Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.18.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.18.0
docker pull docker.io/aquasec/tracee:aarch64-0.18.0
What's Changed
- make: set LIBBPFGO_OSRELEASE_FILE default value by @geyslan in #3226
- chore: migrate to golang-lru v2 by @NDStrahilevitz in #3140
- (extensions) probes: create probe group, events: start work by @rafaeldtinoco in #3223
- flags: refactor FilterMap by @yanivagman in #3222
- go.mod: remove types replace by @NDStrahilevitz in #3236
- containers: trim mountpoint from stored paths by @NDStrahilevitz in #3231
- docs: remove old trace subcommand by @geyslan in #3238
- ebpf: pipeline: reduce iteration over policies by @geyslan in #3209
- engine: fix panic on waitgroup by @josedonizetti in #3233
- Update packaging.md for Ubuntu package building by @pimvh in #3243
- ebpf: fix socket_accept event by @NDStrahilevitz in #3240
- fix: fix container edge case in events pipeline by @geyslan in #3253
- tracee: skip golang plugin for static binaries by @josedonizetti in #3244
- Fix typo in Vagrantfile's comment by @64J0 in #3260
- tracee: signatures-dir accept multiple values by @josedonizetti in #3246
- change hooked_syscalls event so users can specify syscalls to check. by @AsafEitani in #3136
- events: hidden_kernel_module changes by @OriGlassman in #3255
- config: extract config structs to its own pkg by @geyslan in #3228
- eBPF control plane signals by @NDStrahilevitz in #3237
- build: remove signing from snapshot by @josedonizetti in #3271
- release: bump release tag to 0.16.0 by @josedonizetti in #3272
- fix: send init events to pipeline by @geyslan in #3270
- thread-safety issues fix by @rafaeldtinoco in #3265
- fix(pkg/events): fix tailcall dependencies race issues by @rafaeldtinoco in #3274
- build: remove release on tag push by @josedonizetti in #3273
- chore: move syscaller to dist by @geyslan in #3269
- fix(tests): fix input paths in parsecmd test by @rafaeldtinoco in #3275
- tracee: add analyze cmd by @josedonizetti in #3101
- policies: rename list fields to be plural by @josedonizetti in #3242
- fix(pkg/counter): finish making counter atomic by @rafaeldtinoco in #3276
- fix: derived event not triggering if base filtered by @josedonizetti in #3280
- enrich: fixes post control plane by @NDStrahilevitz in #3285
- docs: add analyze documentation by @josedonizetti in #3292
- doc: add tutorial to verify tracee signature by @josedonizetti in #3291
- fix: signature event not triggering if base filtered by @josedonizetti in #3281
- pipeline memory efficiency using pool by @geyslan in #3297
- events: update syscall_pathname for security_file_open by @OriGlassman in #3298
- Events and Scope flags by @geyslan in #3262
- pkg/containers: fix deadlock by @josedonizetti in #3311
- [v0.16.0] chore: bump k8s tag to 0.16.1 by @josedonizetti in #3316
- docs: updating link to tracee docs for search results by @AnaisUrlichs in #3317
- feature: remove policy actions by @josedonizetti in #3314
- fix(server): re-enable prometheus counters. by @rafaeldtinoco in #3304
- fix (cgroups): already dead edge case by @NDStrahilevitz in #3325
- docs: updating policies overview by @AnaisUrlichs in #3318
- chore bump 0.16.2 by @josedonizetti in #3331
- feature(k8s): policy k8s compatible by @josedonizetti in #3330
- chore: bump k8s tag to 0.17.0 by @josedonizetti in #3336
- fix(ebpf): size of mntns/pidns filters key holders by @geyslan in #3337
- fix: validate policy names are rfc 1123 by @josedonizetti in #3335
- remove help command, create flags markdown docs by @geyslan in #3321
- fix: data source registration after NewEngine by @NDStrahilevitz in #3342
- fix(build): btfhub's bpftool in alpine container by @geyslan in #3349
- chore(build): add LOGFROM flag to check-pr rule by @geyslan in #3348
- chore(build): change check-pr output format by @geyslan in #3351
- refactor(events): new event definitions (mutable vs immutable data) by @rafaeldtinoco in #3340
- fix(filter): remove unneeded workaround by @rafaeldtinoco in #3352
- events: adjust hidden kernel module event to v6.4 by @OriGlassman in #3360
- fix(config): loading config file by @josedonizetti in #3370
- Update the URL as the old one did not lead to the grafana tutorial an… by @AnaisUrlichs in #3371
- chore(docs): add note for quote yaml value by @geyslan in #3367
- chore: bump k8s tags to 0.17.1 by @josedonizetti in #3374
- bugfix(capture): remove CONFIG_KALLSYMS_ALL dependency by @AlonZivony in #3381
- docs: additional resources for the docs by @AnaisUrlichs in #3379
- feat: add tracee rpc service by @josedonizetti in #3389
- feat: add loggers atomic level by @josedonizetti in #3391
- Add grpc server by @josedonizetti in #3390
--help
flag parsing by @geyslan in #3393- feat: add diagnostic rpc by @josedonizetti in #3395
- Add grpc diagnostic by @josedonizetti in #3394
- fix: k8s policies tutorial by @josedonizetti in #3373
- chore(flags): change scope/event flag parsers by @geyslan in #3343
- fix: log level should match zap log priority by @josedonizetti in #3409
- fix: ignore error for cgroups that doesn't exist by @josedonizetti in #3410
- refactor: getStackAddresses doesn't return an err by @josedonizetti in #3414
- chore(revive): mitigate redundant warning by @rafaeldtinoco in #3417
- fix: committing typo by @testwill in #3418
- feature(types): add task identifier by @rafaeldtinoco in #3425
- fix(flags): use scope flag parser for policy by @geyslan in #3429
- fix: capture of writev by @roikol in #3413
- fix: fix section name for vfs_readv by @AlonZivony in #3421
- feat: filter file capture by ELF type by @AlonZivony in #3361
- docs: modifying readme by @AnaisUrlichs in #3378
- Fix(capture): fix verifier issue with elf capture by @AlonZivony in #3433
- fix: print_mem_dump fails on missing symbol by @NDStrahilevitz in #3384
- Revert "fix: print_mem_dump fails on missing symbol (#3384)" by @AlonZivony in #3436
- fix(definitions): ksymbols dependencies handled wrongly by @rafaeldtinoco in #3443
- feat: add streams by @josedonizetti in #3411
- Add definition proto by @josedonizetti in #3447
- feat: add argv to security_bprm_check by @AlonZivony in #3442
- Fix closed chan read 2 by @geyslan in #3438
- feat: add version proto by @josedonizetti in #3459
- feat: add version and description to definition by @josedonizetti in #3437
- Add enable/disable rule by @josedonizetti in #3431
- build(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 by @dependabot in #3452
- Update Readme.md by @AnaisUrlichs in #3434
- chore(revive): disable unchecked-type-assertion by @geyslan in #3474
- Rename
!container
andbinary
scope filters by @geyslan in #3451 - Add definition grpc endpoint by @josedonizetti in #3450
- feat: add enable/disable event rpc by @josedonizetti in #3467
- docs: adding guidelines on contributing to the documentation by @AnaisUrlichs in #3415
- docs: changes to the policies documentation by @AnaisUrlichs in #3416
- feature(proctree): Introduce a process tree by @rafaeldtinoco in #3364
- chore(libbpfgo): bump to v0.5.0-libbpf-1.2 by @geyslan in #3482
- chore(ebpf): not fail if some ksymbol is not found by @geyslan in #3476
- chore(tests): comment out init sighup test by @geyslan in #3483
- fix: remove params from event definition proto by @josedonizetti in #3485
- feat: add event enable/disable by @josedonizetti in #3466
- feat: add enable/disable event grpc endpoint by @josedonizetti in #3487
- feat: Add new event structure by @josedonizetti in #3465
- fix: regenerate definition.pb.go by @josedonizetti in #3490
- feat: add StreamEvents rpc by @josedonizetti in #3491
- fix: GetEventDefinition doesn't have params by @josedonizetti in #3492
- fix: rename policy apiVersion and kind by @josedonizetti in #3484
- fix(proctree): include thread group leader in threads LRU map by @rafaeldtinoco in #3494
- fix(ebpf): fix symbol name on error by @geyslan in #3497
- fix: stackaddress needs to have symbol name by @josedonizetti in #3499
- Revert "fix(ebpf): fix symbol name on error" by @geyslan in #3501
- feat: add event_data to event proto by @josedonizetti in #3496
- Add streams endpoint by @josedonizetti in #3493
- fix(packaging): adjust ubuntu and fedora packaging by @rafaeldtinoco in #3502
- fix(ebpf): triggerMemDump check all filters by @geyslan in #3504
- Types change for #3503 by @rafaeldtinoco in #3506
- events: add ftrace_hook event by @OriGlassman in #3412
- fix: fix uint and string types by @josedonizetti in #3507
- feat(event): export thread, process and parent entity id by @AlonZivony in #3503
- feat(types): add proctree datasource by @AlonZivony in #3509
- fix: make types uniform with wrappers by @josedonizetti in #3512
- fix: fix tactic, and int32_array names by @josedonizetti in #3514
- Chore build by @rafaeldtinoco in #3513
- Log probe attachment error, continue running by @geyslan in #3495
- fix: convert
[]trace.Argument
intomap<string,EventData>
by @josedonizetti in #3510 - fix: link cosign tutorial to mkdocs.yml by @josedonizetti in #3515
- fix(proctree): allow regular events to create proctree nodes by @rafaeldtinoco in #3498
- docs: Fix incorrect flags and usage documentation for unlinkat by @kdrag0n in #3306
- chore(vagrant): add support to arm64 architecture by @geyslan in #3464
- fix(Vagrantfile): wrong var reference by @geyslan in #3523
- docs: running tracee docker container on amd64 and arm64 by @AnaisUrlichs in #3456
- feat(proctree): create process tree data source by @rafaeldtinoco in #3522
- feat(types): add executable to event by @AlonZivony in #3524
- docs(contributing): update vagrant hypervisor info by @geyslan in #3525
- feature(proctree): enrich events with executable from proctree by @rafaeldtinoco in #3526
- chore(k8s): bump k8s tag to v0.18.0 by @rafaeldtinoco in #3527
New Contributors
- @pimvh made their first contribution in #3243
- @64J0 made their first contribution in #3260
- @testwill made their first contribution in #3418
- @kdrag0n made their first contribution in #3306
Full Changelog: v0.15.1...v0.18.0