Skip to content
This repository has been archived by the owner on Oct 23, 2023. It is now read-only.

Use eBPF to get events of new created processes #411

Open
izissise opened this issue Jul 31, 2021 · 1 comment
Open

Use eBPF to get events of new created processes #411

izissise opened this issue Jul 31, 2021 · 1 comment

Comments

@izissise
Copy link
Contributor

izissise commented Jul 31, 2021
edited

Use eBPF to get events on newly created processes (https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/)

Maybe this could be activated with a CLI flags, so older kernels are still supported using current starting method

https://github.com/iovisor/bcc/blob/master/tools/execsnoop.py
@izissise izissise changed the title Make ananicy a continually running program Use eBPF to get events of new created processes Jul 31, 2021
@aviallon
Copy link

Very interesting. Thank you for that :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@izissise @aviallon