willfindlay / suidsnoop
suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.
☆14Updated 2 years ago
Related projects: ⓘ
- A cargo-generate template for Rust eBPF Projects using Aya☆72Updated last month
- Example BPF program with LSM hooks☆31Updated 3 years ago
- Making containers more secure with eBPF and Linux Security Modules (LSM)☆212Updated 3 months ago
- A Rust library for managing eBPF programs.☆114Updated 6 months ago
- The Aya Book is an introductory book about using the Rust Programming Language and Aya library to build extended Berkley Packet Filter (e…☆73Updated 2 weeks ago
- A curated list of awesome eBPF 🐝 projects using aya-rs and Rust 🦀☆97Updated 4 months ago
- 🐝 BPFBox 📦 Exploring process confinement in eBPF☆98Updated 8 months ago
- Kit for building Falco drivers: kernel modules or eBPF probes☆64Updated last week
- Simple BPF static linker☆182Updated this week
- Trace deep kernel events through eBPF and lsm hooks☆32Updated 3 years ago
- BTF introspection tool☆27Updated last month
- ☆132Updated last week
- An eBPF program debugger☆193Updated 2 years ago
- ☆20Updated this week
- ☆11Updated last year
- A file system events notifier based on eBPF☆54Updated last year
- A logging library for eBPF programs.☆22Updated 2 years ago
- ☆110Updated last year
- ☆18Updated 3 years ago
- LSM BPF module to block pwnkit (CVE-2021-4034) like exploits☆20Updated 2 years ago
- A VMM implementation based of rust-vmm components☆146Updated last week
- Fork from git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git (unstable and force pushed!)☆20Updated last year
- agent for handling seccomp descriptors for container runtimes☆41Updated 7 months ago
- Harness for the Linux kernel eBPF verifier☆32Updated 2 years ago
- Source-code based coverage for eBPF programs actually running in the Linux kernel☆129Updated 2 years ago
- monitor and protect SSH sessions with eBPF☆65Updated 3 years ago
- Rust bindings to libbpf from the Linux kernel☆193Updated 3 weeks ago
- ptrace-based event producer for udig☆66Updated 2 years ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆136Updated 2 years ago