You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm glad to see that there is finally a concrete implementation of syscall hooking using eBPF. What do you think about adding static configurations to your solution in order to replace systems like Auditd ?
Thanks
The text was updated successfully, but these errors were encountered:
We've discussed having a config file, but haven't done any formal planning for it. How would you imagine it would work? I'm imagining a dotfile type configuration that could be placed in a known location per user and per machine, i.e., ~ and /etc/somewhere.
To my mind, it could be a global config file (/etc) where you define syscalls that you want to monitor. While hooking one of those syscalls, it would log the call in a file defined in the conf. And finally it would be possible to set filters on syscall args and return. That's how I see it but it can be done an other way.
Hello,
I'm glad to see that there is finally a concrete implementation of syscall hooking using eBPF. What do you think about adding static configurations to your solution in order to replace systems like Auditd ?
Thanks
The text was updated successfully, but these errors were encountered: