Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[auditbeat] fim: implement kprobes backend #37796

Merged
merged 43 commits into from
Feb 14, 2024
Merged
Changes from 1 commit
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
cb01f59
feat: add helper funcs to get symbol info from /proc/kallsyms
pkoutsovasilis Jan 24, 2024
9417243
feat: introduce fixed executor that always runs funcs from the same o…
pkoutsovasilis Jan 24, 2024
bbca9e7
feat: add probe manager to handle building tracing kprobes from tk-bt…
pkoutsovasilis Jan 24, 2024
292b7b7
feat: define probe events with corresponding alloc and release funcs
pkoutsovasilis Jan 24, 2024
d585da1
feat: embed stripped btf files and add helper funcs to read them
pkoutsovasilis Jan 24, 2024
e4616c1
feat: add fsnotify, fsnotify_nameremove, fsnotify_parent and vfs_geat…
pkoutsovasilis Jan 24, 2024
625da6b
feat: implement path traverser to produce monitor events by walking a…
pkoutsovasilis Jan 24, 2024
6f35ab1
feat: implement directory entries cache
pkoutsovasilis Jan 24, 2024
31ec585
feat: implement event processor to process probe events and based on …
pkoutsovasilis Jan 24, 2024
ea61593
feat: implement event verifier that validates that the expected seque…
pkoutsovasilis Jan 24, 2024
f58e369
feat: add perfChannel to reduce tracing.PerfChannel boilerplate code …
pkoutsovasilis Jan 24, 2024
0c785ca
feat: implement monitor that ties together path traverser, perf chann…
pkoutsovasilis Jan 24, 2024
d8bf292
feat: implement probe verification at runtime and the creation of a n…
pkoutsovasilis Jan 24, 2024
097aa25
feat: implement event reader for kprobe-based file integrity module
pkoutsovasilis Jan 24, 2024
c4a9d9b
doc: update NOTICE.txt to include tk-btf license
pkoutsovasilis Jan 24, 2024
6ca359f
feat: add tests for non-recursive kprobe fim (#3)
Tacklebox Jan 31, 2024
07b927b
fix: remove existing file from cache when a move operation is overwri…
pkoutsovasilis Jan 31, 2024
045bf40
feat: introduce force_backend in for file integrity auditbeat module
pkoutsovasilis Jan 31, 2024
bd6bcfb
ci: add necessary volume mounts for kprobes backend in auditbeat dock…
pkoutsovasilis Jan 31, 2024
651b2f7
feat: add the instantiation of file integrity module with kprobes bac…
pkoutsovasilis Jan 31, 2024
d39b22f
doc: update CHANGELOG.next.asciidoc
pkoutsovasilis Jan 31, 2024
1509a1a
fix: address compilation issues for non-linux oses
pkoutsovasilis Jan 31, 2024
0469332
fix: correct folder permission for path traverser unit-test
pkoutsovasilis Jan 31, 2024
6308e8b
fix: build kprobe package and unit-tests only for linux
pkoutsovasilis Jan 31, 2024
c52743b
ci: extend test_file_integrity.py to test kprobes backend of file int…
pkoutsovasilis Jan 31, 2024
6ccd479
ci: extend TestNew in monitor to include actual file changes
pkoutsovasilis Jan 31, 2024
82a07be
ci: mark with nolint prealloc slices that can't be pre-allocated
pkoutsovasilis Feb 1, 2024
cb2b330
Merge remote-tracking branch 'beats/main' into pkoutsovasilis/kprobe_fim
pkoutsovasilis Feb 1, 2024
5c00c37
Merge remote-tracking branch 'beats/main' into pkoutsovasilis/kprobe_fim
pkoutsovasilis Feb 1, 2024
3ad318b
Merge remote-tracking branch 'beats/main' into pkoutsovasilis/kprobe_fim
pkoutsovasilis Feb 3, 2024
4650e5f
chore: inline defer funcs
pkoutsovasilis Feb 9, 2024
62ea807
fix: return the scanner error if any
pkoutsovasilis Feb 9, 2024
f1cff58
fix: remove redundant runtime os checks for linux
pkoutsovasilis Feb 9, 2024
5350596
doc: comment that dEntryCache is not thread-safe
pkoutsovasilis Feb 9, 2024
fe6453a
fix: set the appropriate verbosity of errors of watcher
pkoutsovasilis Feb 9, 2024
da84277
fix: check for scanner.Err and return err from parsing mountinfo lines
pkoutsovasilis Feb 9, 2024
c4d2edb
fix: remove redundant fim_backends list from test_file_integrity.py
pkoutsovasilis Feb 13, 2024
6cd08cb
Merge remote-tracking branch 'beats/main' into pkoutsovasilis/kprobe_fim
pkoutsovasilis Feb 13, 2024
e745e23
fix: gofumpt kprobes package
pkoutsovasilis Feb 13, 2024
4a12aa9
fix: highlight unused context in event processor
pkoutsovasilis Feb 13, 2024
d80fbf5
fix: increase interval period of wait_output as kprobes require more …
pkoutsovasilis Feb 13, 2024
bd8d23a
fix: proper formatting for auditbeat.reference.yml
pkoutsovasilis Feb 13, 2024
f1e51f4
fix: proper formatting for x-pack/auditbeat/auditbeat.reference.yml
pkoutsovasilis Feb 13, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Merge remote-tracking branch 'beats/main' into pkoutsovasilis/kprobe_fim
pkoutsovasilis committed Feb 1, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 5c00c37e178271156b1cfc00d2e1d8188f86f13f

This merge commit was added into this branch cleanly.

There are no new changes to show, but you can still view the diff.