TracerManager

duetector.managers.tracer.PROJECT_NAME = 'duetector.tracer': Default project name for pluggy

duetector.managers.tracer.init_tracer(config) → Tracer | None[source]: Initialize tracer from config None means the tracer is not available Also the tracer can be disabled by config, Manager will discard disabled tracer

class duetector.managers.tracer.TracerManager(config: dict[str, Any] | None = None, *args, **kwargs)[source]

Bases: Manager

Manager for all tracers.

Tracers are initialized from config, and can be disabled by config.

config_scope: str | None = 'tracer': Config scope for TracerManager.

default_config = {'disabled': False, 'include_extension': True, 'template': {'disabled': False, 'sh': {}, 'sp': {}}}: Default config for Manager

property disabled: If current manager is disabled.

property include_extension: If include extensions

init(tracer_type=<class 'duetector.tracers.base.Tracer'>, ignore_disabled=True, include_template=True, *args, **kwargs) → list[Tracer][source]

Initialize all tracers from config.

Parameters:

tracer_type – Only return tracers of this type
ignore_disabled – Ignore disabled tracers
include_template – Include tracers from template, False when used to generate configuration.

pm: PluginManager: PluginManager instance

register(subpackage): Register subpackage to plugin manager

class duetector.managers.tracer.TracerTemplate(config: dict[str, Any] | None = None, *args, **kwargs)[source]

Bases: Configuable

Using template to generate tracers.

Tracers are initialized from config, and can be disabled by config. Tracer type is defined by _avaliable_tracer_type.

Example:

[tracer.template.sh]
pstracer = { "comm" = ["ps", "-aux"], config = { "enable_cache" = false } }

[tracer.template.sp]
randomtracer = { "comm" = ["cat", "/dev/random"], config = { "enable_cache" = false } }

TODO:

Example of tracer.template.sp is not working yet. Replace it with some CO-RE example

config_scope: str | None = None

default_config = {'disabled': False, 'sh': {}, 'sp': {}}: Default config for TracerTemplate.

property disabled: bool: Whether the template is disabled.

init() → list[Tracer][source]: Initialize all tracers from config.