GitHub - jessfraz/bpfd: Framework for running BPF programs with rules on Linux a...
source link: https://github.com/jessfraz/bpfd
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
bpfd
Framework for running BPF programs with rules on Linux as a daemon. Container aware.
NOTE: WIP If you want to contribute see "How it Works" below and consider adding more example rules or programs. Thanks!!
How it Works
Currently the programs are in the programs/ folder. The idea is that you can add any tracers you would like and then create rules for them.
Programs
The programs that exist today are based off a few bcc-tools programs. Writing these requires knowledge of BPF but you can use the base provided here to create your own programs and add them in a fork, if you so wish for say an enterprise who doesn't want others to reverse engineer what they are tracing and how they alert.
Rules
These are toml files that hold some logic for what you would like to trace. You
can search for anything returned by a Program in it's map[string]string
data struct.
You can also filter based off the container runtime you would like to alert on.
Notifications
COMING SOON
There will also be an interface for notifications. That way you can send alerts on the rules you set up to Slack, email, or even run arbitrary code so you can kill a container, pause a container, or checkpoint a container to restore it elsewhere without even having to login to a computer.
Installation
To build, you need to have libbcc installed SEE INSTRUCTIONS HERE
Binaries
For installation instructions from binaries please visit the Releases Page.
Via Go
$ go get github.com/jessfraz/bpfdUsage
$ bpfd -h bpfd - Framework for running BPF programs with rules on Linux as a daemon. Usage: bpfd <command> Flags: -d enable debug logging (default: false) Commands: create Create one or more rules. daemon Start the daemon. ls List rules. rm Remove one or more rules. version Show the version information.
Recommend
-
174
My vim dot files. the .vimrc file is saved to vimrc. About Installing Just run the following commands via terminal to get perfec...
-
119
sshb0t A bot for keeping your ssh authorized_keys up to date with user's GitHub keys from https://github.com/{username}.keys. WARNING: Only use this if you have two factor auth enabled for...
-
118
weather Weather via the command line. Uses the darksky.net API so it's super accurate. Also includes any current weather alerts in the output.
-
102
README.md gitable
-
45
For a long time, Javascript was the lingua franca amongst web developers. If you wanted to write a stable, mature web app, writing in javascript was pretty much the only way to go. WebAssembly (also called wasm)...
-
54
README.md morningpaper2remarkable
-
36
README.md gmailfilters
-
50
Canonical has recently created a certain amount of uncertainty over how many 32-bit x86 programs are still going to run on Ubuntu 20.04 LTS and future versions. Statically linked 32-bit programs seem likely to keep workin...
-
7
WPF done the Elmish Way Never write a ViewModel class again! This library uses Elmish, an Elm architecture implemented in F#, to build WPF applications. Elmish was originally writt...
-
3
Files Permalink Latest commit message Commit time
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK