<https://asciinema.org/a/305585>
# ebpfa
alessandrogario
02/27/2020, 5:06 PM
c
CptOfEvilMinions
02/27/2020, 5:24 PMThis is EXTREMELY exciting!!!!! Keep up the good work!
a
alessandrogario
02/27/2020, 5:25 PM
Thanks! 😄
c
CptOfEvilMinions
02/27/2020, 5:26 PMQq, have you open sourced the Osquery binary/extension that can perform this action?
I would love to test this out without having to compile Osquery
CptOfEvilMinions
02/27/2020, 5:27 PMWould love to compare this implementation to the standard AuditD implementation to monitor processes
a
alessandrogario
02/27/2020, 5:30 PM
I can build you a package if you want
alessandrogario
02/27/2020, 5:31 PM
this is in core (not an extension), and will eventually open source everything (the library used to generate the events is already on github)
alessandrogario
02/27/2020, 5:34 PM
demo package for bpf_process_events.
Start with:
--disable_events=false
--enable_bpf_process_events=true
Requires Ubuntu >= 18.10 (or kernel >= 4.18)
c
CptOfEvilMinions
02/27/2020, 5:50 PM❤️
7 Views