github aquasecurity/tracee v0.6.4

latest releases: v0.22.3, v0.22.2, v0.22.1...
2 years ago

Changelog

f4788a5 tracee-ebpf: fix events sent in parallel to raw_sys_exit event
71f8ff2 use plain addr argument (#1141)
df364f3 add user namespace to slim_cred struct (#1137)
cd63e86 adding ctime to sched-process-exec event. Resolves: #1075
611c200 Update Readme.md (#1078)
dc6f3af Add option for raw arguments from various event flags (#1123)
95aa7af tracee.bpf: fix READ_KERN incompat ptr type discards
6d90e79 tracee-ebpf: fix arm64 build
74a14b5 test: even params formatter (#1100)
c999952 docs: fix formatting on prerequisites page (#1126)
a67b8cc init_module capture (#1122)
0fb7fca deploy: update postee manifest with tolerations and resource limits (#1060)
4389a4a add socket_dup (#1064)
25990c6 add security_kernel_post_read_file and capture kernel modules (#1080)
7b98707 add more process names to allowlist (#1118)
7ab6bf6 add cgroup release_agent modification signature (#1116)
cd216b8 removing '--security-alerts' flag. Resolves: #1106
409becc Only remove a process from the process tree filter map if it's a tgid (#1079)
340d04f tracee-ebpf: CO-RE: add GET_FIELD_ADDR macro
09476a0 tracee-ebpf: read exec arguments without a loop
f943d7f feat: Refactor clang version check and fix a panic (#1097)
cf3b4cc feat: Add tests for checkRequiredCapabilities() (#1088)
b029d07 Fix tracee-ebpf compilation on RHEL-likes (#1052)
020949d feat: Update tracee-rules base image to golang:1.17-buster (#1082)
aa6fa83 Add more tests for prepareCapture (#1087)
719d6ae tracee-ebpf: fix verifier issue on kernel 4.19
f878b19 Revert "tracee-ebpf: fix switch_task_ns verifier issue"
a8bca3e tracee-ebpf: use syscall_data_map to detect syscall
dee2e5e tracee-ebpf: fix switch_task_ns verifier issue
766ec87 tracee-ebpf: simplify syscall data saving
7e671f2 tracee-ebpf: fix commit_creds verifier issue
0b0ac4f Add etcd to exempted process list
cc7f8f0 fix type of security_kernel_read_file event

Docker images

  • docker pull docker.io/aquasec/tracee:latest
  • docker pull docker.io/aquasec/tracee:0.6.4
  • docker pull docker.io/aquasec/tracee:slim
  • docker pull docker.io/aquasec/tracee:slim-0.6.4

Don't miss a new tracee release

NewReleases is sending notifications on new releases.