Giters

anvaypatil / ebpf_lsm_rs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

BPF-Rust

  • tracing execve calls
  • added lsm hooks with applying hooks preventing the sys call

To get started

  • Download git version of libbpf-rs by git clone
  • Move to the directory of libbpf-rs.
  • cargo install --path libbpf-rs/libbpf-cargo
  • cargo new bpf-rs
  • Adding entries to toml file
[dependencies]
anyhow = "1.0"
libbpf-rs = {path = "../libbpf-rs/libbpf-rs"}
libc = "0.2"

To Run it

  • make
  • sudo <exec-file>
  • to see the trace_pipe sudo cat /sys/kernel/tracing/trace_pipe

About

Languages

Language:Rust 46.2%Language:C 36.6%Language:Makefile 17.2%