{"id":26529484,"url":"https://github.com/cappe987/capmon","last_synced_at":"2025-10-24T22:34:49.600Z","repository":{"id":49947560,"uuid":"515366460","full_name":"cappe987/capmon","owner":"cappe987","description":"A Linux capabilities(7) monitor for using commands without sudo","archived":false,"fork":false,"pushed_at":"2023-09-24T17:32:04.000Z","size":1272,"stargazers_count":7,"open_issues_count":4,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-07T09:51:25.227Z","etag":null,"topics":["c","hacktoberfest","linux"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cappe987.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-18T23:02:33.000Z","updated_at":"2024-06-04T21:03:55.000Z","dependencies_parsed_at":"2023-02-15T16:50:24.634Z","dependency_job_id":"a1181c4e-dbf5-4903-bd48-2eee1243f2f4","html_url":"https://github.com/cappe987/capmon","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/cappe987/capmon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cappe987%2Fcapmon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cappe987%2Fcapmon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cappe987%2Fcapmon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cappe987%2Fcapmon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cappe987","download_url":"https://codeload.github.com/cappe987/capmon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cappe987%2Fcapmon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280878346,"owners_count":26406641,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-24T02:00:06.418Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","hacktoberfest","linux"],"created_at":"2025-03-21T16:34:00.455Z","updated_at":"2025-10-24T22:34:49.572Z","avatar_url":"https://github.com/cappe987.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!---\nSPDX-License-Identifier: GPL-2.0-only\nSPDX-FileCopyrightText: 2023 Casper Andersson \u003ccasper.casan@gmail.com\u003e\n--\u003e\n\n# Capmon - a Linux Capabilities monitor\n\nCapabilities allows you to run commands without sudo. But sometimes it's hard\nto figure out what capabilities it needs. Capmon monitors when processes check\n[capabilities(7)](https://man7.org/linux/man-pages/man7/capabilities.7.html) to\nfind out what they require. Run `capmon '\u003cCOMMAND\u003e'` to track the capabilities\nit accesses. It's important to **not** run your command with sudo since that\nbypasses certain checks. Let the command fail at the first missing capability\ncheck and add that capability, then try again and see if if fails on more.\nRinse and repeat until command runs successfully.\n\nFor an introduction to capabilities see [A simpler life without\nsudo](https://casan.se/blog/linux/a-simpler-life-without-sudo/).\n\n## Table of Contents\n- [Usage](#usage)\n  - [Using without sudo](#using-without-sudo)\n  - [Legacy mode](#legacy-mode)\n- [Installation](#installation)\n  - [Build dependencies](#build-dependencies)\n  - [Run dependencies](#run-dependencies)\n- [Contributing](#contributing)\n\n\n## Usage\n\nTo use Capmon do\n```sh\ncapmon '\u003ccmd\u003e'\n```\n\nFor example:\n```sh\ncapmon 'ip link netns add test'\n```\n\nIt is recommended to enclose the command in quotes to avoid the shell from doing\nany funny business with globbing or other special features, and to avoid Capmon\nfrom interpreting the command's argument as its own. Capmon will run the command\nwith `/bin/sh`.\n\nThe output of the above command will be\n```sh\n[ip]\n- [PASS] CAP_DAC_OVERRIDE\n- [PASS] CAP_NET_ADMIN\n```\nbecause the `ip` command required the capabilities `CAP_NET_ADMIN` and\n`CAP_DAC_OVERRIDE` for this particular task. Another example, `ip link set dev\ntap0 up` only requires `CAP_NET_ADMIN`.\n\nIf the user didn't have the capabilities it would instead report `[FAIL]` on one\nof the capabilities. If it failed on the first of the two then it may not even\nshow the second since commands often bail out as soon as they fail to do\nsomething.\n\nIf a command is still failing even though Capmon doesn't report anything there\nis the flag `-a` or `--all`. This changes the place where it listens to another\nlocation which covers many more checks, some of which are not always necessary\nand are allowed to fail. This is not the default mode as to not confuse the\nuser with a bunch of capabilities that usually will not matter.\n\n### Using without sudo\nIt is recommended to give Capmon the capabilities it needs. Running it with\nsudo will pass sudo rights to any child processes, preventing the return value\nof the cap check to be correct.\n\nTo use Capmon without sudo you must assign `CAP_DAC_OVERRIDE` and\n`CAP_SYS_ADMIN` to yourself and to `capmon`. For a guide on how to set\ncapabilities see [A simpler life without\nsudo](https://casan.se/blog/linux/a-simpler-life-without-sudo/).\n\n### Legacy mode\n\nSee [Monitor mode documentation](doc/monitor.md) for usage of the legacy\nmonitor mode.\n\n\n\n## Installation\n\n```\nmake\nsudo make install\n```\nThe Makefile is a wrapper around CMake that will fetch the submodules and\noutput any build artifacts into the `build/` directory.\n\n### Build dependencies\n\nThese should be available on most modern Linux distributions.\n```\nsudo apt install cmake clang llvm libelf1 libelf-dev zlib1g-dev\n```\n- `CONFIG_PERF_EVENTS=y`?\n- Linux kernel \u003e= 5.10? ([BPF CO-RE](\n  https://patchwork.ozlabs.org/project/buildroot/patch/29d2a8c7-44cd-da42-5fed-f17ec0f8ccf2@synopsys.com/))\n\n### Run dependencies\n\n- `CONFIG_DEBUG_INFO_BTF=y`\n- Linux kernel \u003e= 5.8 (BPF ring buffer)\n\n\n\n## Contributing\n\nFor more detailed explanation on building it and how it works see\n[CONTRIBUTING.md](doc/CONTRIBUTING.md)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcappe987%2Fcapmon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcappe987%2Fcapmon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcappe987%2Fcapmon/lists"}