Documentation
¶
Index ¶
- func IsBlacklisted(cmdline []string, blacklist []*regexp.Regexp) bool
- func NewDefaultTransport() *http.Transport
- func SetupInitialLogger(loggerName config.LoggerName) error
- func SysProbeConfigFromConfig(cfg *AgentConfig) *ebpf.Config
- type APIEndpoint
- type AgentConfig
- type DataScrubber
- type WindowsConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsBlacklisted ¶
IsBlacklisted returns a boolean indicating if the given command is blacklisted by our config.
func NewDefaultTransport ¶
NewDefaultTransport provides a http transport configuration with sane default timeouts
func SetupInitialLogger ¶
func SetupInitialLogger(loggerName config.LoggerName) error
SetupInitialLogger will set up a default logger before parsing config so we log errors nicely. The default will be stdout since we can't assume any file is writable.
func SysProbeConfigFromConfig ¶
func SysProbeConfigFromConfig(cfg *AgentConfig) *ebpf.Config
SysProbeConfigFromConfig returns a valid tracer-bpf config sourced from our agent config
Types ¶
type APIEndpoint ¶
APIEndpoint is a single endpoint where process data will be submitted.
func (*APIEndpoint) GetCheckURL ¶
func (e *APIEndpoint) GetCheckURL(checkPath string) string
GetCheckURL returns the URL string for a given agent check
type AgentConfig ¶
type AgentConfig struct {
Enabled bool
HostName string
APIEndpoints []APIEndpoint
OrchestratorEndpoints []APIEndpoint
LogFile string
LogLevel string
LogToConsole bool
QueueSize int
Blacklist []*regexp.Regexp
Scrubber *DataScrubber
MaxPerMessage int
MaxConnsPerMessage int
AllowRealTime bool
Transport *http.Transport `json:"-"`
DDAgentBin string
StatsdHost string
StatsdPort int
ProcessExpVarPort int
// System probe collection configuration
EnableSystemProbe bool
DisableTCPTracing bool
DisableUDPTracing bool
DisableIPv6Tracing bool
DisableDNSInspection bool
CollectLocalDNS bool
SystemProbeSocketPath string
SystemProbeLogFile string
MaxTrackedConnections uint
SysProbeBPFDebug bool
ExcludedBPFLinuxVersions []string
ExcludedSourceConnections map[string][]string
ExcludedDestinationConnections map[string][]string
EnableConntrack bool
ConntrackShortTermBufferSize int
ConntrackMaxStateSize int
SystemProbeDebugPort int
ClosedChannelSize int
MaxClosedConnectionsBuffered int
MaxConnectionsStateBuffered int
// Orchestrator collection configuration
OrchestrationCollectionEnabled bool
KubeClusterName string
// Check config
EnabledChecks []string
CheckIntervals map[string]time.Duration
// Windows-specific config
Windows WindowsConfig
// contains filtered or unexported fields
}
AgentConfig is the global config for the process-agent. This information is sourced from config files and the environment variables.
func NewAgentConfig ¶
func NewAgentConfig(loggerName config.LoggerName, yamlPath, netYamlPath string) (*AgentConfig, error)
NewAgentConfig returns an AgentConfig using a configuration file. It can be nil if there is no file available. In this case we'll configure only via environment.
func NewDefaultAgentConfig ¶
func NewDefaultAgentConfig(canAccessContainers bool) *AgentConfig
NewDefaultAgentConfig returns an AgentConfig with defaults initialized
func NewSystemProbeConfig ¶
func NewSystemProbeConfig(loggerName config.LoggerName, yamlPath string) (*AgentConfig, error)
NewSystemProbeConfig returns a system-probe specific AgentConfig using a configuration file. It can be nil if there is no file available. In this case we'll configure only via environment.
func (AgentConfig) CheckInterval ¶
func (a AgentConfig) CheckInterval(checkName string) time.Duration
CheckInterval returns the interval for the given check name, defaulting to 10s if not found.
func (AgentConfig) CheckIsEnabled ¶
func (a AgentConfig) CheckIsEnabled(checkName string) bool
CheckIsEnabled returns a bool indicating if the given check name is enabled.
type DataScrubber ¶
type DataScrubber struct {
Enabled bool
StripAllArguments bool
SensitivePatterns []*regexp.Regexp
// contains filtered or unexported fields
}
DataScrubber allows the agent to blacklist cmdline arguments that match a list of predefined and custom words
func NewDefaultDataScrubber ¶
func NewDefaultDataScrubber() *DataScrubber
NewDefaultDataScrubber creates a DataScrubber with the default behavior: enabled and matching the default sensitive words
func (*DataScrubber) AddCustomSensitiveWords ¶
func (ds *DataScrubber) AddCustomSensitiveWords(words []string)
AddCustomSensitiveWords adds custom sensitive words on the DataScrubber object
func (*DataScrubber) IncrementCacheAge ¶
func (ds *DataScrubber) IncrementCacheAge()
IncrementCacheAge increments one cycle of cache memory age. If it reaches cacheMaxCycles, the cache is restarted
func (*DataScrubber) ScrubCommand ¶
func (ds *DataScrubber) ScrubCommand(cmdline []string) ([]string, bool)
ScrubCommand hides the argument value for any key which matches a "sensitive word" pattern. It returns the updated cmdline, as well as a boolean representing whether it was scrubbed
func (*DataScrubber) ScrubProcessCommand ¶
func (ds *DataScrubber) ScrubProcessCommand(p *process.FilledProcess) []string
ScrubProcessCommand uses a cache memory to avoid scrubbing already known process' cmdlines
type WindowsConfig ¶
type WindowsConfig struct {
// Number of checks runs between refreshes of command-line arguments
ArgsRefreshInterval int
// Controls getting process arguments immediately when a new process is discovered
AddNewArgs bool
}
WindowsConfig stores all windows-specific configuration for the process-agent.
Source Files