Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
Package bpf provides the shared scaffolding that BPF-backed live monitors across the daemon use: a common Backend interface, backend-kind constants for operator config, sentinel errors that distinguish "not built" from "kernel unsupported", and a per-feature backend metric.
|
Package bpf provides the shared scaffolding that BPF-backed live monitors across the daemon use: a common Backend interface, backend-kind constants for operator config, sentinel errors that distinguish "not built" from "kernel unsupported", and a per-feature backend metric. |
|
Package broadcast provides a one-to-many publish bus for alert.Finding events.
|
Package broadcast provides a one-to-many publish bus for alert.Finding events. |
|
Package control defines the wire protocol between the CSM daemon and its local command-line client.
|
Package control defines the wire protocol between the CSM daemon and its local command-line client. |
|
af_alg_bpfprog
Package af_alg_bpfprog hosts the BPF C source for the AF_ALG (CVE-2026-31431 "Copy Fail") kernel-side deny program and the generated Go bindings produced by bpf2go.
|
Package af_alg_bpfprog hosts the BPF C source for the AF_ALG (CVE-2026-31431 "Copy Fail") kernel-side deny program and the generated Go bindings produced by bpf2go. |
|
connection_bpfprog
Package connection_bpfprog hosts the BPF C source for the cgroup/connect outbound-connection tracker and the generated Go bindings produced by bpf2go.
|
Package connection_bpfprog hosts the BPF C source for the cgroup/connect outbound-connection tracker and the generated Go bindings produced by bpf2go. |
|
exec_bpfprog
Package exec_bpfprog hosts the BPF C source for the sched/sched_process_exec tracepoint live monitor and the generated Go bindings produced by bpf2go.
|
Package exec_bpfprog hosts the BPF C source for the sched/sched_process_exec tracepoint live monitor and the generated Go bindings produced by bpf2go. |
|
sensitive_file_bpfprog
Package sensitive_file_bpfprog hosts the BPF C source for the lsm/file_permission live monitor and the generated Go bindings produced by bpf2go.
|
Package sensitive_file_bpfprog hosts the BPF C source for the lsm/file_permission live monitor and the generated Go bindings produced by bpf2go. |
|
rollback
Package rollback implements the firewall settings tentative-apply workflow: a save with a deadline that auto-reverts unless the operator confirms before the timer expires.
|
Package rollback implements the firewall settings tentative-apply workflow: a save with a deadline that auto-reverts unless the operator confirms before the timer expires. |
|
Package geoip provides IP geolocation via MaxMind GeoLite2 databases and on-demand RDAP lookups for detailed ISP/org information.
|
Package geoip provides IP geolocation via MaxMind GeoLite2 databases and on-demand RDAP lookups for detailed ISP/org information. |
|
Package incident groups related security findings into a single "story" with a timeline.
|
Package incident groups related security findings into a single "story" with a timeline. |
|
Package log provides a structured-logging wrapper around log/slog.
|
Package log provides a structured-logging wrapper around log/slog. |
|
Package maillog reads postfix/dovecot log lines from either a tailed file or systemd-journald, normalizing them into a single Line type so the daemon's mail-brute and PHP-relay parsers don't have to care which source supplied the line.
|
Package maillog reads postfix/dovecot log lines from either a tailed file or systemd-journald, normalizing them into a single Line type so the daemon's mail-brute and PHP-relay parsers don't have to care which source supplied the line. |
|
Package metrics is CSM's local OpenMetrics implementation.
|
Package metrics is CSM's local OpenMetrics implementation. |
|
Package obs centralises crash reporting and selective error capture via Sentry.
|
Package obs centralises crash reporting and selective error capture via Sentry. |
|
Package platform detects the host OS, control panel, and web server so CSM checks can pick the right config/log paths instead of hardcoding cPanel+Apache layouts.
|
Package platform detects the host OS, control panel, and web server so CSM checks can pick the right config/log paths instead of hardcoding cPanel+Apache layouts. |
|
Package processctx maintains process context (PID/PPID/UID/account/exe/cmdline) for use enriching real-time security findings.
|
Package processctx maintains process context (PID/PPID/UID/account/exe/cmdline) for use enriching real-time security findings. |
|
Package sdnotify is a thin wrapper around go-systemd's daemon notification helpers.
|
Package sdnotify is a thin wrapper around go-systemd's daemon notification helpers. |
|
Package threatintel defines a pluggable interface for IP reputation providers and an Aggregator that combines their scores.
|
Package threatintel defines a pluggable interface for IP reputation providers and an Aggregator that combines their scores. |
|
Package updatecheck polls upstream release channels and tells the daemon whether a newer CSM version is available so the Web UI can surface a banner.
|
Package updatecheck polls upstream release channels and tells the daemon whether a newer CSM version is available so the Web UI can surface a banner. |
|
Package verdict implements an HMAC-signed HTTP client for the auto_response.verdict_callback hook.
|
Package verdict implements an HMAC-signed HTTP client for the auto_response.verdict_callback hook. |
|
Package yaraipc defines the wire protocol spoken between the CSM daemon and the supervised `csm yara-worker` child process.
|
Package yaraipc defines the wire protocol spoken between the CSM daemon and the supervised `csm yara-worker` child process. |
|
Package yaraworker implements the `csm yara-worker` subcommand: a child process that exists only to host the YARA-X cgo surface and reply to scan requests over a Unix socket.
|
Package yaraworker implements the `csm yara-worker` subcommand: a child process that exists only to host the YARA-X cgo surface and reply to scan requests over a Unix socket. |
Click to show internal directories.
Click to hide internal directories.