opensnitch

mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00

History

Gustavo Iñiguez Goia 4ce8b0e57c ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.	2022-06-24 01:09:45 +02:00
..
connection.go	ebpf: improved process detection/new events module	2022-06-24 01:09:45 +02:00
connection_test.go	tests, conman: added new tests	2022-01-28 23:16:51 +01:00

Gustavo Iñiguez Goia 4ce8b0e57c ebpf: improved process detection/new events module

Improved process detections by monitoring new processes execution.
It allow us to know the path of a process before a socket is opened.

Closes #617

Other improvements:
 - If we fail to retrieve the path of a process, then we'll use the comm
   name of the connection/process.
 - Better kernel connections detection.
 - If debugfs is not loaded, we'll try to mount it, to allow to use
   eBPF monitor method.

Future work (help wanted):
 - Extract command line arguments from the kernel (sys_execve, or mm
   struct).
 - Monitor other functions (execveat, clone*, fork, etc).
 - Send these events to the server (GUI), and display all the commands
   an application has executed.

2022-06-24 01:09:45 +02:00

connection.go

ebpf: improved process detection/new events module

2022-06-24 01:09:45 +02:00

connection_test.go

tests, conman: added new tests

2022-01-28 23:16:51 +01:00