Versions in this module Expand all Collapse all v0 v0.9.0 Oct 20, 2021retracted Changes in this version + const LowerLayer — linux/amd64 + const MaxPathDepth — linux/amd64 + const MaxSegmentLength — linux/amd64 + const UpperLayer — linux/amd64 + var ByteOrder binary.ByteOrder + var ErrNonPrintable = errors.New("non printable") + var ErrNotEnoughData = errors.New("not enough data") + var ErrStringArrayOverflow = errors.New("string array overflow") + var KernelCapabilityConstants = map[string]uint64 — linux/amd64 + var SECLConstants = map[string]interface — linux/amd64 + var SECLLegacyAttributes = map[eval.Field]eval.Field — linux/amd64 + func FindContainerID(s string) string + func GetEventTypePerCategory() map[EventCategory][]eval.EventType — linux/amd64 + func GetHostByteOrder() binary.ByteOrder + func IsAlphaNumeric(r rune) bool + func IsPrintable(s string) bool + func IsPrintableASCII(s string) bool + func SliceToArray(src []byte, dst unsafe.Pointer) + func UnmarshalBinary(data []byte, binaryUnmarshalers ...BinaryUnmarshaler) (int, error) — linux/amd64 + func UnmarshalString(data []byte, size int) (string, error) + func UnmarshalStringArray(data []byte) ([]string, error) + type ArgsEntry struct — linux/amd64 + Truncated bool + Values []string + func (p *ArgsEntry) ToArray() ([]string, bool) + type ArgsEnvs struct — linux/amd64 + ID uint32 + Size uint32 + ValuesRaw [256]byte + type ArgsEnvsCacheEntry struct — linux/amd64 + func NewArgsEnvsCacheEntry(onRelease func(_ *ArgsEnvsCacheEntry)) *ArgsEnvsCacheEntry + func (p *ArgsEnvsCacheEntry) Append(entry *ArgsEnvsCacheEntry) + func (p *ArgsEnvsCacheEntry) Release() + func (p *ArgsEnvsCacheEntry) Retain() + type ArgsEnvsEvent struct — linux/amd64 + func (e *ArgsEnvsEvent) UnmarshalBinary(data []byte) (int, error) + type BinaryUnmarshaler interface — linux/amd64 + UnmarshalBinary func(data []byte) (int, error) + type CapsetEvent struct — linux/amd64 + CapEffective uint64 + CapPermitted uint64 + func (e *CapsetEvent) UnmarshalBinary(data []byte) (int, error) + type ChmodEvent struct — linux/amd64 + File FileEvent + Mode uint32 + func (e *ChmodEvent) UnmarshalBinary(data []byte) (int, error) + type ChmodMode int — linux/amd64 + func (m ChmodMode) String() string + type ChownEvent struct — linux/amd64 + File FileEvent + GID uint32 + Group string + UID uint32 + User string + func (e *ChownEvent) UnmarshalBinary(data []byte) (int, error) + type ContainerContext struct — linux/amd64 + ID string + Tags []string + func (e *ContainerContext) UnmarshalBinary(data []byte) (int, error) + type Credentials struct — linux/amd64 + CapEffective uint64 + CapPermitted uint64 + EGID uint32 + EGroup string + EUID uint32 + EUser string + FSGID uint32 + FSGroup string + FSUID uint32 + FSUser string + GID uint32 + Group string + UID uint32 + User string + func (e *Credentials) UnmarshalBinary(data []byte) (int, error) + type EnvsEntry struct — linux/amd64 + Truncated bool + Values map[string]string + func (p *EnvsEntry) Get(key string) string + func (p *EnvsEntry) ToMap() (map[string]string, bool) + type Event struct — linux/amd64 + ArgsEnvs ArgsEnvsEvent + Capset CapsetEvent + Chmod ChmodEvent + Chown ChownEvent + ContainerContext ContainerContext + Exec ExecEvent + ID string + InvalidateDentry InvalidateDentryEvent + Link LinkEvent + Mkdir MkdirEvent + Mount MountEvent + MountReleased MountReleasedEvent + Open OpenEvent + ProcessContext ProcessContext + RemoveXAttr SetXAttrEvent + Rename RenameEvent + Rmdir RmdirEvent + SELinux SELinuxEvent + SetGID SetgidEvent + SetUID SetuidEvent + SetXAttr SetXAttrEvent + SpanContext SpanContext + Timestamp time.Time + TimestampRaw uint64 + Type uint64 + Umount UmountEvent + Unlink UnlinkEvent + Utimes UtimesEvent + func (e *Event) GetEventType() EventType + func (e *Event) GetFieldEventType(field eval.Field) (eval.EventType, error) + func (e *Event) GetFieldType(field eval.Field) (reflect.Kind, error) + func (e *Event) GetFieldValue(field eval.Field) (interface{}, error) + func (e *Event) GetFields() []eval.Field + func (e *Event) GetPointer() unsafe.Pointer + func (e *Event) GetTags() []string + func (e *Event) GetType() string + func (e *Event) SetFieldValue(field eval.Field, value interface{}) error + func (e *Event) UnmarshalBinary(data []byte) (int, error) + type EventCategory = string — linux/amd64 + const FIMCategory + const RuntimeCategory + func GetEventTypeCategory(eventType eval.EventType) EventCategory + type EventType uint64 + const ArgsEnvsEventType + const CapsetEventType + const CustomForkBombEventType + const CustomLostReadEventType + const CustomLostWriteEventType + const CustomNoisyProcessEventType + const CustomRulesetLoadedEventType + const CustomTruncatedParentsEventType + const ExecEventType + const ExitEventType + const FileChmodEventType + const FileChownEventType + const FileLinkEventType + const FileMkdirEventType + const FileMountEventType + const FileOpenEventType + const FileRemoveXAttrEventType + const FileRenameEventType + const FileRmdirEventType + const FileSetXAttrEventType + const FileUmountEventType + const FileUnlinkEventType + const FileUtimesEventType + const FirstDiscarderEventType + const ForkEventType + const InvalidateDentryEventType + const LastDiscarderEventType + const MaxEventType + const MountReleasedEventType + const SELinuxEventType + const SetgidEventType + const SetuidEventType + const UnknownEventType + func ParseEvalEventType(eventType eval.EventType) EventType + func (t EventType) String() string + type ExecEvent struct — linux/amd64 + Args string + ArgsTruncated bool + Argv []string + Envs []string + EnvsTruncated bool + func (e *ExecEvent) UnmarshalBinary(data []byte) (int, error) + type FileEvent struct — linux/amd64 + BasenameStr string + Filesytem string + PathResolutionError error + PathnameStr string + func (e *FileEvent) GetPathResolutionError() string + func (e *FileEvent) UnmarshalBinary(data []byte) (int, error) + type FileFields struct — linux/amd64 + CTime uint64 + Flags int32 + GID uint32 + Group string + InUpperLayer bool + Inode uint64 + MTime uint64 + Mode uint16 + MountID uint32 + NLink uint32 + PathID uint32 + UID uint32 + User string + func (e *FileFields) UnmarshalBinary(data []byte) (int, error) + func (f *FileFields) GetInLowerLayer() bool + func (f *FileFields) GetInUpperLayer() bool + func (f *FileFields) HasHardLinks() bool + type InvalidateDentryEvent struct — linux/amd64 + DiscarderRevision uint32 + Inode uint64 + MountID uint32 + func (e *InvalidateDentryEvent) UnmarshalBinary(data []byte) (int, error) + type KernelCapability uint64 — linux/amd64 + func (kc KernelCapability) String() string + func (kc KernelCapability) StringArray() []string + type LinkEvent struct — linux/amd64 + Source FileEvent + Target FileEvent + func (e *LinkEvent) UnmarshalBinary(data []byte) (int, error) + type MkdirEvent struct — linux/amd64 + File FileEvent + Mode uint32 + func (e *MkdirEvent) UnmarshalBinary(data []byte) (int, error) + type Model struct — linux/amd64 + func (m *Model) GetEvaluator(field eval.Field, regID eval.RegisterID) (eval.Evaluator, error) + func (m *Model) GetEventTypes() []eval.EventType + func (m *Model) GetIterator(field eval.Field) (eval.Iterator, error) + func (m *Model) NewEvent() eval.Event + func (m *Model) ValidateField(field eval.Field, fieldValue eval.FieldValue) error + type MountEvent struct — linux/amd64 + Device uint32 + FSType string + FSTypeRaw [16]byte + GroupID uint32 + MountID uint32 + MountPointPathResolutionError error + MountPointStr string + ParentInode uint64 + ParentMountID uint32 + RootInode uint64 + RootMountID uint32 + RootPathResolutionError error + RootStr string + func (e *MountEvent) UnmarshalBinary(data []byte) (int, error) + func (m *MountEvent) GetFSType() string + func (m *MountEvent) GetMountPointPathResolutionError() string + func (m *MountEvent) GetRootPathResolutionError() string + func (m *MountEvent) IsOverlayFS() bool + type MountReleasedEvent struct — linux/amd64 + DiscarderRevision uint32 + MountID uint32 + func (e *MountReleasedEvent) UnmarshalBinary(data []byte) (int, error) + type OpenEvent struct — linux/amd64 + File FileEvent + Flags uint32 + Mode uint32 + func (e *OpenEvent) UnmarshalBinary(data []byte) (int, error) + type OpenFlags int — linux/amd64 + func (f OpenFlags) String() string + func (f OpenFlags) StringArray() []string + type Process struct — linux/amd64 + ArgsEntry *ArgsEntry + ArgsID uint32 + ArgsTruncated bool + BasenameStr string + Comm string + ContainerID string + Cookie uint32 + CreatedAt uint64 + EnvsEntry *EnvsEntry + EnvsID uint32 + EnvsTruncated bool + ExecTime time.Time + ExitTime time.Time + FileFields FileFields + Filesystem string + ForkTime time.Time + PPid uint32 + PathResolutionError error + PathnameStr string + Pid uint32 + TTYName string + Tid uint32 + func (e *Process) GetPathResolutionError() string + func (e *Process) UnmarshalBinary(data []byte) (int, error) + type ProcessAncestorsIterator struct — linux/amd64 + func (it *ProcessAncestorsIterator) Front(ctx *eval.Context) unsafe.Pointer + func (it *ProcessAncestorsIterator) Next() unsafe.Pointer + type ProcessCacheEntry struct — linux/amd64 + func NewProcessCacheEntry(onRelease func(_ *ProcessCacheEntry)) *ProcessCacheEntry + func (e *ProcessCacheEntry) Release() + func (e *ProcessCacheEntry) Reset() + func (e *ProcessCacheEntry) Retain() + func (pc *ProcessCacheEntry) Exec(entry *ProcessCacheEntry) + func (pc *ProcessCacheEntry) Exit(exitTime time.Time) + func (pc *ProcessCacheEntry) Fork(childEntry *ProcessCacheEntry) + func (pc *ProcessCacheEntry) SetAncestor(parent *ProcessCacheEntry) + type ProcessContext struct — linux/amd64 + Ancestor *ProcessCacheEntry + func (p *ProcessContext) UnmarshalBinary(data []byte) (int, error) + type RenameEvent struct — linux/amd64 + DiscarderRevision uint32 + New FileEvent + Old FileEvent + func (e *RenameEvent) UnmarshalBinary(data []byte) (int, error) + type RetValError int — linux/amd64 + func (f RetValError) String() string + type RmdirEvent struct — linux/amd64 + DiscarderRevision uint32 + File FileEvent + func (e *RmdirEvent) UnmarshalBinary(data []byte) (int, error) + type SELinuxEvent struct — linux/amd64 + BoolChangeValue string + BoolCommitValue bool + BoolName string + EnforceStatus string + EventKind SELinuxEventKind + File FileEvent + func (e *SELinuxEvent) UnmarshalBinary(data []byte) (int, error) + type SELinuxEventKind uint32 — linux/amd64 + const SELinuxBoolChangeEventKind + const SELinuxBoolCommitEventKind + const SELinuxStatusChangeEventKind + type SetXAttrEvent struct — linux/amd64 + File FileEvent + Name string + NameRaw [200]byte + Namespace string + func (e *SetXAttrEvent) UnmarshalBinary(data []byte) (int, error) + type SetgidEvent struct — linux/amd64 + EGID uint32 + EGroup string + FSGID uint32 + FSGroup string + GID uint32 + Group string + func (e *SetgidEvent) UnmarshalBinary(data []byte) (int, error) + type SetuidEvent struct — linux/amd64 + EUID uint32 + EUser string + FSUID uint32 + FSUser string + UID uint32 + User string + func (e *SetuidEvent) UnmarshalBinary(data []byte) (int, error) + type SpanContext struct — linux/amd64 + SpanID uint64 + TraceID uint64 + func (s *SpanContext) UnmarshalBinary(data []byte) (int, error) + type SyscallEvent struct — linux/amd64 + Retval int64 + func (e *SyscallEvent) UnmarshalBinary(data []byte) (int, error) + type UmountEvent struct — linux/amd64 + MountID uint32 + func (e *UmountEvent) UnmarshalBinary(data []byte) (int, error) + type UnlinkEvent struct — linux/amd64 + DiscarderRevision uint32 + File FileEvent + Flags uint32 + func (e *UnlinkEvent) UnmarshalBinary(data []byte) (int, error) + type UnlinkFlags int — linux/amd64 + func (f UnlinkFlags) String() string + func (f UnlinkFlags) StringArray() []string + type UtimesEvent struct — linux/amd64 + Atime time.Time + File FileEvent + Mtime time.Time + func (e *UtimesEvent) UnmarshalBinary(data []byte) (int, error)
Go to main page