Skip to content

Commit

Permalink
feat: add the instantiation of file integrity module with kprobes bac…
Browse files Browse the repository at this point in the history 
…kend
  • Loading branch information
@pkoutsovasilis
pkoutsovasilis committed Jan 31, 2024
1 parent 111d186 commit 3f37f74
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion auditbeat/module/file_integrity/eventreader_fsnotify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"errors"
"fmt"
"path/filepath"
"runtime"
"syscall"
"time"

Expand All @@ -43,6 +44,18 @@ type reader struct {

// NewEventReader creates a new EventProducer backed by fsnotify.
func NewEventReader(c Config) (EventProducer, error) {

if runtime.GOOS == "linux" {
switch c.ForceBackend {
case BackendKProbes:
return &kProbesReader{
config: c,
log: logp.NewLogger(moduleName),
parsers: FileParsers(c),
}, nil
}
}

return &reader{
config: c,
log: logp.NewLogger(moduleName),
Expand Down Expand Up @@ -109,7 +122,7 @@ func (r *reader) enqueueEvents(done <-chan struct{}) (events []*Event) {
for {
ev := r.nextEvent(done)
if ev == nil {
return
return events
}
events = append(events, ev)
}
Expand Down

0 comments on commit 3f37f74

Please sign in to comment.