module

package
v0.0.0-...-d2ac332 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 15, 2026 License: Apache-2.0 Imports: 63 Imported by: 0

Documentation

Overview

Package module holds module related files

Package module holds module related files

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DisableRuntimeSecurity 

func DisableRuntimeSecurity(config *config.Config)

DisableRuntimeSecurity disables all the runtime security features

func UpdateEventMonitorOpts 

func UpdateEventMonitorOpts(opts *eventmonitor.Opts, config *config.Config)

UpdateEventMonitorOpts adapt the event monitor options

Types

type APIServer 

type APIServer struct {
	api.UnimplementedSecurityModuleEventServer
	api.UnimplementedSecurityModuleCmdServer
	// contains filtered or unexported fields
}

APIServer represents a gRPC server in charge of receiving events sent by the runtime security system-probe module and forwards them to Datadog

func NewAPIServer 

func NewAPIServer(cfg *config.RuntimeSecurityConfig, probe *sprobe.Probe, msgSender MsgSender[api.SecurityEventMessage], client statsd.ClientInterface, selfTester *selftests.SelfTester, compression compression.Component, ipc ipc.Component) (*APIServer, error)

NewAPIServer returns a new gRPC event server

func (*APIServer) ApplyPolicyStates 

func (a *APIServer) ApplyPolicyStates(policies []*monitor.PolicyState)

ApplyPolicyStates the policy states

func (*APIServer) ApplyRuleIDs 

func (a *APIServer) ApplyRuleIDs(ruleIDs []rules.RuleID)

ApplyRuleIDs the rule ids

func (*APIServer) DumpActivity 

func (a *APIServer) DumpActivity(_ context.Context, params *api.ActivityDumpParams) (*api.ActivityDumpMessage, error)

DumpActivity handles an activity dump request

func (*APIServer) DumpDiscarders 

func (a *APIServer) DumpDiscarders(_ context.Context, _ *api.DumpDiscardersParams) (*api.DumpDiscardersMessage, error)

DumpDiscarders handles discarder dump requests

func (*APIServer) DumpNetworkNamespace 

func (a *APIServer) DumpNetworkNamespace(_ context.Context, params *api.DumpNetworkNamespaceParams) (*api.DumpNetworkNamespaceMessage, error)

DumpNetworkNamespace handles network namespace cache dump requests

func (*APIServer) DumpProcessCache 

func (a *APIServer) DumpProcessCache(_ context.Context, params *api.DumpProcessCacheParams) (*api.SecurityDumpProcessCacheMessage, error)

DumpProcessCache handles process cache dump requests

func (*APIServer) GetActivityDumpStream 

func (a *APIServer) GetActivityDumpStream(_ *empty.Empty, stream api.SecurityModuleEvent_GetActivityDumpStreamServer) error

GetActivityDumpStream transfers dumps to the security-agent. Communication security-agent -> system-probe

func (*APIServer) GetConfig 

func (a *APIServer) GetConfig(_ context.Context, _ *api.GetConfigParams) (*api.SecurityConfigMessage, error)

GetConfig returns config of the runtime security module required by the security agent

func (*APIServer) GetEventStream 

func (a *APIServer) GetEventStream(_ *empty.Empty, stream api.SecurityModuleEvent_GetEventStreamServer) error

GetEventStream transfers events to the security-agent. Communication security-agent -> system-probe

func (*APIServer) GetRuleSetReport 

func (a *APIServer) GetRuleSetReport(_ context.Context, _ *api.GetRuleSetReportParams) (*api.GetRuleSetReportMessage, error)

GetRuleSetReport reports the ruleset loaded

func (*APIServer) GetSECLVariables 

func (a *APIServer) GetSECLVariables() map[string]*api.SECLVariableState

GetSECLVariables returns the SECL variables and their value

func (*APIServer) GetStatus 

func (a *APIServer) GetStatus(_ context.Context, _ *api.GetStatusParams) (*api.Status, error)

GetStatus returns the status of the module

func (*APIServer) ListActivityDumps 

func (a *APIServer) ListActivityDumps(_ context.Context, params *api.ActivityDumpListParams) (*api.ActivityDumpListMessage, error)

ListActivityDumps returns the list of active dumps

func (*APIServer) ListSecurityProfiles 

func (a *APIServer) ListSecurityProfiles(_ context.Context, params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)

ListSecurityProfiles returns the list of security profiles

func (*APIServer) ReloadPolicies 

func (a *APIServer) ReloadPolicies(_ context.Context, _ *api.ReloadPoliciesParams) (*api.ReloadPoliciesResultMessage, error)

ReloadPolicies reloads the policies

func (*APIServer) RunSelfTest 

func (a *APIServer) RunSelfTest(_ context.Context, _ *api.RunSelfTestParams) (*api.SecuritySelfTestResultMessage, error)

RunSelfTest runs self test and then reload the current policies

func (*APIServer) SaveSecurityProfile 

func (a *APIServer) SaveSecurityProfile(_ context.Context, params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)

SaveSecurityProfile saves the requested security profile to disk

func (*APIServer) SendActivityDump 

func (a *APIServer) SendActivityDump(imageName string, imageTag string, header []byte, data []byte)

SendActivityDump queues an activity dump to the chan of activity dumps

func (*APIServer) SendEvent 

func (a *APIServer) SendEvent(rule *rules.Rule, event events.Event, extTagsCb func() ([]string, bool), service string)

SendEvent forwards events sent by the runtime security module to Datadog

func (*APIServer) SendStats 

func (a *APIServer) SendStats() error

SendStats sends statistics

func (*APIServer) SetCWSConsumer 

func (a *APIServer) SetCWSConsumer(consumer *CWSConsumer)

SetCWSConsumer sets the CWS consumer

func (*APIServer) Start 

func (a *APIServer) Start(ctx context.Context)

Start the api server, starts to consume the msg queue

func (*APIServer) Stop 

func (a *APIServer) Stop()

Stop stops the API server

func (*APIServer) StopActivityDump 

func (a *APIServer) StopActivityDump(_ context.Context, params *api.ActivityDumpStopParams) (*api.ActivityDumpStopMessage, error)

StopActivityDump stops an active activity dump if it exists

func (*APIServer) TranscodingRequest 

func (a *APIServer) TranscodingRequest(_ context.Context, params *api.TranscodingRequestParams) (*api.TranscodingRequestMessage, error)

TranscodingRequest encodes an activity dump following the requested parameters

type ActivityDumpMsgSender 

type ActivityDumpMsgSender = MsgSender[api.ActivityDumpStreamMessage]

ActivityDumpMsgSender defines a message sender for activity dump messages

type CWSConsumer 

type CWSConsumer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

CWSConsumer represents the system-probe module for the runtime security agent

func NewCWSConsumer 

func NewCWSConsumer(evm *eventmonitor.EventMonitor, cfg *config.RuntimeSecurityConfig, wmeta workloadmeta.Component, opts Opts, compression compression.Component, ipc ipc.Component) (*CWSConsumer, error)

NewCWSConsumer initializes the module with options

func (*CWSConsumer) APIServer 

func (c *CWSConsumer) APIServer() *APIServer

APIServer returns the api server

func (*CWSConsumer) GetRuleEngine 

func (c *CWSConsumer) GetRuleEngine() *rulesmodule.RuleEngine

GetRuleEngine returns new current rule engine

func (*CWSConsumer) GetStatus 

func (c *CWSConsumer) GetStatus(ctx context.Context) (*api.Status, error)

GetStatus returns the status of the module

func (*CWSConsumer) HandleActivityDump 

func (c *CWSConsumer) HandleActivityDump(imageName string, imageTag string, header []byte, data []byte) error

HandleActivityDump sends an activity dump to the backend

func (*CWSConsumer) HandleCustomEvent 

func (c *CWSConsumer) HandleCustomEvent(rule *rules.Rule, event *events.CustomEvent)

HandleCustomEvent is called by the probe when an event should be sent to Datadog but doesn't need evaluation

func (*CWSConsumer) ID 

func (c *CWSConsumer) ID() string

ID returns id for CWS

func (*CWSConsumer) PostProbeStart 

func (c *CWSConsumer) PostProbeStart() error

PostProbeStart is called after the event stream is started

func (*CWSConsumer) PrepareForFunctionalTests 

func (c *CWSConsumer) PrepareForFunctionalTests()

PrepareForFunctionalTests tweaks the module to be ready for functional tests currently it: - disables the container running telemetry

func (*CWSConsumer) RunSelfTest 

func (c *CWSConsumer) RunSelfTest(gRPC bool) (bool, error)

RunSelfTest runs the self tests

func (*CWSConsumer) SendEvent 

func (c *CWSConsumer) SendEvent(rule *rules.Rule, event events.Event, extTagsCb func() ([]string, bool), service string)

SendEvent sends an event to the backend after checking that the rate limiter allows it for the provided rule Implements the EventSender interface

func (*CWSConsumer) SendStats 

func (c *CWSConsumer) SendStats()

SendStats send stats

func (*CWSConsumer) Start 

func (c *CWSConsumer) Start() error

Start the module

func (*CWSConsumer) Stop 

func (c *CWSConsumer) Stop()

Stop closes the module

type ChanMsgSender 

type ChanMsgSender[T any] struct {
	// contains filtered or unexported fields
}

ChanMsgSender defines a chan message sender

func NewChanMsgSender 

func NewChanMsgSender[T any](msgs chan *T) *ChanMsgSender[T]

NewChanMsgSender returns a new chan sender

func (*ChanMsgSender[T]) Send 

func (cs *ChanMsgSender[T]) Send(msg *T, expireFnc func(*T))

Send the message

func (*ChanMsgSender[T]) SendTelemetry 

func (cs *ChanMsgSender[T]) SendTelemetry(statsd.ClientInterface)

SendTelemetry sends telemetry data

type DirectActivityDumpMsgSender 

type DirectActivityDumpMsgSender struct {
	// contains filtered or unexported fields
}

DirectActivityDumpMsgSender defines a direct activity dump sender

func NewDirectActivityDumpMsgSender 

func NewDirectActivityDumpMsgSender() (*DirectActivityDumpMsgSender, error)

NewDirectActivityDumpMsgSender returns a new direct activity dump sender

func (*DirectActivityDumpMsgSender) GetEndpointsStatus 

func (ds *DirectActivityDumpMsgSender) GetEndpointsStatus() []string

GetEndpointsStatus returns the status of the endpoints

func (*DirectActivityDumpMsgSender) Send 

func (ds *DirectActivityDumpMsgSender) Send(msg *api.ActivityDumpStreamMessage, _ func(*api.ActivityDumpStreamMessage))

Send the message

func (*DirectActivityDumpMsgSender) SendTelemetry 

func (ds *DirectActivityDumpMsgSender) SendTelemetry(statsd statsd.ClientInterface)

SendTelemetry sends telemetry data

type DirectEventMsgSender 

type DirectEventMsgSender struct {
	// contains filtered or unexported fields
}

DirectEventMsgSender defines a direct sender

func NewDirectEventMsgSender 

func NewDirectEventMsgSender(stopper startstop.Stopper, compression compression.Component, ipc ipc.Component) (*DirectEventMsgSender, error)

NewDirectEventMsgSender returns a new direct sender

func (*DirectEventMsgSender) GetEndpointsStatus 

func (ds *DirectEventMsgSender) GetEndpointsStatus() []string

GetEndpointsStatus returns the status of the endpoints

func (*DirectEventMsgSender) Send 

func (ds *DirectEventMsgSender) Send(msg *api.SecurityEventMessage, _ func(*api.SecurityEventMessage))

Send the message

func (*DirectEventMsgSender) SendTelemetry 

func (ds *DirectEventMsgSender) SendTelemetry(statsd.ClientInterface)

SendTelemetry sends telemetry data

type EndpointsStatusFetcher 

type EndpointsStatusFetcher interface {
	GetEndpointsStatus() []string
}

EndpointsStatusFetcher defines an interface to get the status of the endpoints

type EventMsgSender 

type EventMsgSender = MsgSender[api.SecurityEventMessage]

EventMsgSender defines a message sender for security events

type MsgSender 

type MsgSender[T any] interface {
	Send(msg *T, expireFnc func(*T))
	SendTelemetry(statsd.ClientInterface)
}

MsgSender defines a message sender

type Opts 

type Opts struct {
	EventSender events.EventSender
	MsgSender   EventMsgSender
}

Opts define module options

type Reloader 

type Reloader struct {
	// contains filtered or unexported fields
}

Reloader aims to handle policies reloading triggers

func NewReloader 

func NewReloader() *Reloader

NewReloader returns a new Reloader

func (*Reloader) Chan 

func (r *Reloader) Chan() <-chan struct{}

Chan returns the chan of reload events

func (*Reloader) Start 

func (r *Reloader) Start() error

Start the reloader

func (*Reloader) Stop 

func (r *Reloader) Stop()

Stop the Reloader

type ReloaderInterface 

type ReloaderInterface interface {
	Start() error
	Stop()
	Chan() <-chan struct{}
}

ReloaderInterface aims to handle policies reloading triggers

type SecurityAgentAPIClient 

type SecurityAgentAPIClient struct {
	SecurityAgentAPIClient api.SecurityAgentAPIClient
	// contains filtered or unexported fields
}

SecurityAgentAPIClient is used to send request to security module

func NewSecurityAgentAPIClient 

func NewSecurityAgentAPIClient(cfg *config.RuntimeSecurityConfig) (*SecurityAgentAPIClient, error)

NewSecurityAgentAPIClient instantiates a new SecurityAgentAPIClient

func (*SecurityAgentAPIClient) SendActivityDumps 

func (c *SecurityAgentAPIClient) SendActivityDumps(ctx context.Context, msgs chan *api.ActivityDumpStreamMessage)

SendActivityDumps sends activity dumps to the security agent

func (*SecurityAgentAPIClient) SendEvents 

func (c *SecurityAgentAPIClient) SendEvents(ctx context.Context, msgs chan *api.SecurityEventMessage, onConnectCb func())

SendEvents sends events to the security agent

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.