Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Shell

Dart

JavaScript

Zig

F#

CSS

Julia

Emacs Lisp

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Perl

Elm

Crystal

Nix

Python

Scala

Ada

TypeScript

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇦🇼 Aruba

🇦🇱 Albania

🇧🇾 Belarus

🇧🇯 Benin

🇲🇩 Moldova

🇧🇩 Bangladesh

🇵🇰 Pakistan

🇲🇻 Maldives

All Countries Compare Countries

deepfence/ebpfguard

Stars
270
Rank 149,016 (Top 3 %)
Language
Rust
License
Apache License 2.0
Created over 1 year ago
Updated 5 months ago

deepfence/ebpfguard

deepfence

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Rust library for writing Linux security policies using eBPF

Ebpfguard

Ebpfguard is a library for managing Linux security policies. It is based on LSM hooks, but without necessity to write any kernel modules or eBPF programs directly. It allows to write policies in Rust (or YAML) in user space.

It's based on eBPF and Aya library, but takes away the need to use them directly.

Usage example

Deny mount operation for all users.

    const BPF_MAPS_PATH: &str = "/sys/fs/bpf/example_sb_mount";

    // Create a directory where ebpfguard policy manager can store its BPF
    // objects (maps).
    std::fs::create_dir_all(BPF_MAPS_PATH)?;

    // Create a policy manager.
    let mut policy_manager = PolicyManager::new(BPF_MAPS_PATH)?;

    // Attach the policy manager to the mount LSM hook.
    let mut sb_mount = policy_manager.attach_sb_mount()?;

    // Get the receiver end of the alerts channel (for the `file_open` LSM
    // hook).
    let mut sb_mount_rx = sb_mount.alerts().await?;

    // Define policies which deny mount operations for all processes (except
    // for the specified subject, if defined).
    sb_mount
        .add_policy(SbMount {
            subject: PolicySubject::All,
            allow: false,
        })
        .await?;

    if let Some(alert) = sb_mount_rx.recv().await {
        info!(
            "sb_mount alert: pid={} subject={}",
            alert.pid, alert.subject
        );
    }

Imports and cargo file are available in example source code. For more check out examples doc.

Supported LSM hooks

LSM hooks supported by Ebpfguard are:

Prerequisites

Check prerequisites doc to set up your environment.

Development

Check development doc for compillation and testing commands.

Get in touch

Thank you for using Ebpfguard. Please feel welcome to participate in the Deepfence community.

Deepfence Community Website
Got a question, need some help? Find the Deepfence team on Slack
Got a feature request or found a bug? Raise an issue

Find out more at deepfence.io

License

Ebpfguard's userspace part is licensed under Apache License, version 2.0.

eBPF programs inside ebpfguard-ebpf directory are licensed under GNU General Public License, version 2.

ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

SecretScanner

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

PacketStreamer

⭐ ⭐ Distributed tcpdump for cloud native environments ⭐ ⭐

YaraHunter

🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

FlowMeter

⭐ ⭐ Use ML to classify flows and packets as benign or malicious. ⭐ ⭐

community

Deepfence Community

deepfence_runtime_api

Deepfence Runtime API & code samples

vessel

Vessel is the Go based utility that autodetects underlying Container Runtime in Kubernetes

ThreatStryker-docs

ThreatStryker Documentation

package-scanner

DocumentationWebsite

terraform-gcp-cloud-scanner

Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console

yara-rules

terraform-aws-cloud-scanner

Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console

helm-charts

terraform-azure-cloud-scanner

Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console

CI-CD-Integrations

CI/CD plugins for image scanning, integrations with AWS ECR, Google Container Registry

secretscanner-docker-extension

⛴️ Docker extension for deepfence/SecretScanner 🔐

terraform-aws-threatmapper

ThreatMapper Terraform module for AWS

yarahunter-docker-extension

⛴️Docker extension for deepfence/YaraHunter🔎

pcap-tools

compliance

Compliance Scripts Handler

agent-plugins-grpc

Agent plugins' gRPC definitions

apache-struts

This repository contains sample attacks that can be used to exploit vulnerabilities in the Jakarta Multipart Parser of Apache Struts

.github

sock-app-canary

golang_deepfence_sdk

Golang deepfence SDK

kubernetes-scanner

Kubernetes Security Posture Management

open-tracer

Open tracer that uses eBPF kernel features

threatmapper-python-client

ThreatMapper python client

ebpfguard-blog-example

Sample of eBPFGuard capabilities for upcoming blogpost.

ThreatMapperWorkshop

CNAPP Security Workshop using ThreatMapper

deepfence-playground

Deepfence's Sandbox on killercoda Platform

terraform-provider-deepfence

Deepfence Terraform provider

CommunityThreatIntel

Threat Intelligence by and for the community

cloud-scanner

Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console.

http2viewer

HTTP2 message viewer