Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Command-Line Flags Parsing for Capture and Signatures (Deprecated) #4450

Closed
14 tasks
ShohamBit opened this issue Dec 18, 2024 · 1 comment
Closed
14 tasks

Implement Command-Line Flags Parsing for Capture and Signatures (Deprecated) #4450

ShohamBit opened this issue Dec 18, 2024 · 1 comment
Assignees
@ShohamBit
Labels
kind/feature

Comments

@ShohamBit
Copy link
Collaborator

Background
Although capture and signatures configurations are slated for deprecation, we still need to support them for backward compatibility. Users should be able to configure these options via command-line flags. We will mark these as deprecated internally and show warnings if they are used.

Tasks

Capture Flags (Deprecated)

  • --capture file-write.enabled=<true/false>: Enable or disable capture of written files.
  • --capture file-write.filters=<filter> (repeatable): Set filters for captured file writes.
  • --capture file-read.enabled=<true/false>: Enable or disable capture of read files.
  • --capture file-read.filters=<filter> (repeatable): Set filters for captured file reads.
  • --capture executable.enabled=<true/false>: Capture executed files.
  • --capture kernel-modules.enabled=<true/false>: Capture loaded kernel modules.
  • --capture bpf-programs.enabled=<true/false>: Capture loaded BPF programs.
  • --capture memory-regions.enabled=<true/false>: Capture memory regions with changed protections.
  • --capture network.enabled=<true/false>: Capture network traffic.
  • --capture network.pcap=<mode>: Set pcap file splitting mode.
  • --capture network.pcap-options=<options>: Set pcap options.
  • --capture network.pcap-snaplen=<snaplen>: Set pcap snaplen.

Signatures Flags (Deprecated)

  • --signatures search-paths=<path> (repeatable): Add paths to search for signatures.
  • --signatures rego=<settings>: Configure Rego-based signature settings.

Acceptance Criteria

  • All capture and signatures flags parse correctly and produce no errors under valid usage.
  • Deprecation warnings are displayed whenever these flags are used, guiding users to updated configuration approaches.
  • The parsed settings integrate with the rest of the configuration, though these features may be removed or replaced in the future.

Why This Matters
Maintaining support for deprecated fields ensures a smooth transition for users who rely on older configurations. By still allowing these settings, we reduce disruptions and give users time to adapt to newer, recommended configurations.
@ShohamBit ShohamBit mentioned this issue Dec 18, 2024
Open
@ShohamBit ShohamBit self-assigned this Dec 19, 2024
@yanivagman
Copy link
Collaborator

Part of #4453

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ShohamBit ShohamBit

Labels
kind/feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yanivagman @ShohamBit