{"id":24192693,"url":"https://github.com/bombinisecurity/bombini","last_synced_at":"2025-09-21T16:32:19.147Z","repository":{"id":272133966,"uuid":"864634441","full_name":"anfedotoff/bombini","owner":"anfedotoff","description":"WIP: eBPF security monitoring agent based on Aya","archived":false,"fork":false,"pushed_at":"2025-01-12T11:23:47.000Z","size":248,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-12T12:28:37.143Z","etag":null,"topics":["aya","bpf","ebpf","security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anfedotoff.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-28T18:35:24.000Z","updated_at":"2025-01-09T13:06:55.000Z","dependencies_parsed_at":"2025-01-12T12:29:23.486Z","dependency_job_id":"106d3ec3-072a-436f-8a78-8fd4a82bb540","html_url":"https://github.com/anfedotoff/bombini","commit_stats":null,"previous_names":["anfedotoff/bombini"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfedotoff%2Fbombini","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfedotoff%2Fbombini/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfedotoff%2Fbombini/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anfedotoff%2Fbombini/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anfedotoff","download_url":"https://codeload.github.com/anfedotoff/bombini/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233770325,"owners_count":18727553,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aya","bpf","ebpf","security"],"created_at":"2025-01-13T16:19:52.699Z","updated_at":"2025-09-21T16:32:19.140Z","avatar_url":"https://github.com/anfedotoff.png","language":"Rust","funding_links":[],"categories":["Projects Related to eBPF","Major Projects that Use Aya"],"sub_categories":["Security","Aya-related talks"],"readme":"# bombini\n\nBombini is an eBPF-based agent for security monitoring. It is build on a\ntop of [Aya](https://github.com/aya-rs/aya) library. Design concepts can be\nfound [here](docs/design.md).\n\n## Run\n\nYour Linux kernel version must be greater or equal **5.15**.\n[Compatibility](https://github.com/aya-rs/aya/issues/349) between different kernel versions (CO-RE) is not yet fully implemented.\n\nThe easiest way to use Bombini is to build docker image and run:\n\n```bash\ndocker build  -t bombini .\n```\n\nBefore run, check if LSM BPF is enabled on your system.\n\n```\ncat /sys/kernel/security/lsm\n```\n\nif there is `bpf` in the output, than BPF LSM is enabled.\nOtherwise, you have to enable it adding this line to `/etc/default/grub`:\n\n```\nGRUB_CMDLINE_LINUX=\"lsm=[previos lsm modules],bpf\"\n```\n\nUpdate grub and reboot the system.\n\nPrepare configuration files and enable detectors for your needs. You can copy `./config` directory and modify config files.\n`config.yaml` has global Bombini parameters and enumerates detectors to be loaded. Other config files provides parameters for corresponding detector.\nTo know more about detectors look at [docs](docs/detectors/).\n\nRun bombini:\n\n```bash\ndocker run --pid=host --rm -it --privileged --env \"RUST_LOG=info\" -v \u003cyour-config-dir\u003e:/usr/local/lib/bombini/config:ro  -v /sys/fs/bpf:/sys/fs/bpf bombini\n```\n\nYou can also use file as output or unix socket combining with\n[vector](https://github.com/vectordotdev/vector).\n\n### File\n```bash\ntouch /tmp/bombini.log\ndocker run --pid=host --rm -it --privileged --env \"RUST_LOG=info\" -v \u003cyour-config-dir\u003e:/usr/local/lib/bombini/config:ro -v /tmp/bombini.log:/log/bombini.log -v /sys/fs/bpf:/sys/fs/bpf bombini --event-log /log/bombini.log\n```\n\n### Unix socket\n```bash\nvector --config ./vector/vector-sock.yaml\ndocker run --pid=host --rm -it --privileged --env \"RUST_LOG=info\" -v \u003cyour-config-dir\u003e:/usr/local/lib/bombini/config:ro -v /tmp/bombini.sock:/log/bombini.sock -v /sys/fs/bpf:/sys/fs/bpf bombini --event-socket /log/bombini.sock\n```\n\n## Build\n\n1. Install [Rust](https://www.rust-lang.org/tools/install).\n2. Prepare environment for [Aya](https://aya-rs.dev/book/start/development/).\n\nIf you building Bombini on Linux kernel with version **6.8.0-62-generic**, you can skip the next step.\nOtherwise, please, regenerate `vmlinux.rs` before building:\n\n```bash\n./bombini-detectors-ebpf/generate_vmlinux.sh\n```\nRelease build:\n\n```bash\ncargo xtask build --relese\n```\nYou can generate a tarball with instalation scripts for bombini systemd service:\n\n```bash\ncargo xtask tarball --relese\n```\n\nRelease tarball will be located at `target/bombini.tar.gz`\n\nYou can run bombini this way:\n\n```bash\nRUST_LOG=info sudo -E ./target/release/bombini --bpf-objs ./target/bpfel-unknown-none/release --config-dir ./config --stdout\n```\n\nOr using cargo:\n\n```bash\nRUST_LOG=info cargo xtask run --release -- --bpf-objs ./target/bpfel-unknown-none/release --config-dir ./config --stdout\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbombinisecurity%2Fbombini","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbombinisecurity%2Fbombini","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbombinisecurity%2Fbombini/lists"}