{"id":28833204,"url":"https://github.com/frizzymonsta/ebpf_prac","last_synced_at":"2026-05-08T10:35:50.336Z","repository":{"id":299834605,"uuid":"1003028142","full_name":"frizzymonsta/ebpf_prac","owner":"frizzymonsta","description":"Short practice work about eBPF and log analysis for Innopolis students.","archived":false,"fork":false,"pushed_at":"2025-06-18T14:13:16.000Z","size":1264,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-18T15:27:25.923Z","etag":null,"topics":["bpftrace","ebpf","linux","python3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/frizzymonsta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-16T14:06:32.000Z","updated_at":"2025-06-18T14:13:23.000Z","dependencies_parsed_at":"2025-06-18T15:38:26.134Z","dependency_job_id":null,"html_url":"https://github.com/frizzymonsta/ebpf_prac","commit_stats":null,"previous_names":["frizzymonsta/ebpf_prac"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/frizzymonsta/ebpf_prac","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frizzymonsta%2Febpf_prac","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frizzymonsta%2Febpf_prac/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frizzymonsta%2Febpf_prac/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frizzymonsta%2Febpf_prac/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/frizzymonsta","download_url":"https://codeload.github.com/frizzymonsta/ebpf_prac/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frizzymonsta%2Febpf_prac/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32776920,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"ssl_error","status_checked_at":"2026-05-08T08:22:45.650Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpftrace","ebpf","linux","python3"],"created_at":"2025-06-19T09:00:48.153Z","updated_at":"2026-05-08T10:35:50.329Z","avatar_url":"https://github.com/frizzymonsta.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 1. Анализ системных вызовов с eBPF\n\n## Подготовка\n\n1. Установить Ubuntu 22.04 в виртуальной машине (рекомендуется выставить network device на bridge для возможности подключения по ssh и др.).\n2. Установить `bpftrace` и `bcc`.\n3. Проверить работу `bpftrace` через команду:\n   ```bash\n   sudo bpftrace -e 'tracepoint:syscalls:sys_enter_execve { printf(\"execve: %s\\n\", str(args-\u003efilename)); }'\n4. Протестировать работу bpftrace, открыв другой терминал и введя разные команды (напр. `ls` или `ping -q 1 8.8.8.8`). Если в первом терминале появилась информация о вводимых командах, значит все установилось успешно.\n\n## Работа\n\nИзучив примеры `bpf_trace.py`, `collect_all.bt`, разработайте свой скрипт (на выбор: bpftrace или Python+BCC), который:\n\n* отслеживает релевантные системные вызовы\n* выводит: человекочитаемый таймстамп, имя пробы (probe), PID, команду (comm), путь к исполняемому скрипту (filename, если применимо)\n\nВыберите tracepoint'ы для отслеживания probe, которые кажутся вам важными:\n\nПримеры:\n\n```\ntracepoint:syscalls:sys_enter_execve\ntracepoint:syscalls:sys_enter_openat\ntracepoint:syscalls:sys_enter_connect\ntracepoint:syscalls:sys_enter_unlink\n```\n\nПример работы:\n\n![example](img/example.png)\n\n## Тестирование\n\nНаписав `.bt` или `.py` скрипт, запустите его (командами `sudo bpftrace \u003cname\u003e.bt` или `sudo python3 \u003cname\u003e.py`), а на втором терминале запустите `activity.sh`.\n\nПроверьте, что ваша трассировка корректно логгирует нужные события.\n\n## Отчет\n\nЧто необходимо сдать:\n\n* Ваш скрипт трассировки (`.bt` или `.py`)\n* Пример логов (`sudo bpftrace \u003cname\u003e.bt \u003e\u003e \u003clogname\u003e.log`)\n* Отчёт по шаблону `REPORT_TEMPLATE.md`\n\n## Вопросы, на которые нужно ответить в отчете\n\n1. Чем `tracepoint` отличается от `kprobe`?\n2. Почему `args-\u003efilename` доступен не всегда?\n3. Что делает `strftime(\"%H:%M:%S\", nsecs)`?\n\nОтправлять на `zelichenok@comsec.spb.ru`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrizzymonsta%2Febpf_prac","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffrizzymonsta%2Febpf_prac","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrizzymonsta%2Febpf_prac/lists"}