diff --git a/.github/workflows/charts.yaml b/.github/workflows/charts.yaml index 6e5c0ec..a88d792 100644 --- a/.github/workflows/charts.yaml +++ b/.github/workflows/charts.yaml @@ -107,7 +107,7 @@ jobs: go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@938f6e2f7550e542bd78f3b9e8812665db109e02 # @v1.1.0 make bin/protoc bin/goreleaser bash ./dev/run-kind-registry.sh - make ebpf generate + make generate ./bin/goreleaser release --snapshot --rm-dist make push-local-images cp dist/tarianctl_linux_amd64/tarianctl ./bin/ diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9f4863a..14cf477 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -125,7 +125,7 @@ jobs: go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@938f6e2f7550e542bd78f3b9e8812665db109e02 # @v1.1.0 make bin/protoc bin/goreleaser bash ./dev/run-kind-registry.sh - make ebpf generate + make generate ./bin/goreleaser release --snapshot --rm-dist make push-local-images cp dist/tarianctl_linux_amd64/tarianctl ./bin/ diff --git a/cmd/tarian-node-agent/cmd/mount_debugfs.go b/cmd/tarian-node-agent/cmd/mount_debugfs.go index 682a0ac..eb123ba 100644 --- a/cmd/tarian-node-agent/cmd/mount_debugfs.go +++ b/cmd/tarian-node-agent/cmd/mount_debugfs.go @@ -9,6 +9,7 @@ import ( // https://man7.org/linux/man-pages/man2/statfs.2.html const DebugFSMagic = 0x64626720 +// DebugFSRoot is the location of the DebugFS filesystem const DebugFSRoot = "/sys/kernel/debug" func isDebugFsMounted() bool { diff --git a/pkg/nodeagent/capture_exec.go b/pkg/nodeagent/capture_exec.go index fb37179..8f4ef1a 100644 --- a/pkg/nodeagent/capture_exec.go +++ b/pkg/nodeagent/capture_exec.go @@ -4,7 +4,6 @@ import ( "context" "fmt" - "github.com/aquasecurity/libbpfgo" "github.com/intelops/tarian-detector/pkg/detector" "github.com/intelops/tarian-detector/tarian" "github.com/sirupsen/logrus" @@ -52,9 +51,6 @@ type CaptureExec struct { ctx context.Context eventsChan chan ExecEvent // Channel for sending captured execution events shouldClose bool // Flag indicating whether the capture should be closed - bpfModule *libbpfgo.Module - bpfProg *libbpfgo.BPFProg - bpfRingBuffer *libbpfgo.RingBuffer nodeName string // The name of the node where the capture is running logger *logrus.Logger // Logger instance for logging eventsDetectorChan chan map[string]any @@ -106,7 +102,7 @@ func (c *CaptureExec) Start() error { } watcher.Start() - err = c.GetTarianDetectorEbpfEvents() + err = c.getTarianDetectorEbpfEvents() if err != nil { return fmt.Errorf("CaptureExec.Start: failed to get tarian detector events: %w", err) } @@ -172,7 +168,11 @@ func (c *CaptureExec) GetEventsChannel() chan ExecEvent { return c.eventsChan } -func (c *CaptureExec) GetTarianDetectorEbpfEvents() error { +// getTarianDetectorEbpfEvents retrieves Tarian detector EBPF events. +// +// No parameters. +// Returns an error. +func (c *CaptureExec) getTarianDetectorEbpfEvents() error { tarianEbpfModule, err := tarian.GetModule() if err != nil { fmt.Println("error while get tarian ebpf module: ", err) diff --git a/pkg/nodeagent/nodeagent.go b/pkg/nodeagent/nodeagent.go index 235e54f..bcffd33 100644 --- a/pkg/nodeagent/nodeagent.go +++ b/pkg/nodeagent/nodeagent.go @@ -59,7 +59,8 @@ func NewNodeAgent(logger *logrus.Logger, clusterAgentAddress string) (*NodeAgent eventsDetector, err := integrateTarianDetector(logger) if err != nil { - fmt.Errorf("error while integrate tarian detector: %v", err) + logger.Errorf("error while integrate tarian detector: %v", err) + cancel() return nil, fmt.Errorf("error while integrate tarian-detector: %w", err) } @@ -427,13 +428,13 @@ func (n *NodeAgent) RegisterViolationsAsNewConstraint(violation *ProcessViolatio func integrateTarianDetector(logger *logrus.Logger) (*detector.EventsDetector, error) { tarianEbpfModule, err := tarian.GetModule() if err != nil { - logger.Error("error while get tarian ebpf module: %v", err) + logger.Errorf("error while get tarian ebpf module: %v", err) return nil, fmt.Errorf("error while get tarian-detector ebpf module: %w", err) } tarianDetector, err := tarianEbpfModule.Prepare() if err != nil { - logger.Error("error while prepare tarian detector: %v", err) + logger.Errorf("error while prepare tarian detector: %v", err) return nil, fmt.Errorf("error while prepare tarian-detector: %w", err) } @@ -464,7 +465,7 @@ func (n *NodeAgent) loopTarianDetectorReadEvents(ctx context.Context) error { for { event, err := n.eventsDetector.ReadAsInterface() if err != nil { - n.logger.Errorf("tarian-detector: error while read event: %w", err) + n.logger.Errorf("tarian-detector: error while read event: %v", err) continue } @@ -488,6 +489,9 @@ func (n *NodeAgent) loopTarianDetectorReadEvents(ctx context.Context) error { return ctx.Err() } +// SendDetectionEventToClusterAgent sends a detection event to the cluster agent. +// +// It takes two parameters: detectionDataType of type string, and detectionData of type string. func (n *NodeAgent) SendDetectionEventToClusterAgent(detectionDataType, detectionData string) { req := tarianpb.IngestEventRequest{ Event: &tarianpb.Event{ diff --git a/pkg/server/ingestion_worker.go b/pkg/server/ingestion_worker.go index 13d646f..12e4233 100644 --- a/pkg/server/ingestion_worker.go +++ b/pkg/server/ingestion_worker.go @@ -56,6 +56,10 @@ func (iw *IngestionWorker) Start() { } buf, err := json.Marshal(event) + if err != nil { + iw.logger.WithError(err).Error("marshaling error: error while processing event") + continue + } event.ServerTimestamp = timestamppb.Now() logrus.Info(">> DEBUG IngestionWorker", "event", string(buf))