Documentation
¶
Overview ¶
Package process fetches process and socket information from the operating system. It can find the process owning a network connection.
Index ¶
- Constants
- Variables
- func All() map[int]*Process
- func CleanProcessStorage(activePIDs map[int]struct{})
- func SetDBController(controller *database.Controller)
- type Process
- func GetNetworkHost(ctx context.Context, remoteIP net.IP) (process *Process, err error)
- func GetOrFindProcess(ctx context.Context, pid int) (*Process, error)
- func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)
- func GetProcessByRequestOrigin(ar *api.Request) (*Process, error)
- func GetProcessFromStorage(pid int) (*Process, bool)
- func GetSystemProcess(ctx context.Context) *Process
- func GetUnidentifiedProcess(ctx context.Context) *Process
- func GetUnsolicitedProcess(ctx context.Context) *Process
- func (p *Process) Delete()
- func (p *Process) Equal(other *Process) bool
- func (p *Process) GetExecHash(algorithm string) (string, error)
- func (p *Process) GetLastSeen() int64
- func (p *Process) GetProfile(ctx context.Context) (changed bool, err error)
- func (p *Process) IsIdentified() bool
- func (p *Process) IsSystemResolver() bool
- func (p *Process) Profile() *profile.LayeredProfile
- func (p *Process) Save()
- func (p *Process) SetLastSeen(lastSeen int64)
- func (p *Process) String() string
- func (p *Process) UpdateProfileMetadata()
Constants ¶
const ( // UndefinedProcessID is not used by any (virtual) process and signifies that // the PID is unset. UndefinedProcessID = -1 // UnidentifiedProcessID is the PID used for outgoing connections that could // not be attributed to a PID for any reason. UnidentifiedProcessID = -2 // UnsolicitedProcessID is the PID used for incoming connections that could // not be attributed to a PID for any reason. UnsolicitedProcessID = -3 // NetworkHostProcessID is the PID used for requests served to the network. NetworkHostProcessID = -255 )
const SystemProcessID = 0
SystemProcessID is the PID of the System/Kernel itself.
Variables ¶
var (
CfgOptionEnableProcessDetectionKey = "core/enableProcessDetection"
)
Configuration Keys.
Functions ¶
func CleanProcessStorage ¶
func CleanProcessStorage(activePIDs map[int]struct{})
CleanProcessStorage cleans the storage from old processes.
func SetDBController ¶
func SetDBController(controller *database.Controller)
SetDBController sets the database controller and allows the package to push database updates on a save. It must be set by the package that registers the "network" database.
Types ¶
type Process ¶
type Process struct {
record.Base
sync.Mutex
Name string
UserID int
UserName string
UserHome string
Pid int
ParentPid int
Path string
ExecName string
Cwd string
CmdLine string
FirstArg string
// SpecialDetail holds special information, the meaning of which can change
// based on any of the previous attributes.
SpecialDetail string
// PrimaryProfileID holds the scoped ID of the primary profile.
PrimaryProfileID string
FirstSeen int64
LastSeen int64
Error string // Cache errors
ExecHashes map[string]string
// contains filtered or unexported fields
}
A Process represents a process running on the operating system.
func GetNetworkHost ¶ added in v0.6.5
GetNetworkHost returns a *Process that represents a host on the network.
func GetOrFindProcess ¶
GetOrFindProcess returns the process for the given PID.
func GetProcessByConnection ¶ added in v0.4.4
func GetProcessByConnection(ctx context.Context, pktInfo *packet.Info) (process *Process, connInbound bool, err error)
GetProcessByConnection returns the process that owns the described connection.
func GetProcessByRequestOrigin ¶ added in v0.9.1
GetProcessByRequestOrigin returns the process that initiated the API request ar.
func GetProcessFromStorage ¶
GetProcessFromStorage returns a process from the internal storage.
func GetSystemProcess ¶ added in v0.4.1
GetSystemProcess returns the special process used for the Kernel.
func GetUnidentifiedProcess ¶ added in v0.4.1
GetUnidentifiedProcess returns the special process assigned to non-attributed outgoing connections.
func GetUnsolicitedProcess ¶ added in v0.8.6
GetUnsolicitedProcess returns the special process assigned to non-attributed incoming connections.
func (*Process) Delete ¶
func (p *Process) Delete()
Delete deletes a process from the storage and propagates the change.
func (*Process) Equal ¶ added in v0.8.13
Equal returns if the two processes are both identified and have the same PID.
func (*Process) GetExecHash ¶
GetExecHash returns the hash of the executable with the given algorithm.
func (*Process) GetLastSeen ¶ added in v0.6.0
GetLastSeen returns the unix timestamp when the process was last seen.
func (*Process) GetProfile ¶ added in v0.4.0
GetProfile finds and assigns a profile set to the process.
func (*Process) IsIdentified ¶ added in v0.8.13
IsIdentified returns whether the process has been identified or if it represents some kind of unidentified process.
func (*Process) IsSystemResolver ¶ added in v0.6.7
IsSystemResolver is a shortcut to check if the process is or belongs to the system resolver and needs special handling.
func (*Process) Profile ¶ added in v0.4.0
func (p *Process) Profile() *profile.LayeredProfile
Profile returns the assigned layered profile.
func (*Process) Save ¶
func (p *Process) Save()
Save saves the process to the internal state and pushes an update.
func (*Process) SetLastSeen ¶ added in v0.6.0
SetLastSeen sets the unix timestamp when the process was last seen.
func (*Process) UpdateProfileMetadata ¶ added in v0.6.3
func (p *Process) UpdateProfileMetadata()
UpdateProfileMetadata updates the metadata of the local profile as required.
Source Files