Dev

[vsilent]

This pull request introduces several significant updates across the codebase, focusing on eBPF syscall monitoring, alerting enhancements, improved notification configuration (especially for email), and database schema changes. It also includes some infrastructure and configuration improvements.

Key highlights:

• The eBPF component now implements real syscall monitoring and event structures.
• Alert types, severity, and status enums now support parsing from strings, and the alerting module is extended for rule-based alerts.
• Notification configuration is enhanced to support SMTP/email delivery with new builder and accessor methods.
• Schema migrations add a new ip_offenses table and improve indexing for alerts and offenses.
• Several configuration and versioning updates are included for better development and deployment workflows.

---

eBPF Syscall Monitoring

• Implemented eBPF syscall monitoring programs for execve, connect, openat, and ptrace, including event data structures and a ring buffer for event delivery in ebpf/src/maps.rs and ebpf/src/syscalls.rs. [1] [2]
• Added panic handler and modularized eBPF main, preparing for actual event handling.
• Introduced nightly toolchain configuration for eBPF and removed obsolete cargo config. [1] [2]

Alerting System Enhancements

• Added FromStr implementations for AlertType, AlertSeverity, and AlertStatus, enabling parsing from strings and simplifying conversions. [1] [2] [3]
• Changed AlertType to be Copy for efficiency and updated usage accordingly. [1] [2]
• Integrated alert rules into the alerting module and re-exported AlertRule. [1] [2]

Notification Configuration Improvements

• Expanded NotificationConfig to support SMTP/email notifications, including new builder and accessor methods for SMTP credentials and recipients. [1] [2] [3] [4]
• Refactored notification channel logic to check for complete configuration before enabling a channel.
• Updated imports to support new email notification logic.

Database Schema and Migrations

• Added new ip_offenses table with indexes for tracking offending IP addresses and their status. [1] [2]
• Added index on container_id in alerts for improved query performance.

Infrastructure, Versioning, and Configuration

• Updated version numbers in Cargo.toml, README.md, and VERSION.md to 0.2.1. [1] [2] [3]
• Changed default app port mapping in docker-compose.yml from 8080 to 5000.
• Added dependencies for email and testing (lettre, actix-test, awc). [1] [2]

---

These changes collectively improve the observability, configurability, and extensibility of the Stackdog platform, especially around security event monitoring and alerting.