mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 00:33:50 +00:00
77e8b63470
Added package cgroup to orchestrate cgroups. Only support for cgroup2 was added to utilize because cgroup2 cgroups have unique IDs that can be used correlated with BPF events. Added bpf package that contains three BPF programs: execsnoop, opensnoop, and tcpconnect. The bpf package starts and stops these programs as well correlating their output with Teleport sessions and emitting them to the audit log. Added support for Teleport to re-exec itself before launching a shell. This allows Teleport to start a child process, capture it's PID, place the PID in a cgroup, and then continue to process. Once the process is continued it can be tracked by it's cgroup ID. Reduced the total number of connections to a host so Teleport does not quickly exhaust all file descriptors. Exhausting all file descriptors happens very quickly when disk events are emitted to the audit log which are emitted at a very high rate. Added tarballs for exec sessions. Updated session.start and session.end events with additional metadata. Updated the format of session tarballs to include enhanced events. Added file configuration for enhanced session recording. Added code to startup enhanced session recording and pass package to SSH nodes. |
||
|---|---|---|
| .. | ||
| dynamoevents | ||
| filesessions | ||
| firestoreevents | ||
| gcssessions | ||
| s3sessions | ||
| test | ||
| api.go | ||
| api_test.go | ||
| archive.go | ||
| auditlog.go | ||
| auditlog_test.go | ||
| codes.go | ||
| discard.go | ||
| doc.go | ||
| fields.go | ||
| filelog.go | ||
| forward.go | ||
| mock.go | ||
| multilog.go | ||
| recorder.go | ||
| sessionlog.go | ||
| slice.pb.go | ||
| slice.proto | ||
| uploader.go | ||
| writer.go | ||