Skip to content

v0.0.2

Compare
Choose a tag to compare
@itaysk itaysk released this 23 Jul 12:29

Changelog

a87a69e remove python version
398138d fix mem alert when not capturing
ebb5563 Add exclude event flag
6c63231 Remove PrintSyscall func
0dbb1ef Fix chmod invalid file
f1a66bd Append file write if written file type is char, socket or fifo
de74185 change socket address output format
726059c Remove unix socket leading zero in json output
267dae5 Fix unix socket name when there are leading zeros
7c4b242 fix json tags spelling
32051f8 Update readme to include capture flag
e2b935b Update readme to include file and binary capture
dbacd6e Change consts to use go naming conventions
4cc05ea Change mmap_alert and mprotect_alert to one mem_prot_alert
951fbb2 Support multiple probes for one event
7818daa Use alert struct and save alert payload using timestamp
ef4c92e validate capture options
8e79924 don't capture same exec twice
58ead5d Add mmap and mprotect security alerts and data extraction
4074a94 Add chosen events map
bbe5fe4 Fix "memory leaks" in bin_args_map and args_map
87a4a78 fix test for ptrace printing
a523eae fix file capture when dependent event is missing
b10961f Fix write error when buffer and chunk are equal in size
9602d12 allow granular selection of capture-files
6c3fc99 fix ptrace flags print
8114f9c Remove EventsIDToName map
6a6f918 auto build essentialEvens map
165a971 print all raw_syscall names
3e72e64 Add event configuration map
309aab7 fix lost event counter
2cb8a20 print errors to a dedicated file
b27aca3 fix raw_syscall printing if syscall is not known to tracee
ffa8183 capture executed files
395e9da add hook to process events and use it to show raw_syscall name
17c619d refactor stats collection and printing
2abdacb fix map update issue with old kernels
5fb424a Change save_args key to be unique
e2b0a8a decouple internal and external types
90988aa Add tail call event handler
db158f1 Use generic method to send binary data
da567dd add output gob output format
c3af6f3 Support file-write filters up to 64 chars
bad16bc Add Tracee logo
498265d cleanup file event handling code
17a08ad decouple should_trace and init_context
280ad5d Handle buffers more efficiently
e8eca12 parameterize stdout in tracee package
c9b0e91 simplify tracee config
9f17b17 remove args brackets
758145d don't show raw_syscalls by default
0bcf7a8 change printed time resolution from seconds to microseconds
ff413c4 Check for privileges
2a74671 read file buffer with struct
e84324c move should_trace to a function
45516c7 remove get_config wrapper functions
c8982e4 Change vfs_write flags
c448b3e Port vfs_write to go
05cfc5a Add configuration flags for vfs_write
89e3b64 Correlate vfs_write with execve and open with dev_id and inode_nr
7ca4b05 Support vfs_write filters
184610d Change output path to include mnt ns id
55917d5 Use tail calls to send vfs writes
c77a643 Support multiple chunks in file send
a41baa1 Add vfs_write event and file writes extraction
5d28b9d remove redundant casting
61d273f Use full submission buffer size
d278132 Remove type argument from save_str_to_buf
39bb47e Save path using helper function
75cb776 Remove R_PATH type and handle as regular string
d20cf0d fix make build dependencies
799ed4f add support for tracepoints and implement raw_syscalls tracepoint (#89)
2d5d1cc refactor events map
55b6cc6 update gobpf to include memory leak fix
68b2ce8 add youtube demo to readme

Docker images

  • docker pull docker.io/aquasec/tracee:0.0.2
  • docker pull docker.io/aquasec/tracee:latest