bombini

Bombini is an eBPF-based agent for (mostly) security monitoring. Bombini provides components for fast prototyping eBPF detectors. Not all components are implemented yet and it's more like proof of concept for now. It is build on a top of Aya library. Design concepts can be found here.

Prerequisites

Install Rust.
Prepare environment for Aya.

Build

cargo xtask build

Run

You can try bombini agent this way:

RUST_LOG=debug cargo xtask run -- --config-dir ./config --stdout

Also you can use file as output or unix socket combining with vector.

File

Start vector agent:

vector --config ./vector/vector-file.yaml

Start bombini with events redirecting to file:

RUST_LOG=debug cargo xtask run -- --config-dir ./config --event-log ./bombini.log

Unix socket

Start vector agent with unix socket listner:

vector --config ./vector/vector-sock.yaml

Start bombini with events redirecting to unix socket:

RUST_LOG=debug cargo xtask run -- --config-dir ./config --event-socket /tmp/bombini.sock

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
.cargo		.cargo
.vim		.vim
.vscode		.vscode
bombini-common		bombini-common
bombini-detectors-ebpf		bombini-detectors-ebpf
bombini		bombini
config		config
docs		docs
vector		vector
xtask		xtask
.dir-locals.el		.dir-locals.el
.gitignore		.gitignore
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

bombini

Prerequisites

Build

Run

File

Unix socket

About

Releases

Packages

Languages

License

anfedotoff/bombini

Folders and files

Latest commit

History

Repository files navigation

bombini

Prerequisites

Build

Run

File

Unix socket

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages