Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track setsid and creds changes #29

Open
haesbaert opened this issue May 28, 2024 · 1 comment
Open

Track setsid and creds changes #29

haesbaert opened this issue May 28, 2024 · 1 comment
Labels
TODO

Comments

@haesbaert
Copy link
Collaborator

ATM we get creds and are about to get sid, but we don't track changes in the process, we need more probes.
@haesbaert haesbaert added the TODO label May 28, 2024
@haesbaert
Copy link
Collaborator Author

haesbaert commented Jun 1, 2024
edited
Loading

I've got most of this working, but the EBPF events are not awesome, there is one for uid and one for gid, it also doesn't track capabilities changes, which is unfortunate.
I'll have to make changes to elastic/ebpf to be awesome and then continue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
TODO
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@haesbaert