aquasecurity/tracee v0.6.5

on GitHub

Changelog

2bdb16e fix help on output flags (#1205)
8f7c296 add type of stdin in sched_process_exec (#1214)
e1352f8 get file types from inode struct instead of file_operations (#1213)
83155b2 tracee-ebpf: fix pid 0 with CO-RE
9ab89fa chore: install docker in the Vagrant vm (#1197)
d9cfba2 tracee-ebpf: turn CO-RE v4.18 and beyond compatible
e22f05b tracee-ebpf: comments for co-re type flavors
fd5a64b tracee-ebpf: fix kernfs_node CORE access in RHEL8
d2a942d wait for tracee-ebpf to load
15deef4 support writing to existing files
3354b32 move readiness file out of library to main
6f3ceee docs: Re-add section for MacOS (#1194)
7e2186f add ctime to security_file_open and fix variable type (#1167)
060b554 Checking /proc/sys/kernel/ftrace_enabled (#1152)
7f9c2dc fix reading sockaddr_in struct
7a6c1af tracee-ebpf: keep deleted containers
bbc98ed tracee-ebpf: reformat fixes
1b52e96 tracee-ebpf: reformat suggestions for better readability
0c87b72 tracee-ebpf: remove unneeded asm_inline clang mitigation
7474fcc Upgrade dependencies (#1176)
ea58aba tracee-ebpf: rename co-re headers
e9b0ed6 Fix linux headers broken link in readme
74ad130 tracee-ebpf: single vmlinux header file for CO-RE
3bedc4f tracee-ebpf: remove unused VM_LINUX_H from Makefile
c1ff3f6 tracee-ebpf: clean up unused task_struct fields
c5c96c3 tracee-ebpf: get rid of BPF_NO_PRESERVE_ACCESS_INDEX ifdefs
2c2b008 tracee-ebpf: fix CO-RE sk_protocol access in 5.6 kernels
5e9ead9 vmlinux: introduce vmlinux-flavored.h to contain flavored types
d23987b tracee-ebpf: CO-RE shouldn't rely in LINUX_VERSION_CODE
a2703cf vmlinux: unify x86_64 and arm64 vmlinux CO-RE header files
0b4c9a3 vmlinux.h: remove full vmlinux.h files
439943c vmlinux: create vmlinux-core.h for arm64 builds
2a5eceb vmlinux: introduce vmlinux-core for x86_64
c82f547 makefile: fix ordering of -Wno-* flags
dbbd970 fix: use alpine:3.15 as base image to build tracee (#1173)
a38f518 docs: use mkdocs macros plugin to specify version of tracee release artifacts (#1164)
e9a2527 docs: update mkdocs version dependency (#1168)
729fe32 docs: add git_semver variable to mkdocs (#1166)
0893a08 fix: install the tini package in the tracee:slim container image (#1162)
9962191 refactor: tests for Go signatures (#1128)
c75bd90 docs: fix formatting on eBPF Compilation page (#1163)
1cb78ec docs: add cgroupns=host docker option
ea71755 tracee-ebpf: filter containers using cgroup id
5198ee0 fix wrong type assertion (#1153)
d421bb9 tracee-ebpf: use cgroup id for container id resolution (#1130)
90ed35e tracee-ebpf: don't parse pointers when parse-arguments is chosen
11915a6 tracee-ebpf: introduce MemProtAlert type in external package
a22531c add READ_USER (#1147)
7df0e9b fix: using exec-hash instead of exec-info (#1144)

Docker images

• docker pull docker.io/aquasec/tracee:latest
• docker pull docker.io/aquasec/tracee:0.6.5
• docker pull docker.io/aquasec/tracee:slim
• docker pull docker.io/aquasec/tracee:slim-0.6.5