Comments (8)
chriskaliX
commented on June 11, 2024
1
后续 todo:
- 继续强化 eBPF 学习和实践(包括 osquery 4.6.0 之后的bpf代码, eBPF summit 中 google 的视频等...)
- 后续采集模块检测内核版本,优先eBPF,失败回滚到 cn_proc
- 内核态 Hook 的继续学习,LSM、kprobe、tracepoint 等多种方案利弊
- 跟进 fb 的 eBPF CO-RE,继续学习
from hades.
chriskaliX
commented on June 11, 2024
这样嘛,我计划的是:普通机器用netlink,高版本的,例如k8s宿主机上用eBPF
from hades.
chriskaliX
commented on June 11, 2024
eBPF刚刚看了一点...我再学一学
from hades.
hz-kelpie
commented on June 11, 2024
from hades.
hz-kelpie
commented on June 11, 2024
关于eBPF三种部署方式可以参考 后续一起探索吧
from hades.
chriskaliX
commented on June 11, 2024
感谢大哥,我立马开始学习
from hades.
hz-kelpie
commented on June 11, 2024
关注你了 一起学习 我也在找HIDS好的HOOK方式,eBPF你到时候会觉得限制太多,Elkid的 ismod方式风险又太大了
from hades.
chriskaliX
commented on June 11, 2024
感谢~我也是这么觉得,Elkeid 的模式,以及我对他驱动模块不是很熟悉(万一报错不会debug就麻烦了)
from hades.
Related Issues (20)
- [BUG] HOT 3
- [Feature] Agent compatible to windows HOT 1
- [Feature] eBPF-Driver Plugin Compatible to Elkeid-agent HOT 1
- [BUG] Dport incorrect in CO-RE
- [Feature] Multi problems fix & feature support HOT 3
- [Feature] DNS IP/Port enhance HOT 1
- [BUG] Incorrect DNS data HOT 1
- [Feature] EDR-based feature HOT 1
- [Feature] Better performance to start ebpfdriver HOT 2
- [Feature] Easy install by curl and bash
- [Feature] Docs to work on Hades
- [Feature] Close the probe if limit hitted
- [BUG] kernel 4.19 not work HOT 7
- [BUG]pod_name is null HOT 2
- dns data is wrong HOT 2
- [feature] keep the plugins alive for 10mins if server is not available
- [Feature] Make collector support windows
- [BUG] stdout error HOT 4
- [BUG] edriver编译不过去 HOT 1
- [Feature] Extract process information by hooking tcp/udp sendmsg
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hades.