tracee
tracee copied to clipboard
Published
20 hours ago •
aquasecurity
aquasecurity
Document missing events
Document missing events under docs/events:
- [ ] sys_enter
- [ ] sys_exit
- [ ] sched_process_fork
- [ ] sched_process_exec
- [ ] sched_process_exit
- [ ] sched_switch
- [ ] do_exit
- [ ] cap_capable
- [ ] vfs_write
- [ ] vfs_writev
- [ ] commit_creds
- [ ] switch_task_ns
- [ ] cgroup_attach_dir
- [ ] cgroup_mkdir
- [ ] cgroup_rmdir
- [ ] security_bprm_check
- [ ] security_file_open
- [ ] security_inode_unlink
- [ ] security_socket_create
- [ ] security_socket_listen
- [ ] security_socket_connect
- [ ] security_socket_accept
- [ ] security_socket_bind
- [ ] security_sb_mount
- [ ] security_bpf
- [ ] security_bpf_map
- [ ] security_kernel_read_file
- [ ] security_inode_mknod
- [ ] security_kernel_post_read_file
- [ ] security_inode_symlink
- [ ] security_mmap_file
- [ ] socket_dup
- [ ] hidden_inode
- [ ] __kernel_write
- [ ] proc_create
- [ ] kprobe_attach
- [ ] call_usermodehelper
- [ ] dirty_pipe_splice
- [ ] debugfs_create_file
- [ ] debugfs_create_dir
- [ ] device_add
- [ ] register_chrdev
- [ ] shared_object_loaded
- [ ] do_init_module
- [ ] socket_accept
- [ ] load_elf_phdrs
- [ ] hooked_proc_fops
- [ ] task_rename
- [ ] security_inode_rename
- [ ] do_mmap
- [ ] print_mem_dump
- [ ] vfs_utimes
- [ ] do_truncate
- [ ] inotify_watch
- [ ] init_namespaces
- [ ] container_create
- [ ] container_remove
- [ ] existing_container
- [ ] hooked_syscalls
- [ ] hooked_seq_ops
- [x] net_packet_http_request
- [x] net_packet_http_response
Will "finish" this beginning next week (during freeze) as this can be changed during freeze period (no logic changes whatsoever).
some events were documented with https://github.com/aquasecurity/tracee/pull/3540
default events will be documented with https://github.com/aquasecurity/tracee/issues/3580