ingraind is a security monitoring agent built around RedBPF for complex containerized environments and endpoints. The ingraind agent uses eBPF probes to provide safe and performant instrumentation for any Linux-based environment.
InGrain provides oversight of assets and risks:
- Your customer data - an employee copying your customer database to their personal cloud store.
- Your infrastructure - an attacker executing a zero day attack to gain access to your web servers.
- Your resources - malware using your users machines compute resources to mine cryptocurrency.
This is what
curl https://redsift.com looks like if seen through ingraind:
- LLVM/Clang version 9 or newer
- Rust toolchain rustup.rs
- Linux 4.15 kernel or newer including kernel headers
The usual Rust compilation ritual will produce a binary in
$ cargo build --release
or for a kernel version other than the running one:
$ export KERNEL_VERSION=1.2.3 $ cargo build --release
or with a custom kernel tree path (needs to include generated files):
$ export KERNEL_SOURCE=/build/linux $ cargo build --release
ingraind compatible with the
musl target on
which you can build like so:
$ cargo build --release --target=x86_64-unknown-linux-musl
Build a docker image
To build a Docker image, use the instructions above to build an
ingrain binary for the desired kernel. By default, the Dockerfile will
assume you've built
ingraind for the
$ docker build .
You can specify an arbitrary
ingraind binary by setting the
BINARY_PATH environment variable:
$ docker build --build-arg BINARY_PATH=./target/x86_64-unknown-linux-musl/release/ingraind .
Configuration & Run
$ ./target/release/ingraind config.toml
Depending on the backends used in the config file, some secrets may need to be
passed as environment variables. These are documented in
config.toml.example, which should be a good starting point,
and a sane default to get
ingraind running, printing everything to the standard output.
bpf directory contains the BPF programs written in C. These are compiled
build.rs, and embedded in the final binary, and will be managed by the
ingraind-probes directory contains the BPF programs written in Rust.
For more information, take a look at the Wiki
Red Sift is hiring
Check out our Careers page for a list of open positions!