tracee
tracee copied to clipboard
aquasecurity
Linux Runtime Security and Forensics using eBPF
When refactoring network probes from https://github.com/aquasecurity/tracee/pull/1820 I have realized that we should better document clsact qdisc issue on tc probe destruction. I have documented the behavior observed in the current...
## Prerequisites - [ ] This issue is an EPIC issue (add label: EPIC). - [ ] This issue is an EPIC TASK (add issue to EPIC description). Select one...
## Prerequisites - [ ] This issue is an EPIC issue (add label: EPIC). - [ ] This issue is an EPIC TASK (add issue to EPIC description). Select one...
On newer kernels (>=5.5), there are four new bpf helper functions which are safer to use. These are: bpf_probe_read_user(), bpf_probe_read_user_str(), bpf_probe_read_kernel(), bpf_probe_read_kernel_str() (For more info about these helpers also see...
 and related discussion: 
## Bug description After https://github.com/aquasecurity/tracee/pull/1808, we have to start enforcing the DocPath existence and the file format every time an event is added to tracee. https://github.com/aquasecurity/tracee/pull/1808#issuecomment-1161755558 https://github.com/aquasecurity/tracee/pull/1808#issuecomment-1161843244
## Prerequisites Select one OR another: - [ ] I have discussed the refactoring idea with one (or another) maintainer. - [x] I'll create a PR to implement this refactoring...
## Original Issue The syscall `sendfile` which is another method for writing to files does not trigger the `magic_write` event. ## Expanded Issue After examining the file write operations in...
Add HTTP request event ( can include the command, headers, host, uri, protocol...) Add HTTP response event ( can include status code, headers, protocol...)
To check why CoreOS environment supports 0.6.0 but not 0.6.5. To check if adjustments are needed in order to get the next released supported in that environment.
Metadata
Owner
Metadata
Linux Runtime Security and Forensics using eBPF