tracee icon indicating copy to clipboard operation
tracee copied to clipboard

verified publisher icon aquasecurity

Metadata

Linux Runtime Security and Forensics using eBPF

Results 379 tracee issues
Sort by recently updated
recently updated
newest added

hooked_syscall event does not work correctly in v6.5 kernels (6.5.0-9-generic)

4 comment

## Description I'm currently commenting v6.5 tests out for hooked_syscall because it looks like they're buggy. Make sure to enable re-enable the test in the file: `tests/e2e-inst-test.sh` once there is...

rafaeldtinoco avatar rafaeldtinoco

kind/bug

Analyze mode should support same (or similar) features as regular pipeline.

1 comment

The current analyze mode is a replacement of the previous **tracee-rules** binary but misses many new features developed since then. It needs to support **at least** a few things, such...

AlonZivony avatar AlonZivony

area/rules
kind/feature

When enabling "exec-env" option, too many false positives happen

7 comment

## Description When running tracee in a k8s environment, if I change the default configmap to have "exec-env" option enabled, I started getting too many "ld_preload" signatures triggered for many...

rafaeldtinoco avatar rafaeldtinoco

kind/bug

Warning for each policy not giving filters for print_mem_dump

## Description For some reason, Tracee prints a warning for each policy that doesn't give filter for address or symbol in the `print_mem_dump` event. It is expected that if a...

AlonZivony avatar AlonZivony

kind/bug
area/events
area/logging

metrics: event time in userspace pipeline

### Feature A useful metrics for current performance testing and the future PR gate is the time an event spends being processed in the kernel and userspace. ### Requirements A...

NDStrahilevitz avatar NDStrahilevitz

area/performance
kind/feature

tracee event context has type overflows

5 comment

## Description While aware of https://github.com/aquasecurity/tracee/issues/2870, we still need to support/fix current tracee event context, as it has data types overflows that are likely causing context to be lost (all...

rafaeldtinoco avatar rafaeldtinoco

kind/bug

Document missing events

3 comment

Document missing events under docs/events: - [ ] sys_enter - [ ] sys_exit - [ ] sched_process_fork - [ ] sched_process_exec - [ ] sched_process_exit - [ ] sched_switch -...

yanivagman avatar yanivagman

good first issue
kind/documentation

New Event Structure

37 comment

#2355 changed the primary user experience of Tracee to be event oriented (previously events were considered internal and hidden from the user). Therefore: 1. The event schema needs to be...

itaysk avatar itaysk

kind/feature
area/events

valediction: tracee extensions (beginning of)

1 comment

I had a meeting with @geyslan and @josedonizetti about this PR. I would like one of the two to open a new PR with this branch of mine and make...

rafaeldtinoco avatar rafaeldtinoco

area/ebpf
area/testing
area/UX
area/events
area/filtering
area/build
area/flags

Loop unroll is not working as expected

## Description We expect to see 600 iterations and get only 60 in `find_modules_from_module_kset_list()`: https://github.com/aquasecurity/tracee/blob/f61866b4e2277d2a7dddc6cd77a67cd5a5da3b14/pkg/ebpf/c/tracee.bpf.c#L799-L800 https://github.com/aquasecurity/tracee/blob/f61866b4e2277d2a7dddc6cd77a67cd5a5da3b14/pkg/ebpf/c/tracee.bpf.c#L644 Steps to check it: - Get the prog ID: `sudo bpftool prog list |...

geyslan avatar geyslan

kind/bug

Metadata

3.3k
Stars
390
Forks
Watchers

Owner

verified publisher icon aquasecurity

Metadata

Linux Runtime Security and Forensics using eBPF

Back