diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b19dfef..8997b05 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,3 +61,61 @@ jobs: goreleaser release --clean --rm-dist env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Run GoReleaser Docker Push + if: | + (github.event_name == 'push' && github.ref == 'refs/heads/main') || + (github.event_name == 'pull_request' && + github.event.action == 'closed' && + github.event.pull_request.merged == true && + github.event.pull_request.base.ref == 'main') + run: | + export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} + goreleaser release --rm-dist --skip-publish --snapshot + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Download BPF object file + run: | + gh release download --repo SentinalFS/file-monitor --clobber --pattern "monitor.bpf.o" + env: + GH_TOKEN: ${{ github.token }} + + - name: Decide to push or not + id: decide + run: | + if [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then + echo "PUSH=true" >> $GITHUB_ENV + else + echo "PUSH=false" >> $GITHUB_ENV + fi + + - name: Build Image + if: env.PUSH == 'false' + run: | + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --build-arg TARGETARCH=amd64 \ + --file Dockerfile \ + -t siddh34/go-ebpf-logger:latest \ + . + + - name: Login to DockerHub + if: env.PUSH == 'true' + run: echo "${{ secrets.DOCKER_ACCESS_TOKEN }}" | docker login -u "siddh34" --password-stdin + + - name: Build & Push Docker images + if: env.PUSH == 'true' + run: | + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --file Dockerfile \ + --push \ + -t siddh34/go-ebpf-logger:latest \ + . \ No newline at end of file diff --git a/.gitignore b/.gitignore index aa75097..21f9c9a 100644 --- a/.gitignore +++ b/.gitignore @@ -28,4 +28,7 @@ go.work.sum dist # object files -monitor.bpf.o \ No newline at end of file +monitor.bpf.o + +# log files +*.log \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9269eec --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM debian:stable-slim + +WORKDIR /app + +COPY dist/go-ebpf-logger_linux_amd64_v1/go-ebpf-logger /app/go-ebpf-logger + +COPY monitor.bpf.o /app/monitor.bpf.o + +RUN chmod +x /app/go-ebpf-logger + +ENTRYPOINT ["/app/go-ebpf-logger"] \ No newline at end of file diff --git a/VERSION.txt b/VERSION.txt index 7bcd0e3..6812f81 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -0.0.2 \ No newline at end of file +0.0.3 \ No newline at end of file diff --git a/bpf/pin_maps.go b/bpf/pin_maps.go deleted file mode 100644 index c39a5fb..0000000 --- a/bpf/pin_maps.go +++ /dev/null @@ -1,28 +0,0 @@ -package bpf - -import ( - "os" - - "github.com/cilium/ebpf" - - "fmt" - - "go-ebp-logger/constants" -) - -func pinMaps(m *ebpf.Map) error { - if m != nil { - path := "/sys/fs/bpf/" + constants.InodeMapName - if err := os.Remove(path); err != nil && !os.IsNotExist(err) { - fmt.Printf("Warning: failed to remove existing pin at %s: %v", path, err) - } - if err := m.Pin(path); err != nil { - fmt.Printf("Failed to pin map %s to %s: %v", constants.InodeMapName,path, err) - } - fmt.Printf("Map %s pinned succesfully", constants.InodeMapName) - return nil - } - - fmt.Printf("Map %s not found", constants.InodeMapName) - return fmt.Errorf("no map was pinned") -} \ No newline at end of file diff --git a/bpf/setup.go b/bpf/setup.go index 04b80ed..2f3ae6e 100644 --- a/bpf/setup.go +++ b/bpf/setup.go @@ -33,12 +33,6 @@ func SetupBPF(bpfObj string) (*ebpf.Map, *ebpf.Map, func()) { links = append(links, &kp) } - monitored_inode_map := coll.Maps["monitored_inodes"] - err = pinMaps(monitored_inode_map) - if err != nil { - panic(err) - } - events := coll.Maps["events"] if events == nil { fmt.Printf("Map 'events' not found\n") diff --git a/build-docker.sh b/build-docker.sh new file mode 100755 index 0000000..78ef1d4 --- /dev/null +++ b/build-docker.sh @@ -0,0 +1,67 @@ +echo "Enter version of file monitor to use with docker (e.g. 1.0.0):" + +if [ -z "$1" ]; then + read -r version +else + version="$1" +fi + +echo "Building Docker image with version: $version" + +if ! command -v gh &> /dev/null; then + echo "gh CLI is not installed. Please install it first and proceed with authentication." + exit 1 +fi + +if ! gh auth status &> /dev/null; then + echo "You are not authenticated with GitHub CLI. Please authenticate first." + exit 1 +fi + +gh release download v${version} --repo SentinalFS/file-monitor --clobber --pattern "monitor.bpf.o" + +if [ $? -ne 0 ]; then + echo "Failed to download the file monitor binary. Please check the version and try again." + exit 1 +fi + +echo "Running go releaser" + +if ! command -v go &> /dev/null; then + echo "Go is not installed. Please install Go and try again." + exit 1 +fi + +if ! command -v goreleaser &> /dev/null; then + echo "Goreleaser is not installed. Please install Goreleaser and try again." + exit 1 +fi + +goreleaser release --snapshot --skip=publish --clean + + +if docker --version &> /dev/null; then + echo "Docker is installed. Proceeding with build." +else + echo "Docker is not installed. Please install Docker and try again." + exit 1 +fi + +arch=$(uname -m) +if [ "$arch" = "aarch64" ] || [ "$arch" = "arm64" ]; then + echo "Detected ARM architecture. Building Docker image for ARM." + docker build -t go-logger-arm:latest -f Dockerfile.amd64 --build-arg TARGETARCH=arm64 . + if [ $? -ne 0 ]; then + echo "Docker build for ARM failed." + exit 1 + fi +elif [ "$arch" = "x86_64" ]; then + echo "Detected x86_64 architecture. Building Docker image for x86_64." + docker build -t go-logger-amd64:latest -f Dockerfile.amd64 --build-arg TARGETARCH=amd64 . + if [ $? -ne 0 ]; then + echo "Docker build for x86_64 failed." + exit 1 + fi +else + echo "Non-ARM architecture detected. No additional ARM build required." +fi \ No newline at end of file diff --git a/changelog.json b/changelog.json new file mode 100644 index 0000000..3197cd8 --- /dev/null +++ b/changelog.json @@ -0,0 +1,20 @@ +[ + { + "version": "0.0.3", + "changes": [ + "Removed map pinning" + ] + }, + { + "version": "0.0.2", + "changes": [ + "Updated maps" + ] + }, + { + "version": "0.0.1", + "changes": [ + "Initial release with basic functionality." + ] + } +] \ No newline at end of file diff --git a/models/models.go b/models/models.go index a9b7c9a..ebd1c7b 100644 --- a/models/models.go +++ b/models/models.go @@ -1,22 +1,28 @@ package models type BaseEventData struct { - Pid uint32 - Uid uint32 - Filename [144]byte - Comm [32]byte - Timestamp uint64 - CgroupId uint64 - Otype [16]byte + Pid uint32 + Uid uint32 + Filename [176]byte + ParentFilename [176]byte + Inode uint64 + Comm [32]byte + Timestamp uint64 + CgroupId uint64 + Otype [16]byte } type RenameData struct { - Pid uint32 - Uid uint32 - OldFileName [144]byte - NewFileName [144]byte - Comm [32]byte - Timestamp uint64 - CgroupId uint64 - Otype [16]byte -} \ No newline at end of file + Pid uint32 + Uid uint32 + OldFileName [176]byte + OldParentFilename [176]byte + NewFileName [176]byte + NewParentFilename [176]byte + InodeOld uint64 + InodeNew uint64 + Comm [32]byte + Timestamp uint64 + CgroupId uint64 + Otype [16]byte +}