Release highlights and discussion
Changelog
703a7a9 add security_kernel_read_file lsm hook (#869)
c40c82c Update docs to be more targeted at users, rather than developers (#870)
238cc6e Update docs to take into account CO:RE default (#868)
fa7feae use tcp_connect kprobe to get tcp handshake packets (#861)
6df0969 Feature/event origin signature filter (#856)
c27e914 add lsm hooks to event sets (#863)
4c78ac3 tracee-ebpf: security_sb_mount: send exact argnum
5c84d60 tracee-ebpf: add SIGTERM support (#858)
2d2845f tracee-rules: evaluate parsed input with OPA (#829)
de4f865 tracee-ebpf: extend magic_write bytes (#853)
8684eea tracee-ebpf: fix 4th syscall param value
7aa2964 tracee-ebpf: add inode and dev to magic_write event
6a58448 tracee-ebpf: update external module
bbe411a tracee-ebpf: update timestamp in external func ToUnstructured()
f17c1d1 tracee-ebpf: Adjust MAX_PATH_COMPONENTS limit for kernels >= 5.2
4d0b1c8 tracee-ebpf: add epoch timestamp
443955e feat: Add ToUnstructured method to Event (#830)
bb6be11 tracee-ebpf: fix core compilation warnings (#838)
2991701 Add embed directive to embed the compiled CORE bpf object into go binary (#818)
f5240ae tracee-ebpf: fix print of preamble and epilogue
6da6c9f tracee-ebpf: add capture network to docs
8c463c7 tracee-ebpf: add network debug events and context
6516b25 tracee-ebpf: capture network activity
3a25e74 tracee-ebpf: add args and env to sched_process_exec event
4276fba skip printing out if library mode
247ffc9 fix panic due to slice outbound
a291eae Replace external package with go module (#824)
59acd66 add external package as a module
b3b7346 tracee-ebpf: fix incomplete path (#812)
2df1177 fix go rules requirement
4575262 fix help message
faa5614 Update tracee logo (#809)
ad3b86b tracee-ebpf: record context timestamp at sys_enter
8d69f42 test: Describe benchmarks for tracee-rules
31f21b8 adding Close API to signature interface adding Load/UnloadSignature functions to tracee-rules Engine
1fbc090 tracee-ebpf: improve output flag help
b8937fd tracee-ebpf: fix container id issues
c827ae0 fix(benchmark): Unprotected global variable processMemFileRegexp in golang.codeInjection.Init()
ef95ded fix(benchmark): Use uniquely identifiable sigs in BenchmarkEngineWithNSignatures
5fc8a52 fix: Unsynchronized send and close operations on signature channels
f773f88 fix bugs that caused panic when tracee API used from third party app
662a668 test: Add wasm target to tracee-rules benchmarks (#790)
ae07c82 Adding exportable channel into Config struct. In this way a third party entity can read from the channel without any dependencies with the tracee printers.
ef8d4ee fix clean target
05c11bf test: Benchmark rules engine based on number of signatures (#792)
741e7bb fix broken link (#791)
acf1752 test: Benchmark tracee-rules (#785)
06851ee tracee-ebpf: fix compilation on ubuntu
4bf8ca6 Add initial CO:RE support (#759)
cca5fa9 fix error that caused bpf code not to be loaded
422e86e tracee-ebpf: fix instruction count on kernels < 5.2 (#779)
6166346 add sched_process_exec and fix
Docker images
docker pull docker.io/aquasec/tracee:latestdocker pull docker.io/aquasec/tracee:0.6.0docker pull docker.io/aquasec/tracee:slimdocker pull docker.io/aquasec/tracee:slim-0.6.0