Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsHostCompatible ¶
func IsHostCompatible() error
IsHostCompatible checks that BPF programs can run on this host.
func SystemHasBPF ¶
func SystemHasBPF() bool
SystemHasBPF returns true if the binary was build with support for BPF compiled in.
Types ¶
type BPF ¶
type BPF interface {
// OpenSession will start monitoring all events within a session and
// emitting them to the Audit Log.
OpenSession(ctx *SessionContext) (uint64, error)
// CloseSession will stop monitoring events for a particular session.
CloseSession(ctx *SessionContext) error
// Close will stop any running BPF programs.
Close() error
}
BPF implements an interface to open and close a recording session.
type Config ¶
type Config struct {
// Enabled is if this service will try and install BPF programs on this system.
Enabled bool
// CommandBufferSize is the size of the perf buffer for command events.
CommandBufferSize *int
// DiskBufferSize is the size of the perf buffer for disk events.
DiskBufferSize *int
// NetworkBufferSize is the size of the perf buffer for network events.
NetworkBufferSize *int
// CgroupPath is where the cgroupv2 hierarchy is mounted.
CgroupPath string
}
Config holds configuration for the BPF service.
func (*Config) CheckAndSetDefaults ¶
CheckAndSetDefaults checks BPF configuration.
type NOP ¶
type NOP struct {
}
NOP is used on either non-Linux systems or when BPF support is not enabled.
func (*NOP) CloseSession ¶
func (s *NOP) CloseSession(ctx *SessionContext) error
OpenSession will open a NOP session. Note this function does nothing.
func (*NOP) OpenSession ¶
func (s *NOP) OpenSession(ctx *SessionContext) (uint64, error)
OpenSession will open a NOP session. Note this function does nothing.
type Service ¶
type Service struct {
}
Service is used on non-Linux systems as a NOP service that allows the caller to open and close sessions that do nothing on systems that don't support eBPF.
type SessionContext ¶
type SessionContext struct {
// Namespace is the namespace within which this session occurs.
Namespace string
// SessionID is the UUID of the given session.
SessionID string
// ServerID is the UUID of the server this session is executing on.
ServerID string
// Login is the Unix login for this session.
Login string
// User is the Teleport user.
User string
// PID is the process ID of Teleport when it re-executes itself. This is
// used by Teleport to find itself by cgroup.
PID int
// AuditLog is used to store events for a particular sessionl
AuditLog events.IAuditLog
// Events is the set of events (command, disk, or network) to record for
// this session.
Events map[string]bool
}
SessionContext contains all the information needed to track and emit events for a particular session. Most of this information is already within srv.ServerContext, unfortunately due to circular imports with lib/srv and lib/bpf, part of that structure is reproduced in SessionContext.
Source Files