一个框架用于运行带规则的BPF程序，在Linux上作为daemon存在

一个框架用于运行带规则的BPF程序，在Linux上作为daemon存在

bpfd

Framework for running BPF programs with rules on Linux as a daemon. Container aware.

NOTE: WIP If you want to contribute see "How it Works" below and consider adding more example rules or programs. Thanks!!

How it Works

Currently the programs are in the programs/ folder. The idea is that you can add any tracers you would like and then create rules for them.

Programs

The programs that exist today are based off a few bcc-tools programs. Writing these requires knowledge of BPF but you can use the base provided here to create your own programs and add them in a fork, if you so wish for say an enterprise who doesn't want others to reverse engineer what they are tracing and how they alert.

Rules

These are toml files that hold some logic for what you would like to trace. You can search for anything returned by a Program in it's map[string]string data struct.

You can also filter based off the container runtime you would like to alert on.

Notifications

COMING SOON

There will also be an interface for notifications. That way you can send alerts on the rules you set up to Slack, email, or even run arbitrary code so you can kill a container, pause a container, or checkpoint a container to restore it elsewhere without even having to login to a computer.

InstallationBinariesVia Go Usage

Installation

To build, you need to have libbcc installed SEE INSTRUCTIONS HERE

Binaries

For installation instructions from binaries please visit the Releases Page.

Via Go

$ go get github.com/jessfraz/bpfd

Usage

$ bpfd -hbpfd - Framework for running BPF programs with rules on Linux as a daemon.Usage: bpfd Flags: -d enable debug logging (default: false)Commands: create Create one or more rules. daemon Start the daemon. ls List rules. rm Remove one or more rules. version Show the version information.

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。