Skip to content

Latest commit

 

History

History

secagentd

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
bpf
bpf
 
 
init
init
 
 
minijail
minijail
 
 
proto
proto
 
 
rsyslog
rsyslog
 
 
test
test
 
 
tmpfiles.d
tmpfiles.d
 
 
BUILD.gn
BUILD.gn
 
 
DIR_METADATA
DIR_METADATA
 
 
OWNERS
OWNERS
 
 
README.md
README.md
 
 
agent_plugin.cc
agent_plugin.cc
 
 
authentication_plugin.cc
authentication_plugin.cc
 
 
batch_sender.h
batch_sender.h
 
 
bpf_skeleton_wrappers.h
bpf_skeleton_wrappers.h
 
 
bpf_skeletons.cc
bpf_skeletons.cc
 
 
common.cc
common.cc
 
 
common.h
common.h
 
 
daemon.cc
daemon.cc
 
 
daemon.h
daemon.h
 
 
device_user.cc
device_user.cc
 
 
device_user.h
device_user.h
 
 
factories.cc
factories.cc
 
 
main.cc
main.cc
 
 
message_sender.cc
message_sender.cc
 
 
message_sender.h
message_sender.h
 
 
metrics_sender.cc
metrics_sender.cc
 
 
metrics_sender.h
metrics_sender.h
 
 
network_plugin.cc
network_plugin.cc
 
 
platform.cc
platform.cc
 
 
platform.h
platform.h
 
 
plugins.h
plugins.h
 
 
policies_features_broker.cc
policies_features_broker.cc
 
 
policies_features_broker.h
policies_features_broker.h
 
 
process_cache.cc
process_cache.cc
 
 
process_cache.h
process_cache.h
 
 
process_plugin.cc
process_plugin.cc
 
 
secagent.cc
secagent.cc
 
 
secagent.h
secagent.h
 
 

README.md

Secagentd

Overview

Secagentd is a daemon responsible for detecting and reporting security related events through ERP (Encrypted Reporting Pipeline) for forensic analysis.

It only works on Linux Kernel >= 5.10, in which the Berkeley Packet Filter syscalls are available.

Logging

Secagentd logs are located in /var/log/secagentd.log.