{"id":25431928,"url":"https://github.com/mxcrafts/ltrack","last_synced_at":"2026-03-08T20:01:24.704Z","repository":{"id":275270492,"uuid":"908415054","full_name":"mxcrafts/ltrack","owner":"mxcrafts","description":"Security Observability Framework for ML/AI Model File Loading","archived":false,"fork":false,"pushed_at":"2025-02-17T02:20:47.000Z","size":1808,"stargazers_count":13,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-02-17T03:25:53.356Z","etag":null,"topics":["ebpf","golang","llm","ml","observable","safety"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mxcrafts.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-26T02:54:34.000Z","updated_at":"2025-02-17T02:20:50.000Z","dependencies_parsed_at":"2025-02-17T03:26:08.708Z","dependency_job_id":null,"html_url":"https://github.com/mxcrafts/ltrack","commit_stats":null,"previous_names":["mxcrafts/mxtrack","mxcrafts/ltrack"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mxcrafts%2Fltrack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mxcrafts%2Fltrack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mxcrafts%2Fltrack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mxcrafts%2Fltrack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mxcrafts","download_url":"https://codeload.github.com/mxcrafts/ltrack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239236393,"owners_count":19604901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","golang","llm","ml","observable","safety"],"created_at":"2025-02-17T04:30:28.916Z","updated_at":"2026-03-08T20:01:24.697Z","avatar_url":"https://github.com/mxcrafts.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n\u003ca href=\"https://goreportcard.com/report/github.com/mxcrafts/ltrack\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/mxcrafts/ltrack\" alt=\"Go Report Card\"\u003e\u003c/a\u003e\n\u003ca href=\"https://godoc.org/github.com/mxcrafts/ltrack\"\u003e\u003cimg src=\"https://godoc.org/github.com/mxcrafts/ltrack?status.svg\" alt=\"GoDoc\"\u003e\u003c/a\u003e\n\u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-MIT-yellow.svg\" alt=\"License: MIT\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\n\u003ch3 align=\"center\"\u003e\n  \u003cdiv style=\"display:flex;flex-direction:column;align-items:center;\"\u003e\n    \u003cimg src=\"./brand/logo-light.png\" alt=\"ltrack - Security Observability Framework for ML/AI Model File Loading\" width=100px\u003e\n    \u003cbr /\u003e\n    \u003cp\u003eltrack - Security Observability Framework for ML/AI Model File Loading\u003c/p\u003e\n  \u003c/div\u003e\n\u003c/h3\u003e\n\n\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"README.md\"\u003e\u003cimg alt=\"README in English\" src=\"https://img.shields.io/badge/English-d9d9d9\"\u003e\u003c/a\u003e\n  \u003ca href=\"docs/README_CN.md\"\u003e\u003cimg alt=\"简体中文版自述文件\" src=\"https://img.shields.io/badge/简体中文-d9d9d9\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\n\n## Overview\n\n\u003e [!NOTE]\n\u003e ltrack is an open-source security observability tool designed to monitor and analyze potential risks during the loading and execution of machine learning (ML) and artificial intelligence (AI) model files. Built with Golang and eBPF (Extended Berkeley Packet Filter), ltrack combines the efficiency of low-level kernel tracing with the robustness of modern systems programming to deliver high-performance, low-overhead monitoring. By focusing on critical system behaviors and configurations, ltrack helps developers, MLOps engineers, and security researchers identify vulnerabilities, unauthorized access, and anomalous activities in ML/AI workflows.\n\n## Technical Highlights\n\n\n\nhttps://github.com/user-attachments/assets/188f46c1-3e9c-4f47-a8e0-40b205a8dfec\n\n\n\n- eBPF-Powered Efficiency\nLeverages eBPF to perform lightweight, kernel-level event tracing without requiring kernel modifications. This minimizes runtime overhead (\u003c3% CPU in most cases) while enabling real-time observation of system calls, network traffic, and file operations.\n\n- Golang Performance \u0026 Portability\nUtilizes Golang's concurrency model and cross-platform capabilities to ensure high-throughput event processing and seamless deployment across Linux distributions.\n\n- Zero-Dependency Monitoring\nAvoids reliance on external kernel modules or agents, reducing attack surfaces and operational complexity.\n\n## Features\n\n- 🔍 **File Monitoring**: Monitor file operations (create, delete, modify, etc.) in specified directories\n- 🚀 **Process Monitoring**: Track execution of specified commands\n- 🌐 **Network Monitoring**: Monitor network activity on specific ports and protocols\n- 📝 **Log Management**: Support log rotation, compression, and retention policies\n- ⚡ **High Performance**: Low-overhead system monitoring based on eBPF technology\n- 🔧 **Configurable**: Flexible monitoring policy configuration via TOML files\n\n## Why ltrack?\n\n- Low Overhead, High Fidelity\neBPF's kernel-space execution eliminates costly context switches, enabling precise tracking of system events without degrading model inference or training performance.\n\n- Real-Time Alerts\nIntegrates with logging systems (e.g., Elasticsearch, Prometheus) for proactive threat response.\n\n- Extensible Architecture\nSupports plugins for custom detectors and integrations, with Golang's static binary packaging simplifying deployment.\n\n## Use Cases\n\n- MLOps Pipelines: Enhance security in CI/CD workflows by auditing model deployment processes.\n\n- Research Environments: Safeguard experimental models and datasets from unintended access or tampering.\n\n- Compliance: Meet regulatory requirements (e.g., GDPR, HIPAA) by enforcing strict access controls and audit trails.\n\n## Quick Start\n\n### Docker Images\n\n```bash\ndocker run -d \\\n  --name ltrack \\\n  --privileged \\\n  --pid host \\\n  --network host \\\n  -v /sys/kernel/debug:/sys/kernel/debug:ro \\\n  -v /sys/fs/bpf:/sys/fs/bpf \\\n  -v /proc:/proc \\\n  -v /lib/modules:/lib/modules:ro \\\n  -v ltrack_logs:/var/log/ltrack \\\n  -v \u003cpath\u003e/policy.toml:/app/external-config/policy.toml:ro \\\n  -e LTRACK_LOG_LEVEL=info \\\n  -e LTRACK_LOG_FORMAT=json \\\n  mxcrafts/ltrack:latest\n```\n\n### Build a local docker image\n\n```bash\ncd deploy\n\n# Using latest version\ndocker-compose up -d\n```\n\n### Build from source\n\n#### Prerequisites\n\n- Linux kernel version \u003e= 4.18\n- Go version \u003e= 1.21\n- LLVM/Clang 11+\n\n#### Installation\n\n```bash\n# build from source\ngit clone https://github.com/mxcrafts/ltrack.git\ncd ltrack\nmake \u0026\u0026 LTRACK_LOG_LEVEL=info LTRACK_LOG_FORMAT=json ./bin/ltrack ./bin/ltrack --config policy.toml\n```\n\n### Configuration\n\n### Command Line Options\n\n```bash\n# Run with default configuration file (policy.toml)\nLTRACK_LOG_LEVEL=info LTRACK_LOG_FORMAT=json ./bin/ltrack\n\n# Run with specified configuration file\nLTRACK_LOG_LEVEL=info LTRACK_LOG_FORMAT=json ./bin/ltrack --config /path/to/config.toml\n```\n\n### Log Level Configuration\n\nThe log level can be configured in two ways:\n\n1. Environment Variable (Highest Priority):\n```bash\n# Set log level via environment variable\nexport LTRACK_LOG_LEVEL=debug  # Options: debug, info, warn, error\nexport LTRACK_LOG_FORMAT=json  # Options: json, text\n\n# Run with environment settings\nLTRACK_LOG_LEVEL=info LTRACK_LOG_FORMAT=json ./bin/ltrack\n```\n\n2. Configuration File (Default Priority):\n```toml\n# policy.toml\n[log]\nlevel = \"info\"      # Options: debug, info, warn, error\nformat = \"json\"     # Options: json, text\noutput_path = \"/var/log/ltrack/app.log\"\nmax_size = 100      # Maximum size in megabytes\nmax_age = 7         # Maximum age in days\nmax_backups = 5     # Maximum number of old log files\ncompress = true     # Compress old files\n```\n\n### Configuration File Structure\n\n```toml\n# ltrack Monitor Policy (policy.toml)\n\n# File Monitoring Configuration\n[file_monitor]\nenabled = true\ndirectories = [\n    \"/path/to/monitor\",\n]\n\n# Process Execution Monitoring Configuration\n[exec_monitor]\nenabled = true\nwatch_commands = [\n    \"bash\",\n    \"python\",\n    \"nginx\"\n]\n\n# Network Monitoring Configuration\n[network_monitor]\nenabled = true\nports = [80, 443, 8080]\nprotocols = [\"tcp\", \"udp\"]\n\n# Logging Configuration\n[log]\nlevel = \"info\"\nformat = \"json\"\noutput_path = \"/var/log/ltrack/app.log\"\nmax_size = 100    # MB\nmax_age = 7       # days\nmax_backups = 5   # files\ncompress = true\n```\n\n### Best Practices\n\n1. Log Level Selection:\n   - Use `info` in production for normal operations\n   - Use `debug` only when detailed troubleshooting is needed\n   - Set appropriate log rotation settings to manage disk usage\n\n2. Configuration Management:\n   - Keep production configuration in version control\n   - Use environment-specific configuration files\n   - Validate configuration changes before deployment\n\n3. Monitoring Setup:\n   - Enable only required monitors\n   - Configure appropriate directories and commands\n   - Regular review of monitored resources\n\n### Running\n\n```bash\nsudo ltrack -config policy.toml\n```\n\n\n## Development\n\n### Build Dependencies\n\n```bash\n\n# Build dependencies (Ubuntu)\nsudo apt-get install -y clang llvm libelf-dev\n\n# Common commands\nmake test       # Run unit tests\nmake generate   # Generate eBPF code\nmake package    # Create release package\n\n```\n\n### Performance Metrics\n\n### Generate eBPF Code\n\n```bash\nmake generate\n```\n\n\n### Performance Benchmarks\n\n| Monitor Type | Event Latency | CPU Usage | Memory Usage |\n|-------------|---------------|------------|--------------|\n| File Monitor| \u003c 1ms | \u003c 1% | ~10MB |\n| Process Monitor| \u003c 0.5ms | \u003c 0.5% | ~5MB |\n| Network Monitor| \u003c 1ms | \u003c 1% | ~15MB |\n\n### License\nThis project is licensed under the [MIT License](LICENSE).\n\n### Contact\n\n- Issues: [GitHub Issues](https://github.com/mxcrafts/ltrack/issues)\n- Email: support@mx-crafts.com\n\n\n## Cite ltrack\n\nIf you use `ltrack` in your publication, please cite it by using the following BibTeX entry.\n\n```bibtex\n@Misc{ltrack,\n  title =        {`ltrack`: security observability framework for ml/ai model file loading.},\n  author =       {@bayuncao},\n  howpublished = {\\url{https://github.com/mxcrafts/ltrack}},\n  year =         {2025}\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmxcrafts%2Fltrack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmxcrafts%2Fltrack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmxcrafts%2Fltrack/lists"}