Changelog
5dc755f work around gobpf memory leak
2187ecb add makefile target to build docker image
a207a16 add make target to build using docker
5179077 fix dockerfile
e42865f update readme with release
5294f4c save_context
0fcfd26 add release procedure using goreleaser (#75)
e21954c fix events flag in python
2efa61d fix dockerfile
1a6a69c rename events-to-trace flag to event (#73)
2684f1c update readme (#72)
5687bce build distributable binary (#71)
c06e936 update readme (#70)
6697bea update dockerfile to go
613717d handle lost events and support configurable buffer size
2d6e437 fix list command to show recent additions
dd0cedc add chown chmod and pkey_mprotect syscalls
541ae53 fix missing threads in system mode
35202dc fix makefile
9eb9f29 fix json arguments formatting to match python version
d770f33 fix comment
e366065 superficial tests for readArgFromBuff function
b9bd744 fix socket type print
67a3ac1 fix POINTER_T parsing and printing
c0b87ea fix open flags printing
6bc4686 support security_file_open lsm hook
dff978e show stats in table epilogue
b6ea608 update readme about go
189a6e7 add bprm_check event (#54)
4b9bad2 print prctl ptrace options in go
1ae06bc print sockaddr common families in go (#52)
6b2ce47 Add lsm bprm_check hook to get exec absolute path (#46)
fd8a89b implement show-exec-env in go
7278173 fix event validation
56bd72e Rewrite Python code in Go (#47)
08d5a9a Add prctl option and ptrace request enums
aee95da Add sockaddr struct fields for unix, inet, inet6 sockets
05372ab Handle failed read to buffer
8fddef9 Add optional exec-env flag to show env in execve
431eaae performance: get buffer once
58f76e7 fix missing flags
61f172f avoid fork handler code duplication
4fa4d54 Show syscall name in internal kprobes
85afe0b save container mode
04a921c update readme
58b19d9 events: add setXid syscalls
9369869 fix failed tests
6db7ef7 readme: update optional arguments
6d1effc Add config map and verify configuration
649b19f catch keyboard interrupt
4defbd5 Remove container prefix from files
3aa5c75 mount debugfs before starting
6121f73 add dockerfile
39c28ae Generic event handling in userspace
8afaa4a performance: improve performance and reduce lost events
ff9aa14 set submission array size according real cpu number
631c9f1 Merge pull request #26 from yanivagman/execve_known_issue
bdd847a Readme: update execve known issue status
5b6bffc Merge pull request #23 from yanivagman/add_event_list
7b2ce5b Add event list and update readme
e0f5549 workaround PT_REGS_PARM macros bug in new kernels
0762844 Support new kernels
8d2a31c events: add mount, umount, unlink, unlinkat syscalls
0630258 Merge pull request #12 from aquasecurity/fix_missing_stat_syscalls
4ffb880 readme: add omitted title
fbdd2e7 Add system tracing mode
2e296cf fix: stat syscalls are ignored
79c4159 Correct name in NOTICE file
f3c0e5a Merge pull request #10 from aquasecurity/add_container_id_from_uts_ns_rebased
c80ee7a Add container id by using UTS namespace node name
69f490d Merge pull request #8 from aquasecurity/event-filter
31f1a58 fix: kprobe for do_exit is essential
49132fc feat: filter events to trace
c691511 Start tracee without -v for stdout output
a069238 tracee_test: Add tests for get_sockaddr_from_buf and move offsets on init
ea9b0ec tracee_test: Add test cases for open_flags_to_str
d7bcba9 tracee_test: Add test cases for open_flags_to_str
efc2f14 tracee_test: Add tests for execveat_flags_to_str
d0f474f tracee: Apply more pep-8 fixes
95aff98 tracee: cleanup imports
630a71c .git: update gitignore
a8c2f1d tracee: Move helper methods out of EventMonitor class
ad6401f tracee: init tests and a new makefile
03f18e7 Merge pull request #4 from aquasecurity/readme
5fd4547 update readme file
e1050f8 Update readme files
9f22b49 remove execve redundant structs
2e33567 Change kernel-userspace communication buffer
9871c7a add creat syscall and fix open incorrect flags bug
220d5ed expand syscall enum for all syscalls
af9abf3 add getdents(64) syscalls
50c939e add symlink(at) syscalls
2fdcfd7 add prctl, ptrace, process_vm_read(write)v, (f)init_module, delete_module syscalls
279aabf suport python 2 json
ba4f4ac Add authors info
1fe3310 Add kernel version & usage to README
90440ef Create NOTICE
aa5bb68 Create LICENSE
3cf9917 Container tracing using eBPF
b30fc5c Initial commit
Docker images
docker pull docker.io/aquasec/tracee:0.0.1docker pull docker.io/aquasec/tracee:latest