragon.KprobeUserNamespace) error
Check checks a KprobeUserNamespace field
func (*KprobeUserNamespaceChecker) FromKprobeUserNamespace ¶
func (checker *KprobeUserNamespaceChecker) FromKprobeUserNamespace(event *tetragon.KprobeUserNamespace) *KprobeUserNamespaceChecker
FromKprobeUserNamespace populates the KprobeUserNamespaceChecker using data from a KprobeUserNamespace field
func (*KprobeUserNamespaceChecker) GetCheckerType ¶
func (checker *KprobeUserNamespaceChecker) GetCheckerType() string
Get the type of the checker as a string
func (*KprobeUserNamespaceChecker) WithGroup ¶
func (checker *KprobeUserNamespaceChecker) WithGroup(check uint32) *KprobeUserNamespaceChecker
WithGroup adds a Group check to the KprobeUserNamespaceChecker
func (*KprobeUserNamespaceChecker) WithLevel ¶
func (checker *KprobeUserNamespaceChecker) WithLevel(check int32) *KprobeUserNamespaceChecker
WithLevel adds a Level check to the KprobeUserNamespaceChecker
func (*KprobeUserNamespaceChecker) WithNs ¶
func (checker *KprobeUserNamespaceChecker) WithNs(check *NamespaceChecker) *KprobeUserNamespaceChecker
WithNs adds a Ns check to the KprobeUserNamespaceChecker
func (*KprobeUserNamespaceChecker) WithOwner ¶
func (checker *KprobeUserNamespaceChecker) WithOwner(check uint32) *KprobeUserNamespaceChecker
WithOwner adds a Owner check to the KprobeUserNamespaceChecker
type MultiEventChecker ¶
type MultiEventChecker interface { // NextEventCheck checks an event and returns a boolean value indicating // whether the checker has concluded, and an error indicating whether the // check was successful. The boolean value allows short-circuiting checks. // // Specifically: // (false, nil): this event check was successful, but need to check more events // (false, !nil): this event check not was successful, but need to check more events // (true, nil): checker was successful, no need to check more events // (true, !nil): checker failed, no need to check more events NextEventCheck(Event, *logrus.Logger) (bool, error) // FinalCheck indicates that the sequence of events has ended, and // asks the checker to make a final decision. Once this function is // called, the checker is expected to return to its initial state so // that it can be reused. Hence, this function should only be called // once for each stream of events. FinalCheck(*logrus.Logger) error }
MultiEventChecker is an interface for checking multiple Tetragon events
type NamespaceChecker ¶
type NamespaceChecker struct { Inum *uint32 `json:"inum,omitempty"` IsHost *bool `json:"isHost,omitempty"` }
NamespaceChecker implements a checker struct to check a Namespace field
func NewNamespaceChecker ¶
func NewNamespaceChecker() *NamespaceChecker
NewNamespaceChecker creates a new NamespaceChecker
func (*NamespaceChecker) Check ¶
func (checker *NamespaceChecker) Check(event *tetragon.Namespace) error
Check checks a Namespace field
func (*NamespaceChecker) FromNamespace ¶
func (checker *NamespaceChecker) FromNamespace(event *tetragon.Namespace) *NamespaceChecker
FromNamespace populates the NamespaceChecker using data from a Namespace field
func (*NamespaceChecker) GetCheckerType ¶
func (checker *NamespaceChecker) GetCheckerType() string
Get the type of the checker as a string
func (*NamespaceChecker) WithInum ¶
func (checker *NamespaceChecker) WithInum(check uint32) *NamespaceChecker
WithInum adds a Inum check to the NamespaceChecker
func (*NamespaceChecker) WithIsHost ¶
func (checker *NamespaceChecker) WithIsHost(check bool) *NamespaceChecker
WithIsHost adds a IsHost check to the NamespaceChecker
type NamespacesChecker ¶
type NamespacesChecker struct { Uts *NamespaceChecker `json:"uts,omitempty"` Ipc *NamespaceChecker `json:"ipc,omitempty"` Mnt *NamespaceChecker `json:"mnt,omitempty"` Pid *NamespaceChecker `json:"pid,omitempty"` PidForChildren *NamespaceChecker `json:"pidForChildren,omitempty"` Net *NamespaceChecker `json:"net,omitempty"` Time *NamespaceChecker `json:"time,omitempty"` TimeForChildren *NamespaceChecker `json:"timeForChildren,omitempty"` Cgroup *NamespaceChecker `json:"cgroup,omitempty"` User *NamespaceChecker `json:"user,omitempty"` }
NamespacesChecker implements a checker struct to check a Namespaces field
func NewNamespacesChecker ¶
func NewNamespacesChecker() *NamespacesChecker
NewNamespacesChecker creates a new NamespacesChecker
func (*NamespacesChecker) Check ¶
func (checker *NamespacesChecker) Check(event *tetragon.Namespaces) error
Check checks a Namespaces field
func (*NamespacesChecker) FromNamespaces ¶
func (checker *NamespacesChecker) FromNamespaces(event *tetragon.Namespaces) *NamespacesChecker
FromNamespaces populates the NamespacesChecker using data from a Namespaces field
func (*NamespacesChecker) GetCheckerType ¶
func (checker *NamespacesChecker) GetCheckerType() string
Get the type of the checker as a string
func (*NamespacesChecker) WithCgroup ¶
func (checker *NamespacesChecker) WithCgroup(check *NamespaceChecker) *NamespacesChecker
WithCgroup adds a Cgroup check to the NamespacesChecker
func (*NamespacesChecker) WithIpc ¶
func (checker *NamespacesChecker) WithIpc(check *NamespaceChecker) *NamespacesChecker
WithIpc adds a Ipc check to the NamespacesChecker
func (*NamespacesChecker) WithMnt ¶
func (checker *NamespacesChecker) WithMnt(check *NamespaceChecker) *NamespacesChecker
WithMnt adds a Mnt check to the NamespacesChecker
func (*NamespacesChecker) WithNet ¶
func (checker *NamespacesChecker) WithNet(check *NamespaceChecker) *NamespacesChecker
WithNet adds a Net check to the NamespacesChecker
func (*NamespacesChecker) WithPid ¶
func (checker *NamespacesChecker) WithPid(check *NamespaceChecker) *NamespacesChecker
WithPid adds a Pid check to the NamespacesChecker
func (*NamespacesChecker) WithPidForChildren ¶
func (checker *NamespacesChecker) WithPidForChildren(check *NamespaceChecker) *NamespacesChecker
WithPidForChildren adds a PidForChildren check to the NamespacesChecker
func (*NamespacesChecker) WithTime ¶
func (checker *NamespacesChecker) WithTime(check *NamespaceChecker) *NamespacesChecker
WithTime adds a Time check to the NamespacesChecker
func (*NamespacesChecker) WithTimeForChildren ¶
func (checker *NamespacesChecker) WithTimeForChildren(check *NamespaceChecker) *NamespacesChecker
WithTimeForChildren adds a TimeForChildren check to the NamespacesChecker
func (*NamespacesChecker) WithUser ¶
func (checker *NamespacesChecker) WithUser(check *NamespaceChecker) *NamespacesChecker
WithUser adds a User check to the NamespacesChecker
func (*NamespacesChecker) WithUts ¶
func (checker *NamespacesChecker) WithUts(check *NamespaceChecker) *NamespacesChecker
WithUts adds a Uts check to the NamespacesChecker
type OrderedEventChecker ¶
type OrderedEventChecker struct {
// contains filtered or unexported fields
}
OrderedEventChecker checks a series of events in order
func NewOrderedEventChecker ¶
func NewOrderedEventChecker(checks ...EventChecker) *OrderedEventChecker
NewOrderedEventChecker creates a new OrderedEventChecker
func (*OrderedEventChecker) AddChecks ¶
func (checker *OrderedEventChecker) AddChecks(checks ...EventChecker)
AddChecks adds one or more checks to the end of this event checker
func (*OrderedEventChecker) FinalCheck ¶
func (checker *OrderedEventChecker) FinalCheck(logger *logrus.Logger) error
FinalCheck implements the MultiEventChecker interface
func (*OrderedEventChecker) GetChecks ¶
func (checker *OrderedEventChecker) GetChecks() []EventChecker
GetChecks returns this checker's list of checks
func (*OrderedEventChecker) GetRemainingChecks ¶
func (checker *OrderedEventChecker) GetRemainingChecks() []EventChecker
GetRemainingChecks returns this checker's list of remaining checks
func (*OrderedEventChecker) NextEventCheck ¶
func (checker *OrderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)
NextEventCheck implements the MultiEventChecker interface
type PodChecker ¶
type PodChecker struct { Namespace *stringmatcher.StringMatcher `json:"namespace,omitempty"` Name *stringmatcher.StringMatcher `json:"name,omitempty"` Container *ContainerChecker `json:"container,omitempty"` PodLabels map[string]stringmatcher.StringMatcher `json:"podLabels,omitempty"` Workload *stringmatcher.StringMatcher `json:"workload,omitempty"` WorkloadKind *stringmatcher.StringMatcher `json:"workloadKind,omitempty"` }
PodChecker implements a checker struct to check a Pod field
func (*PodChecker) Check ¶
func (checker *PodChecker) Check(event *tetragon.Pod) error
Check checks a Pod field
func (*PodChecker) FromPod ¶
func (checker *PodChecker) FromPod(event *tetragon.Pod) *PodChecker
FromPod populates the PodChecker using data from a Pod field
func (*PodChecker) GetCheckerType ¶
func (checker *PodChecker) GetCheckerType() string
Get the type of the checker as a string
func (*PodChecker) WithContainer ¶
func (checker *PodChecker) WithContainer(check *ContainerChecker) *PodChecker
WithContainer adds a Container check to the PodChecker
func (*PodChecker) WithName ¶
func (checker *PodChecker) WithName(check *stringmatcher.StringMatcher) *PodChecker
WithName adds a Name check to the PodChecker
func (*PodChecker) WithNamespace ¶
func (checker *PodChecker) WithNamespace(check *stringmatcher.StringMatcher) *PodChecker
WithNamespace adds a Namespace check to the PodChecker
func (*PodChecker) WithPodLabels ¶
func (checker *PodChecker) WithPodLabels(check map[string]stringmatcher.StringMatcher) *PodChecker
WithPodLabels adds a PodLabels check to the PodChecker
func (*PodChecker) WithWorkload ¶
func (checker *PodChecker) WithWorkload(check *stringmatcher.StringMatcher) *PodChecker
WithWorkload adds a Workload check to the PodChecker
func (*PodChecker) WithWorkloadKind ¶
func (checker *PodChecker) WithWorkloadKind(check *stringmatcher.StringMatcher) *PodChecker
WithWorkloadKind adds a WorkloadKind check to the PodChecker
type ProcessChecker ¶
type ProcessChecker struct { ExecId *stringmatcher.StringMatcher `json:"execId,omitempty"` Pid *uint32 `json:"pid,omitempty"` Uid *uint32 `json:"uid,omitempty"` Cwd *stringmatcher.StringMatcher `json:"cwd,omitempty"` Binary *stringmatcher.StringMatcher `json:"binary,omitempty"` Arguments *stringmatcher.StringMatcher `json:"arguments,omitempty"` Flags *stringmatcher.StringMatcher `json:"flags,omitempty"` StartTime *timestampmatcher.TimestampMatcher `json:"startTime,omitempty"` Auid *uint32 `json:"auid,omitempty"` Pod *PodChecker `json:"pod,omitempty"` Docker *stringmatcher.StringMatcher `json:"docker,omitempty"` ParentExecId *stringmatcher.StringMatcher `json:"parentExecId,omitempty"` Refcnt *uint32 `json:"refcnt,omitempty"` Cap *CapabilitiesChecker `json:"cap,omitempty"` Ns *NamespacesChecker `json:"ns,omitempty"` Tid *uint32 `json:"tid,omitempty"` ProcessCredentials *ProcessCredentialsChecker `json:"processCredentials,omitempty"` BinaryProperties *BinaryPropertiesChecker `json:"binaryProperties,omitempty"` }
ProcessChecker implements a checker struct to check a Process field
func NewProcessChecker ¶
func NewProcessChecker() *ProcessChecker
NewProcessChecker creates a new ProcessChecker
func (*ProcessChecker) Check ¶
func (checker *ProcessChecker) Check(event *tetragon.Process) error
Check checks a Process field
func (*ProcessChecker) FromProcess ¶
func (checker *ProcessChecker) FromProcess(event *tetragon.Process) *ProcessChecker
FromProcess populates the ProcessChecker using data from a Process field
func (*ProcessChecker) GetCheckerType ¶
func (checker *ProcessChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ProcessChecker) WithArguments ¶
func (checker *ProcessChecker) WithArguments(check *stringmatcher.StringMatcher) *ProcessChecker
WithArguments adds a Arguments check to the ProcessChecker
func (*ProcessChecker) WithAuid ¶
func (checker *ProcessChecker) WithAuid(check uint32) *ProcessChecker
WithAuid adds a Auid check to the ProcessChecker
func (*ProcessChecker) WithBinary ¶
func (checker *ProcessChecker) WithBinary(check *stringmatcher.StringMatcher) *ProcessChecker
WithBinary adds a Binary check to the ProcessChecker
func (*ProcessChecker) WithBinaryProperties ¶
func (checker *ProcessChecker) WithBinaryProperties(check *BinaryPropertiesChecker) *ProcessChecker
WithBinaryProperties adds a BinaryProperties check to the ProcessChecker
func (*ProcessChecker) WithCap ¶
func (checker *ProcessChecker) WithCap(check *CapabilitiesChecker) *ProcessChecker
WithCap adds a Cap check to the ProcessChecker
func (*ProcessChecker) WithCwd ¶
func (checker *ProcessChecker) WithCwd(check *stringmatcher.StringMatcher) *ProcessChecker
WithCwd adds a Cwd check to the ProcessChecker
func (*ProcessChecker) WithDocker ¶
func (checker *ProcessChecker) WithDocker(check *stringmatcher.StringMatcher) *ProcessChecker
WithDocker adds a Docker check to the ProcessChecker
func (*ProcessChecker) WithExecId ¶
func (checker *ProcessChecker) WithExecId(check *stringmatcher.StringMatcher) *ProcessChecker
WithExecId adds a ExecId check to the ProcessChecker
func (*ProcessChecker) WithFlags ¶
func (checker *ProcessChecker) WithFlags(check *stringmatcher.StringMatcher) *ProcessChecker
WithFlags adds a Flags check to the ProcessChecker
func (*ProcessChecker) WithNs ¶
func (checker *ProcessChecker) WithNs(check *NamespacesChecker) *ProcessChecker
WithNs adds a Ns check to the ProcessChecker
func (*ProcessChecker) WithParentExecId ¶
func (checker *ProcessChecker) WithParentExecId(check *stringmatcher.StringMatcher) *ProcessChecker
WithParentExecId adds a ParentExecId check to the ProcessChecker
func (*ProcessChecker) WithPid ¶
func (checker *ProcessChecker) WithPid(check uint32) *ProcessChecker
WithPid adds a Pid check to the ProcessChecker
func (*ProcessChecker) WithPod ¶
func (checker *ProcessChecker) WithPod(check *PodChecker) *ProcessChecker
WithPod adds a Pod check to the ProcessChecker
func (*ProcessChecker) WithProcessCredentials ¶
func (checker *ProcessChecker) WithProcessCredentials(check *ProcessCredentialsChecker) *ProcessChecker
WithProcessCredentials adds a ProcessCredentials check to the ProcessChecker
func (*ProcessChecker) WithRefcnt ¶
func (checker *ProcessChecker) WithRefcnt(check uint32) *ProcessChecker
WithRefcnt adds a Refcnt check to the ProcessChecker
func (*ProcessChecker) WithStartTime ¶
func (checker *ProcessChecker) WithStartTime(check *timestampmatcher.TimestampMatcher) *ProcessChecker
WithStartTime adds a StartTime check to the ProcessChecker
func (*ProcessChecker) WithTid ¶
func (checker *ProcessChecker) WithTid(check uint32) *ProcessChecker
WithTid adds a Tid check to the ProcessChecker
func (*ProcessChecker) WithUid ¶
func (checker *ProcessChecker) WithUid(check uint32) *ProcessChecker
WithUid adds a Uid check to the ProcessChecker
type ProcessCredentialsChecker ¶
type ProcessCredentialsChecker struct { Uid *uint32 `json:"uid,omitempty"` Gid *uint32 `json:"gid,omitempty"` Euid *uint32 `json:"euid,omitempty"` Egid *uint32 `json:"egid,omitempty"` Suid *uint32 `json:"suid,omitempty"` Sgid *uint32 `json:"sgid,omitempty"` Fsuid *uint32 `json:"fsuid,omitempty"` Fsgid *uint32 `json:"fsgid,omitempty"` Securebits *SecureBitsTypeListMatcher `json:"securebits,omitempty"` Caps *CapabilitiesChecker `json:"caps,omitempty"` UserNs *UserNamespaceChecker `json:"userNs,omitempty"` }
ProcessCredentialsChecker implements a checker struct to check a ProcessCredentials field
func NewProcessCredentialsChecker ¶
func NewProcessCredentialsChecker() *ProcessCredentialsChecker
NewProcessCredentialsChecker creates a new ProcessCredentialsChecker
func (*ProcessCredentialsChecker) Check ¶
func (checker *ProcessCredentialsChecker) Check(event *tetragon.ProcessCredentials) error
Check checks a ProcessCredentials field
func (*ProcessCredentialsChecker) FromProcessCredentials ¶
func (checker *ProcessCredentialsChecker) FromProcessCredentials(event *tetragon.ProcessCredentials) *ProcessCredentialsChecker
FromProcessCredentials populates the ProcessCredentialsChecker using data from a ProcessCredentials field
func (*ProcessCredentialsChecker) GetCheckerType ¶
func (checker *ProcessCredentialsChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ProcessCredentialsChecker) WithCaps ¶
func (checker *ProcessCredentialsChecker) WithCaps(check *CapabilitiesChecker) *ProcessCredentialsChecker
WithCaps adds a Caps check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithEgid ¶
func (checker *ProcessCredentialsChecker) WithEgid(check uint32) *ProcessCredentialsChecker
WithEgid adds a Egid check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithEuid ¶
func (checker *ProcessCredentialsChecker) WithEuid(check uint32) *ProcessCredentialsChecker
WithEuid adds a Euid check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithFsgid ¶
func (checker *ProcessCredentialsChecker) WithFsgid(check uint32) *ProcessCredentialsChecker
WithFsgid adds a Fsgid check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithFsuid ¶
func (checker *ProcessCredentialsChecker) WithFsuid(check uint32) *ProcessCredentialsChecker
WithFsuid adds a Fsuid check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithGid ¶
func (checker *ProcessCredentialsChecker) WithGid(check uint32) *ProcessCredentialsChecker
WithGid adds a Gid check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithSecurebits ¶
func (checker *ProcessCredentialsChecker) WithSecurebits(check *SecureBitsTypeListMatcher) *ProcessCredentialsChecker
WithSecurebits adds a Securebits check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithSgid ¶
func (checker *ProcessCredentialsChecker) WithSgid(check uint32) *ProcessCredentialsChecker
WithSgid adds a Sgid check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithSuid ¶
func (checker *ProcessCredentialsChecker) WithSuid(check uint32) *ProcessCredentialsChecker
WithSuid adds a Suid check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithUid ¶
func (checker *ProcessCredentialsChecker) WithUid(check uint32) *ProcessCredentialsChecker
WithUid adds a Uid check to the ProcessCredentialsChecker
func (*ProcessCredentialsChecker) WithUserNs ¶
func (checker *ProcessCredentialsChecker) WithUserNs(check *UserNamespaceChecker) *ProcessCredentialsChecker
WithUserNs adds a UserNs check to the ProcessCredentialsChecker
type ProcessExecChecker ¶
type ProcessExecChecker struct { CheckerName string `json:"checkerName"` Process *ProcessChecker `json:"process,omitempty"` Parent *ProcessChecker `json:"parent,omitempty"` Ancestors *ProcessListMatcher `json:"ancestors,omitempty"` }
ProcessExecChecker implements a checker struct to check a ProcessExec event
func NewProcessExecChecker ¶
func NewProcessExecChecker(name string) *ProcessExecChecker
NewProcessExecChecker creates a new ProcessExecChecker
func (*ProcessExecChecker) Check ¶
func (checker *ProcessExecChecker) Check(event *tetragon.ProcessExec) error
Check checks a ProcessExec event
func (*ProcessExecChecker) CheckEvent ¶
func (checker *ProcessExecChecker) CheckEvent(event Event) error
CheckEvent checks a single event and implements the EventChecker interface
func (*ProcessExecChecker) CheckResponse ¶
func (checker *ProcessExecChecker) CheckResponse(response *tetragon.GetEventsResponse) error
CheckResponse checks a single gRPC response and implements the EventChecker interface
func (*ProcessExecChecker) FromProcessExec ¶
func (checker *ProcessExecChecker) FromProcessExec(event *tetragon.ProcessExec) *ProcessExecChecker
FromProcessExec populates the ProcessExecChecker using data from a ProcessExec event
func (*ProcessExecChecker) GetCheckerName ¶
func (checker *ProcessExecChecker) GetCheckerName() string
Get the name associated with the checker
func (*ProcessExecChecker) GetCheckerType ¶
func (checker *ProcessExecChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ProcessExecChecker) WithAncestors ¶
func (checker *ProcessExecChecker) WithAncestors(check *ProcessListMatcher) *ProcessExecChecker
WithAncestors adds a Ancestors check to the ProcessExecChecker
func (*ProcessExecChecker) WithParent ¶
func (checker *ProcessExecChecker) WithParent(check *ProcessChecker) *ProcessExecChecker
WithParent adds a Parent check to the ProcessExecChecker
func (*ProcessExecChecker) WithProcess ¶
func (checker *ProcessExecChecker) WithProcess(check *ProcessChecker) *ProcessExecChecker
WithProcess adds a Process check to the ProcessExecChecker
type ProcessExitChecker ¶
type ProcessExitChecker struct { CheckerName string `json:"checkerName"` Process *ProcessChecker `json:"process,omitempty"` Parent *ProcessChecker `json:"parent,omitempty"` Signal *stringmatcher.StringMatcher `json:"signal,omitempty"` Status *uint32 `json:"status,omitempty"` Time *timestampmatcher.TimestampMatcher `json:"time,omitempty"` }
ProcessExitChecker implements a checker struct to check a ProcessExit event
func NewProcessExitChecker ¶
func NewProcessExitChecker(name string) *ProcessExitChecker
NewProcessExitChecker creates a new ProcessExitChecker
func (*ProcessExitChecker) Check ¶
func (checker *ProcessExitChecker) Check(event *tetragon.ProcessExit) error
Check checks a ProcessExit event
func (*ProcessExitChecker) CheckEvent ¶
func (checker *ProcessExitChecker) CheckEvent(event Event) error
CheckEvent checks a single event and implements the EventChecker interface
func (*ProcessExitChecker) CheckResponse ¶
func (checker *ProcessExitChecker) CheckResponse(response *tetragon.GetEventsResponse) error
CheckResponse checks a single gRPC response and implements the EventChecker interface
func (*ProcessExitChecker) FromProcessExit ¶
func (checker *ProcessExitChecker) FromProcessExit(event *tetragon.ProcessExit) *ProcessExitChecker
FromProcessExit populates the ProcessExitChecker using data from a ProcessExit event
func (*ProcessExitChecker) GetCheckerName ¶
func (checker *ProcessExitChecker) GetCheckerName() string
Get the name associated with the checker
func (*ProcessExitChecker) GetCheckerType ¶
func (checker *ProcessExitChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ProcessExitChecker) WithParent ¶
func (checker *ProcessExitChecker) WithParent(check *ProcessChecker) *ProcessExitChecker
WithParent adds a Parent check to the ProcessExitChecker
func (*ProcessExitChecker) WithProcess ¶
func (checker *ProcessExitChecker) WithProcess(check *ProcessChecker) *ProcessExitChecker
WithProcess adds a Process check to the ProcessExitChecker
func (*ProcessExitChecker) WithSignal ¶
func (checker *ProcessExitChecker) WithSignal(check *stringmatcher.StringMatcher) *ProcessExitChecker
WithSignal adds a Signal check to the ProcessExitChecker
func (*ProcessExitChecker) WithStatus ¶
func (checker *ProcessExitChecker) WithStatus(check uint32) *ProcessExitChecker
WithStatus adds a Status check to the ProcessExitChecker
func (*ProcessExitChecker) WithTime ¶
func (checker *ProcessExitChecker) WithTime(check *timestampmatcher.TimestampMatcher) *ProcessExitChecker
WithTime adds a Time check to the ProcessExitChecker
type ProcessKprobeChecker ¶
type ProcessKprobeChecker struct { CheckerName string `json:"checkerName"` Process *ProcessChecker `json:"process,omitempty"` Parent *ProcessChecker `json:"parent,omitempty"` FunctionName *stringmatcher.StringMatcher `json:"functionName,omitempty"` Args *KprobeArgumentListMatcher `json:"args,omitempty"` Return *KprobeArgumentChecker `json:"return,omitempty"` Action *KprobeActionChecker `json:"action,omitempty"` KernelStackTrace *StackTraceEntryListMatcher `json:"kernelStackTrace,omitempty"` PolicyName *stringmatcher.StringMatcher `json:"policyName,omitempty"` ReturnAction *KprobeActionChecker `json:"returnAction,omitempty"` Message *stringmatcher.StringMatcher `json:"message,omitempty"` Tags *StringListMatcher `json:"tags,omitempty"` UserStackTrace *StackTraceEntryListMatcher `json:"userStackTrace,omitempty"` }
ProcessKprobeChecker implements a checker struct to check a ProcessKprobe event
func NewProcessKprobeChecker ¶
func NewProcessKprobeChecker(name string) *ProcessKprobeChecker
NewProcessKprobeChecker creates a new ProcessKprobeChecker
func (*ProcessKprobeChecker) Check ¶
func (checker *ProcessKprobeChecker) Check(event *tetragon.ProcessKprobe) error
Check checks a ProcessKprobe event
func (*ProcessKprobeChecker) CheckEvent ¶
func (checker *ProcessKprobeChecker) CheckEvent(event Event) error
CheckEvent checks a single event and implements the EventChecker interface
func (*ProcessKprobeChecker) CheckResponse ¶
func (checker *ProcessKprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error
CheckResponse checks a single gRPC response and implements the EventChecker interface
func (*ProcessKprobeChecker) FromProcessKprobe ¶
func (checker *ProcessKprobeChecker) FromProcessKprobe(event *tetragon.ProcessKprobe) *ProcessKprobeChecker
FromProcessKprobe populates the ProcessKprobeChecker using data from a ProcessKprobe event
func (*ProcessKprobeChecker) GetCheckerName ¶
func (checker *ProcessKprobeChecker) GetCheckerName() string
Get the name associated with the checker
func (*ProcessKprobeChecker) GetCheckerType ¶
func (checker *ProcessKprobeChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ProcessKprobeChecker) WithAction ¶
func (checker *ProcessKprobeChecker) WithAction(check tetragon.KprobeAction) *ProcessKprobeChecker
WithAction adds a Action check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithArgs ¶
func (checker *ProcessKprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessKprobeChecker
WithArgs adds a Args check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithFunctionName ¶
func (checker *ProcessKprobeChecker) WithFunctionName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker
WithFunctionName adds a FunctionName check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithKernelStackTrace ¶
func (checker *ProcessKprobeChecker) WithKernelStackTrace(check *StackTraceEntryListMatcher) *ProcessKprobeChecker
WithKernelStackTrace adds a KernelStackTrace check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithMessage ¶
func (checker *ProcessKprobeChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessKprobeChecker
WithMessage adds a Message check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithParent ¶
func (checker *ProcessKprobeChecker) WithParent(check *ProcessChecker) *ProcessKprobeChecker
WithParent adds a Parent check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithPolicyName ¶
func (checker *ProcessKprobeChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessKprobeChecker
WithPolicyName adds a PolicyName check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithProcess ¶
func (checker *ProcessKprobeChecker) WithProcess(check *ProcessChecker) *ProcessKprobeChecker
WithProcess adds a Process check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithReturn ¶
func (checker *ProcessKprobeChecker) WithReturn(check *KprobeArgumentChecker) *ProcessKprobeChecker
WithReturn adds a Return check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithReturnAction ¶
func (checker *ProcessKprobeChecker) WithReturnAction(check tetragon.KprobeAction) *ProcessKprobeChecker
WithReturnAction adds a ReturnAction check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithTags ¶
func (checker *ProcessKprobeChecker) WithTags(check *StringListMatcher) *ProcessKprobeChecker
WithTags adds a Tags check to the ProcessKprobeChecker
func (*ProcessKprobeChecker) WithUserStackTrace ¶
func (checker *ProcessKprobeChecker) WithUserStackTrace(check *StackTraceEntryListMatcher) *ProcessKprobeChecker
WithUserStackTrace adds a UserStackTrace check to the ProcessKprobeChecker
type ProcessListMatcher ¶
type ProcessListMatcher struct { Operator listmatcher.Operator `json:"operator"` Values []*ProcessChecker `json:"values"` }
ProcessListMatcher checks a list of *tetragon.Process fields
func NewProcessListMatcher ¶
func NewProcessListMatcher() *ProcessListMatcher
NewProcessListMatcher creates a new ProcessListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()
func (*ProcessListMatcher) Check ¶
func (checker *ProcessListMatcher) Check(values []*tetragon.Process) error
Check checks a list of *tetragon.Process fields
func (*ProcessListMatcher) WithOperator ¶
func (checker *ProcessListMatcher) WithOperator(operator listmatcher.Operator) *ProcessListMatcher
WithOperator sets the match kind for the ProcessListMatcher
func (*ProcessListMatcher) WithValues ¶
func (checker *ProcessListMatcher) WithValues(values ...*ProcessChecker) *ProcessListMatcher
WithValues sets the checkers that the ProcessListMatcher should use
type ProcessLoaderChecker ¶
type ProcessLoaderChecker struct { CheckerName string `json:"checkerName"` Process *ProcessChecker `json:"process,omitempty"` Path *stringmatcher.StringMatcher `json:"path,omitempty"` Buildid *bytesmatcher.BytesMatcher `json:"buildid,omitempty"` }
ProcessLoaderChecker implements a checker struct to check a ProcessLoader event
func NewProcessLoaderChecker ¶
func NewProcessLoaderChecker(name string) *ProcessLoaderChecker
NewProcessLoaderChecker creates a new ProcessLoaderChecker
func (*ProcessLoaderChecker) Check ¶
func (checker *ProcessLoaderChecker) Check(event *tetragon.ProcessLoader) error
Check checks a ProcessLoader event
func (*ProcessLoaderChecker) CheckEvent ¶
func (checker *ProcessLoaderChecker) CheckEvent(event Event) error
CheckEvent checks a single event and implements the EventChecker interface
func (*ProcessLoaderChecker) CheckResponse ¶
func (checker *ProcessLoaderChecker) CheckResponse(response *tetragon.GetEventsResponse) error
CheckResponse checks a single gRPC response and implements the EventChecker interface
func (*ProcessLoaderChecker) FromProcessLoader ¶
func (checker *ProcessLoaderChecker) FromProcessLoader(event *tetragon.ProcessLoader) *ProcessLoaderChecker
FromProcessLoader populates the ProcessLoaderChecker using data from a ProcessLoader event
func (*ProcessLoaderChecker) GetCheckerName ¶
func (checker *ProcessLoaderChecker) GetCheckerName() string
Get the name associated with the checker
func (*ProcessLoaderChecker) GetCheckerType ¶
func (checker *ProcessLoaderChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ProcessLoaderChecker) WithBuildid ¶
func (checker *ProcessLoaderChecker) WithBuildid(check *bytesmatcher.BytesMatcher) *ProcessLoaderChecker
WithBuildid adds a Buildid check to the ProcessLoaderChecker
func (*ProcessLoaderChecker) WithPath ¶
func (checker *ProcessLoaderChecker) WithPath(check *stringmatcher.StringMatcher) *ProcessLoaderChecker
WithPath adds a Path check to the ProcessLoaderChecker
func (*ProcessLoaderChecker) WithProcess ¶
func (checker *ProcessLoaderChecker) WithProcess(check *ProcessChecker) *ProcessLoaderChecker
WithProcess adds a Process check to the ProcessLoaderChecker
type ProcessPrivilegesChangedChecker ¶
type ProcessPrivilegesChangedChecker tetragon.ProcessPrivilegesChanged
ProcessPrivilegesChangedChecker checks a tetragon.ProcessPrivilegesChanged
func NewProcessPrivilegesChangedChecker ¶
func NewProcessPrivilegesChangedChecker(val tetragon.ProcessPrivilegesChanged) *ProcessPrivilegesChangedChecker
NewProcessPrivilegesChangedChecker creates a new ProcessPrivilegesChangedChecker
func (*ProcessPrivilegesChangedChecker) Check ¶
func (enum *ProcessPrivilegesChangedChecker) Check(val *tetragon.ProcessPrivilegesChanged) error
Check checks a ProcessPrivilegesChanged against the checker
func (ProcessPrivilegesChangedChecker) MarshalJSON ¶
func (enum ProcessPrivilegesChangedChecker) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler interface
func (*ProcessPrivilegesChangedChecker) UnmarshalJSON ¶
func (enum *ProcessPrivilegesChangedChecker) UnmarshalJSON(b []byte) error
UnmarshalJSON implements json.Unmarshaler interface
type ProcessPrivilegesChangedListMatcher ¶
type ProcessPrivilegesChangedListMatcher struct { Operator listmatcher.Operator `json:"operator"` Values []*ProcessPrivilegesChangedChecker `json:"values"` }
ProcessPrivilegesChangedListMatcher checks a list of tetragon.ProcessPrivilegesChanged fields
func NewProcessPrivilegesChangedListMatcher ¶
func NewProcessPrivilegesChangedListMatcher() *ProcessPrivilegesChangedListMatcher
NewProcessPrivilegesChangedListMatcher creates a new ProcessPrivilegesChangedListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()
func (*ProcessPrivilegesChangedListMatcher) Check ¶
func (checker *ProcessPrivilegesChangedListMatcher) Check(values []tetragon.ProcessPrivilegesChanged) error
Check checks a list of tetragon.ProcessPrivilegesChanged fields
func (*ProcessPrivilegesChangedListMatcher) WithOperator ¶
func (checker *ProcessPrivilegesChangedListMatcher) WithOperator(operator listmatcher.Operator) *ProcessPrivilegesChangedListMatcher
WithOperator sets the match kind for the ProcessPrivilegesChangedListMatcher
func (*ProcessPrivilegesChangedListMatcher) WithValues ¶
func (checker *ProcessPrivilegesChangedListMatcher) WithValues(values ...*ProcessPrivilegesChangedChecker) *ProcessPrivilegesChangedListMatcher
WithValues sets the checkers that the ProcessPrivilegesChangedListMatcher should use
type ProcessTracepointChecker ¶
type ProcessTracepointChecker struct { CheckerName string `json:"checkerName"` Process *ProcessChecker `json:"process,omitempty"` Parent *ProcessChecker `json:"parent,omitempty"` Subsys *stringmatcher.StringMatcher `json:"subsys,omitempty"` Event *stringmatcher.StringMatcher `json:"event,omitempty"` Args *KprobeArgumentListMatcher `json:"args,omitempty"` PolicyName *stringmatcher.StringMatcher `json:"policyName,omitempty"` Action *KprobeActionChecker `json:"action,omitempty"` Message *stringmatcher.StringMatcher `json:"message,omitempty"` Tags *StringListMatcher `json:"tags,omitempty"` }
ProcessTracepointChecker implements a checker struct to check a ProcessTracepoint event
func NewProcessTracepointChecker ¶
func NewProcessTracepointChecker(name string) *ProcessTracepointChecker
NewProcessTracepointChecker creates a new ProcessTracepointChecker
func (*ProcessTracepointChecker) Check ¶
func (checker *ProcessTracepointChecker) Check(event *tetragon.ProcessTracepoint) error
Check checks a ProcessTracepoint event
func (*ProcessTracepointChecker) CheckEvent ¶
func (checker *ProcessTracepointChecker) CheckEvent(event Event) error
CheckEvent checks a single event and implements the EventChecker interface
func (*ProcessTracepointChecker) CheckResponse ¶
func (checker *ProcessTracepointChecker) CheckResponse(response *tetragon.GetEventsResponse) error
CheckResponse checks a single gRPC response and implements the EventChecker interface
func (*ProcessTracepointChecker) FromProcessTracepoint ¶
func (checker *ProcessTracepointChecker) FromProcessTracepoint(event *tetragon.ProcessTracepoint) *ProcessTracepointChecker
FromProcessTracepoint populates the ProcessTracepointChecker using data from a ProcessTracepoint event
func (*ProcessTracepointChecker) GetCheckerName ¶
func (checker *ProcessTracepointChecker) GetCheckerName() string
Get the name associated with the checker
func (*ProcessTracepointChecker) GetCheckerType ¶
func (checker *ProcessTracepointChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ProcessTracepointChecker) WithAction ¶
func (checker *ProcessTracepointChecker) WithAction(check tetragon.KprobeAction) *ProcessTracepointChecker
WithAction adds a Action check to the ProcessTracepointChecker
func (*ProcessTracepointChecker) WithArgs ¶
func (checker *ProcessTracepointChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessTracepointChecker
WithArgs adds a Args check to the ProcessTracepointChecker
func (*ProcessTracepointChecker) WithEvent ¶
func (checker *ProcessTracepointChecker) WithEvent(check *stringmatcher.StringMatcher) *ProcessTracepointChecker
WithEvent adds a Event check to the ProcessTracepointChecker
func (*ProcessTracepointChecker) WithMessage ¶
func (checker *ProcessTracepointChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessTracepointChecker
WithMessage adds a Message check to the ProcessTracepointChecker
func (*ProcessTracepointChecker) WithParent ¶
func (checker *ProcessTracepointChecker) WithParent(check *ProcessChecker) *ProcessTracepointChecker
WithParent adds a Parent check to the ProcessTracepointChecker
func (*ProcessTracepointChecker) WithPolicyName ¶
func (checker *ProcessTracepointChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessTracepointChecker
WithPolicyName adds a PolicyName check to the ProcessTracepointChecker
func (*ProcessTracepointChecker) WithProcess ¶
func (checker *ProcessTracepointChecker) WithProcess(check *ProcessChecker) *ProcessTracepointChecker
WithProcess adds a Process check to the ProcessTracepointChecker
func (*ProcessTracepointChecker) WithSubsys ¶
func (checker *ProcessTracepointChecker) WithSubsys(check *stringmatcher.StringMatcher) *ProcessTracepointChecker
WithSubsys adds a Subsys check to the ProcessTracepointChecker
func (*ProcessTracepointChecker) WithTags ¶
func (checker *ProcessTracepointChecker) WithTags(check *StringListMatcher) *ProcessTracepointChecker
WithTags adds a Tags check to the ProcessTracepointChecker
type ProcessUprobeChecker ¶
type ProcessUprobeChecker struct { CheckerName string `json:"checkerName"` Process *ProcessChecker `json:"process,omitempty"` Parent *ProcessChecker `json:"parent,omitempty"` Path *stringmatcher.StringMatcher `json:"path,omitempty"` Symbol *stringmatcher.StringMatcher `json:"symbol,omitempty"` PolicyName *stringmatcher.StringMatcher `json:"policyName,omitempty"` Message *stringmatcher.StringMatcher `json:"message,omitempty"` Args *KprobeArgumentListMatcher `json:"args,omitempty"` Tags *StringListMatcher `json:"tags,omitempty"` }
ProcessUprobeChecker implements a checker struct to check a ProcessUprobe event
func NewProcessUprobeChecker ¶
func NewProcessUprobeChecker(name string) *ProcessUprobeChecker
NewProcessUprobeChecker creates a new ProcessUprobeChecker
func (*ProcessUprobeChecker) Check ¶
func (checker *ProcessUprobeChecker) Check(event *tetragon.ProcessUprobe) error
Check checks a ProcessUprobe event
func (*ProcessUprobeChecker) CheckEvent ¶
func (checker *ProcessUprobeChecker) CheckEvent(event Event) error
CheckEvent checks a single event and implements the EventChecker interface
func (*ProcessUprobeChecker) CheckResponse ¶
func (checker *ProcessUprobeChecker) CheckResponse(response *tetragon.GetEventsResponse) error
CheckResponse checks a single gRPC response and implements the EventChecker interface
func (*ProcessUprobeChecker) FromProcessUprobe ¶
func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUprobe) *ProcessUprobeChecker
FromProcessUprobe populates the ProcessUprobeChecker using data from a ProcessUprobe event
func (*ProcessUprobeChecker) GetCheckerName ¶
func (checker *ProcessUprobeChecker) GetCheckerName() string
Get the name associated with the checker
func (*ProcessUprobeChecker) GetCheckerType ¶
func (checker *ProcessUprobeChecker) GetCheckerType() string
Get the type of the checker as a string
func (*ProcessUprobeChecker) WithArgs ¶
func (checker *ProcessUprobeChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessUprobeChecker
WithArgs adds a Args check to the ProcessUprobeChecker
func (*ProcessUprobeChecker) WithMessage ¶
func (checker *ProcessUprobeChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessUprobeChecker
WithMessage adds a Message check to the ProcessUprobeChecker
func (*ProcessUprobeChecker) WithParent ¶
func (checker *ProcessUprobeChecker) WithParent(check *ProcessChecker) *ProcessUprobeChecker
WithParent adds a Parent check to the ProcessUprobeChecker
func (*ProcessUprobeChecker) WithPath ¶
func (checker *ProcessUprobeChecker) WithPath(check *stringmatcher.StringMatcher) *ProcessUprobeChecker
WithPath adds a Path check to the ProcessUprobeChecker
func (*ProcessUprobeChecker) WithPolicyName ¶
func (checker *ProcessUprobeChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessUprobeChecker
WithPolicyName adds a PolicyName check to the ProcessUprobeChecker
func (*ProcessUprobeChecker) WithProcess ¶
func (checker *ProcessUprobeChecker) WithProcess(check *ProcessChecker) *ProcessUprobeChecker
WithProcess adds a Process check to the ProcessUprobeChecker
func (*ProcessUprobeChecker) WithSymbol ¶
func (checker *ProcessUprobeChecker) WithSymbol(check *stringmatcher.StringMatcher) *ProcessUprobeChecker
WithSymbol adds a Symbol check to the ProcessUprobeChecker
func (*ProcessUprobeChecker) WithTags ¶
func (checker *ProcessUprobeChecker) WithTags(check *StringListMatcher) *ProcessUprobeChecker
WithTags adds a Tags check to the ProcessUprobeChecker
type RateLimitInfoChecker ¶
type RateLimitInfoChecker struct { CheckerName string `json:"checkerName"` NumberOfDroppedProcessEvents *uint64 `json:"numberOfDroppedProcessEvents,omitempty"` }
RateLimitInfoChecker implements a checker struct to check a RateLimitInfo event
func NewRateLimitInfoChecker ¶
func NewRateLimitInfoChecker(name string) *RateLimitInfoChecker
NewRateLimitInfoChecker creates a new RateLimitInfoChecker
func (*RateLimitInfoChecker) Check ¶
func (checker *RateLimitInfoChecker) Check(event *tetragon.RateLimitInfo) error
Check checks a RateLimitInfo event
func (*RateLimitInfoChecker) CheckEvent ¶
func (checker *RateLimitInfoChecker) CheckEvent(event Event) error
CheckEvent checks a single event and implements the EventChecker interface
func (*RateLimitInfoChecker) CheckResponse ¶
func (checker *RateLimitInfoChecker) CheckResponse(response *tetragon.GetEventsResponse) error
CheckResponse checks a single gRPC response and implements the EventChecker interface
func (*RateLimitInfoChecker) FromRateLimitInfo ¶
func (checker *RateLimitInfoChecker) FromRateLimitInfo(event *tetragon.RateLimitInfo) *RateLimitInfoChecker
FromRateLimitInfo populates the RateLimitInfoChecker using data from a RateLimitInfo event
func (*RateLimitInfoChecker) GetCheckerName ¶
func (checker *RateLimitInfoChecker) GetCheckerName() string
Get the name associated with the checker
func (*RateLimitInfoChecker) GetCheckerType ¶
func (checker *RateLimitInfoChecker) GetCheckerType() string
Get the type of the checker as a string
func (*RateLimitInfoChecker) WithNumberOfDroppedProcessEvents ¶
func (checker *RateLimitInfoChecker) WithNumberOfDroppedProcessEvents(check uint64) *RateLimitInfoChecker
WithNumberOfDroppedProcessEvents adds a NumberOfDroppedProcessEvents check to the RateLimitInfoChecker
type SecureBitsTypeChecker ¶
type SecureBitsTypeChecker tetragon.SecureBitsType
SecureBitsTypeChecker checks a tetragon.SecureBitsType
func NewSecureBitsTypeChecker ¶
func NewSecureBitsTypeChecker(val tetragon.SecureBitsType) *SecureBitsTypeChecker
NewSecureBitsTypeChecker creates a new SecureBitsTypeChecker
func (*SecureBitsTypeChecker) Check ¶
func (enum *SecureBitsTypeChecker) Check(val *tetragon.SecureBitsType) error
Check checks a SecureBitsType against the checker
func (SecureBitsTypeChecker) MarshalJSON ¶
func (enum SecureBitsTypeChecker) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler interface
func (*SecureBitsTypeChecker) UnmarshalJSON ¶
func (enum *SecureBitsTypeChecker) UnmarshalJSON(b []byte) error
UnmarshalJSON implements json.Unmarshaler interface
type SecureBitsTypeListMatcher ¶
type SecureBitsTypeListMatcher struct { Operator listmatcher.Operator `json:"operator"` Values []*SecureBitsTypeChecker `json:"values"` }
SecureBitsTypeListMatcher checks a list of tetragon.SecureBitsType fields
func NewSecureBitsTypeListMatcher ¶
func NewSecureBitsTypeListMatcher() *SecureBitsTypeListMatcher
NewSecureBitsTypeListMatcher creates a new SecureBitsTypeListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()
func (*SecureBitsTypeListMatcher) Check ¶
func (checker *SecureBitsTypeListMatcher) Check(values []tetragon.SecureBitsType) error
Check checks a list of tetragon.SecureBitsType fields
func (*SecureBitsTypeListMatcher) WithOperator ¶
func (checker *SecureBitsTypeListMatcher) WithOperator(operator listmatcher.Operator) *SecureBitsTypeListMatcher
WithOperator sets the match kind for the SecureBitsTypeListMatcher
func (*SecureBitsTypeListMatcher) WithValues ¶
func (checker *SecureBitsTypeListMatcher) WithValues(values ...*SecureBitsTypeChecker) *SecureBitsTypeListMatcher
WithValues sets the checkers that the SecureBitsTypeListMatcher should use
type StackTraceEntryChecker ¶
type StackTraceEntryChecker struct { Address *uint64 `json:"address,omitempty"` Offset *uint64 `json:"offset,omitempty"` Symbol *stringmatcher.StringMatcher `json:"symbol,omitempty"` Module *stringmatcher.StringMatcher `json:"module,omitempty"` }
StackTraceEntryChecker implements a checker struct to check a StackTraceEntry field
func NewStackTraceEntryChecker ¶
func NewStackTraceEntryChecker() *StackTraceEntryChecker
NewStackTraceEntryChecker creates a new StackTraceEntryChecker
func (*StackTraceEntryChecker) Check ¶
func (checker *StackTraceEntryChecker) Check(event *tetragon.StackTraceEntry) error
Check checks a StackTraceEntry field
func (*StackTraceEntryChecker) FromStackTraceEntry ¶
func (checker *StackTraceEntryChecker) FromStackTraceEntry(event *tetragon.StackTraceEntry) *StackTraceEntryChecker
FromStackTraceEntry populates the StackTraceEntryChecker using data from a StackTraceEntry field
func (*StackTraceEntryChecker) GetCheckerType ¶
func (checker *StackTraceEntryChecker) GetCheckerType() string
Get the type of the checker as a string
func (*StackTraceEntryChecker) WithAddress ¶
func (checker *StackTraceEntryChecker) WithAddress(check uint64) *StackTraceEntryChecker
WithAddress adds a Address check to the StackTraceEntryChecker
func (*StackTraceEntryChecker) WithModule ¶
func (checker *StackTraceEntryChecker) WithModule(check *stringmatcher.StringMatcher) *StackTraceEntryChecker
WithModule adds a Module check to the StackTraceEntryChecker
func (*StackTraceEntryChecker) WithOffset ¶
func (checker *StackTraceEntryChecker) WithOffset(check uint64) *StackTraceEntryChecker
WithOffset adds a Offset check to the StackTraceEntryChecker
func (*StackTraceEntryChecker) WithSymbol ¶
func (checker *StackTraceEntryChecker) WithSymbol(check *stringmatcher.StringMatcher) *StackTraceEntryChecker
WithSymbol adds a Symbol check to the StackTraceEntryChecker
type StackTraceEntryListMatcher ¶
type StackTraceEntryListMatcher struct { Operator listmatcher.Operator `json:"operator"` Values []*StackTraceEntryChecker `json:"values"` }
StackTraceEntryListMatcher checks a list of *tetragon.StackTraceEntry fields
func NewStackTraceEntryListMatcher ¶
func NewStackTraceEntryListMatcher() *StackTraceEntryListMatcher
NewStackTraceEntryListMatcher creates a new StackTraceEntryListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()
func (*StackTraceEntryListMatcher) Check ¶
func (checker *StackTraceEntryListMatcher) Check(values []*tetragon.StackTraceEntry) error
Check checks a list of *tetragon.StackTraceEntry fields
func (*StackTraceEntryListMatcher) WithOperator ¶
func (checker *StackTraceEntryListMatcher) WithOperator(operator listmatcher.Operator) *StackTraceEntryListMatcher
WithOperator sets the match kind for the StackTraceEntryListMatcher
func (*StackTraceEntryListMatcher) WithValues ¶
func (checker *StackTraceEntryListMatcher) WithValues(values ...*StackTraceEntryChecker) *StackTraceEntryListMatcher
WithValues sets the checkers that the StackTraceEntryListMatcher should use
type StringListMatcher ¶
type StringListMatcher struct { Operator listmatcher.Operator `json:"operator"` Values []*stringmatcher.StringMatcher `json:"values"` }
StringListMatcher checks a list of string fields
func NewStringListMatcher ¶
func NewStringListMatcher() *StringListMatcher
NewStringListMatcher creates a new StringListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()
func (*StringListMatcher) Check ¶
func (checker *StringListMatcher) Check(values []string) error
Check checks a list of string fields
func (*StringListMatcher) WithOperator ¶
func (checker *StringListMatcher) WithOperator(operator listmatcher.Operator) *StringListMatcher
WithOperator sets the match kind for the StringListMatcher
func (*StringListMatcher) WithValues ¶
func (checker *StringListMatcher) WithValues(values ...*stringmatcher.StringMatcher) *StringListMatcher
WithValues sets the checkers that the StringListMatcher should use
type TaintedBitsTypeChecker ¶
type TaintedBitsTypeChecker tetragon.TaintedBitsType
TaintedBitsTypeChecker checks a tetragon.TaintedBitsType
func NewTaintedBitsTypeChecker ¶
func NewTaintedBitsTypeChecker(val tetragon.TaintedBitsType) *TaintedBitsTypeChecker
NewTaintedBitsTypeChecker creates a new TaintedBitsTypeChecker
func (*TaintedBitsTypeChecker) Check ¶
func (enum *TaintedBitsTypeChecker) Check(val *tetragon.TaintedBitsType) error
Check checks a TaintedBitsType against the checker
func (TaintedBitsTypeChecker) MarshalJSON ¶
func (enum TaintedBitsTypeChecker) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler interface
func (*TaintedBitsTypeChecker) UnmarshalJSON ¶
func (enum *TaintedBitsTypeChecker) UnmarshalJSON(b []byte) error
UnmarshalJSON implements json.Unmarshaler interface
type TaintedBitsTypeListMatcher ¶
type TaintedBitsTypeListMatcher struct { Operator listmatcher.Operator `json:"operator"` Values []*TaintedBitsTypeChecker `json:"values"` }
TaintedBitsTypeListMatcher checks a list of tetragon.TaintedBitsType fields
func NewTaintedBitsTypeListMatcher ¶
func NewTaintedBitsTypeListMatcher() *TaintedBitsTypeListMatcher
NewTaintedBitsTypeListMatcher creates a new TaintedBitsTypeListMatcher. The checker defaults to a subset checker unless otherwise specified using WithOperator()
func (*TaintedBitsTypeListMatcher) Check ¶
func (checker *TaintedBitsTypeListMatcher) Check(values []tetragon.TaintedBitsType) error
Check checks a list of tetragon.TaintedBitsType fields
func (*TaintedBitsTypeListMatcher) WithOperator ¶
func (checker *TaintedBitsTypeListMatcher) WithOperator(operator listmatcher.Operator) *TaintedBitsTypeListMatcher
WithOperator sets the match kind for the TaintedBitsTypeListMatcher
func (*TaintedBitsTypeListMatcher) WithValues ¶
func (checker *TaintedBitsTypeListMatcher) WithValues(values ...*TaintedBitsTypeChecker) *TaintedBitsTypeListMatcher
WithValues sets the checkers that the TaintedBitsTypeListMatcher should use
type TestChecker ¶
type TestChecker struct { CheckerName string `json:"checkerName"` Arg0 *uint64 `json:"arg0,omitempty"` Arg1 *uint64 `json:"arg1,omitempty"` Arg2 *uint64 `json:"arg2,omitempty"` Arg3 *uint64 `json:"arg3,omitempty"` }
TestChecker implements a checker struct to check a Test event
func NewTestChecker ¶
func NewTestChecker(name string) *TestChecker
NewTestChecker creates a new TestChecker
func (*TestChecker) Check ¶
func (checker *TestChecker) Check(event *tetragon.Test) error
Check checks a Test event
func (*TestChecker) CheckEvent ¶
func (checker *TestChecker) CheckEvent(event Event) error
CheckEvent checks a single event and implements the EventChecker interface
func (*TestChecker) CheckResponse ¶
func (checker *TestChecker) CheckResponse(response *tetragon.GetEventsResponse) error
CheckResponse checks a single gRPC response and implements the EventChecker interface
func (*TestChecker) FromTest ¶
func (checker *TestChecker) FromTest(event *tetragon.Test) *TestChecker
FromTest populates the TestChecker using data from a Test event
func (*TestChecker) GetCheckerName ¶
func (checker *TestChecker) GetCheckerName() string
Get the name associated with the checker
func (*TestChecker) GetCheckerType ¶
func (checker *TestChecker) GetCheckerType() string
Get the type of the checker as a string
func (*TestChecker) WithArg0 ¶
func (checker *TestChecker) WithArg0(check uint64) *TestChecker
WithArg0 adds a Arg0 check to the TestChecker
func (*TestChecker) WithArg1 ¶
func (checker *TestChecker) WithArg1(check uint64) *TestChecker
WithArg1 adds a Arg1 check to the TestChecker
func (*TestChecker) WithArg2 ¶
func (checker *TestChecker) WithArg2(check uint64) *TestChecker
WithArg2 adds a Arg2 check to the TestChecker
func (*TestChecker) WithArg3 ¶
func (checker *TestChecker) WithArg3(check uint64) *TestChecker
WithArg3 adds a Arg3 check to the TestChecker
type UnorderedEventChecker ¶
type UnorderedEventChecker struct {
// contains filtered or unexported fields
}
UnorderedEventChecker checks a series of events in arbitrary order
func NewUnorderedEventChecker ¶
func NewUnorderedEventChecker(checks ...EventChecker) *UnorderedEventChecker
NewUnorderedEventChecker creates a new UnorderedEventChecker
func (*UnorderedEventChecker) AddChecks ¶
func (checker *UnorderedEventChecker) AddChecks(checks ...EventChecker)
AddChecks adds one or more checks to the set of checks in this event checker
func (*UnorderedEventChecker) FinalCheck ¶
func (checker *UnorderedEventChecker) FinalCheck(logger *logrus.Logger) error
FinalCheck implements the MultiEventChecker interface
func (*UnorderedEventChecker) GetChecks ¶
func (checker *UnorderedEventChecker) GetChecks() []EventChecker
GetChecks returns this checker's list of checks
func (*UnorderedEventChecker) GetRemainingChecks ¶
func (checker *UnorderedEventChecker) GetRemainingChecks() []EventChecker
GetRemainingChecks returns this checker's list of remaining checks
func (*UnorderedEventChecker) NextEventCheck ¶
func (checker *UnorderedEventChecker) NextEventCheck(event Event, logger *logrus.Logger) (bool, error)
NextEventCheck implements the MultiEventChecker interface
type UserNamespaceChecker ¶
type UserNamespaceChecker struct { Level *int32 `json:"level,omitempty"` Uid *uint32 `json:"uid,omitempty"` Gid *uint32 `json:"gid,omitempty"` Ns *NamespaceChecker `json:"ns,omitempty"` }
UserNamespaceChecker implements a checker struct to check a UserNamespace field
func NewUserNamespaceChecker ¶
func NewUserNamespaceChecker() *UserNamespaceChecker
NewUserNamespaceChecker creates a new UserNamespaceChecker
func (*UserNamespaceChecker) Check ¶
func (checker *UserNamespaceChecker) Check(event *tetragon.UserNamespace) error
Check checks a UserNamespace field
func (*UserNamespaceChecker) FromUserNamespace ¶
func (checker *UserNamespaceChecker) FromUserNamespace(event *tetragon.UserNamespace) *UserNamespaceChecker
FromUserNamespace populates the UserNamespaceChecker using data from a UserNamespace field
func (*UserNamespaceChecker) GetCheckerType ¶
func (checker *UserNamespaceChecker) GetCheckerType() string
Get the type of the checker as a string
func (*UserNamespaceChecker) WithGid ¶
func (checker *UserNamespaceChecker) WithGid(check uint32) *UserNamespaceChecker
WithGid adds a Gid check to the UserNamespaceChecker
func (*UserNamespaceChecker) WithLevel ¶
func (checker *UserNamespaceChecker) WithLevel(check int32) *UserNamespaceChecker
WithLevel adds a Level check to the UserNamespaceChecker
func (*UserNamespaceChecker) WithNs ¶
func (checker *UserNamespaceChecker) WithNs(check *NamespaceChecker) *UserNamespaceChecker
WithNs adds a Ns check to the UserNamespaceChecker
func (*UserNamespaceChecker) WithUid ¶
func (checker *UserNamespaceChecker) WithUid(check uint32) *UserNamespaceChecker
WithUid adds a Uid check to the UserNamespaceChecker