Thanks to visit codestin.com
Credit goes to github.com

Skip to content

bombinisecurity/bombini

BranchesTags

Repository files navigation

Bombini: eBPF-based Security Monitoring Agent

Bombini logo

License CI Book

Bombini is an eBPF-based security agent written entirely in Rust using the Aya library and built on LSM (Linux Security Module) BPF hooks. At its core, Bombini employs modular components called Detectors, each responsible for monitoring and reporting specific types of system events.

Getting Started

Please, check the compatibility issues first.

The most convenient way now is to build container with Bombini:

git clone https://github.com/bombinisecurity/bombini.git && \
cd ./bombini && \
docker build  -t bombini .

Run

You can easily run Bombini with this command:

docker run --pid=host --rm -it --privileged -v /sys/fs/bpf:/sys/fs/bpf bombini

By default Bombini sends event to stdout in JSON format and starts only ProcMon detector intercepting process execs and exits. To customize your Bombini setup, please, follow the configuration guide and mount config directory to the container:

docker run --pid=host --rm -it --privileged -v <your-config-dir>:/usr/local/lib/bombini/config:ro  -v /sys/fs/bpf:/sys/fs/bpf bombini

Build

To build Bombini from source, please, follow build guide.

Contributing

Please, check out CONTRIBUTING.md for the contributing guideline.

About

eBPF Security Monitoring Agent Based on Aya

Topics

kubernetes security kernel k8s aya ebpf observability bpf lsm runtime-security

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

36 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Contributors 2

Languages