forked from gravitational/teleport
/
common.go
120 lines (95 loc) · 3.55 KB
/
common.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/*
* Teleport
* Copyright (C) 2023 Gravitational, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package bpf
import "C"
import (
"context"
"github.com/coreos/go-semver/semver"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
apievents "github.com/gravitational/teleport/api/types/events"
"github.com/gravitational/teleport/lib/utils"
)
// BPF implements an interface to open and close a recording session.
type BPF interface {
// OpenSession will start monitoring all events within a session and
// emitting them to the Audit Log.
OpenSession(ctx *SessionContext) (uint64, error)
// CloseSession will stop monitoring events for a particular session.
CloseSession(ctx *SessionContext) error
// Close will stop any running BPF programs.
Close(restarting bool) error
}
// SessionContext contains all the information needed to track and emit
// events for a particular session. Most of this information is already within
// srv.ServerContext, unfortunately due to circular imports with lib/srv and
// lib/bpf, part of that structure is reproduced in SessionContext.
type SessionContext struct {
// Context is a cancel context, scoped to a server, and not a session.
Context context.Context
// Namespace is the namespace within which this session occurs.
Namespace string
// SessionID is the UUID of the given session.
SessionID string
// ServerID is the UUID of the server this session is executing on.
ServerID string
// ServerHostname is the hostname of the server this session is executing on.
ServerHostname string
// Login is the Unix login for this session.
Login string
// User is the Teleport user.
User string
// PID is the process ID of Teleport when it re-executes itself. This is
// used by Teleport to find itself by cgroup.
PID int
// Emitter is used to record events for a particular session
Emitter apievents.Emitter
// Events is the set of events (command, disk, or network) to record for
// this session.
Events map[string]bool
}
// NOP is used on either non-Linux systems or when BPF support is not enabled.
type NOP struct {
}
// Close closes the NOP service. Note this function does nothing.
func (s *NOP) Close(bool) error {
return nil
}
// OpenSession opens a NOP session. Note this function does nothing.
func (s *NOP) OpenSession(_ *SessionContext) (uint64, error) {
return 0, nil
}
// CloseSession closes a NOP session. Note this function does nothing.
func (s *NOP) CloseSession(_ *SessionContext) error {
return nil
}
// IsHostCompatible checks that BPF programs can run on this host.
func IsHostCompatible() error {
minKernel := semver.New(constants.EnhancedRecordingMinKernel)
version, err := utils.KernelVersion()
if err != nil {
return trace.Wrap(err)
}
if version.LessThan(*minKernel) {
return trace.BadParameter("incompatible kernel found, minimum supported kernel is %v", minKernel)
}
if err = utils.HasBTF(); err != nil {
return trace.Wrap(err)
}
return nil
}