{"id":18894094,"url":"https://github.com/trailofbits/linuxevents","last_synced_at":"2025-04-15T00:31:54.062Z","repository":{"id":60782702,"uuid":"467256803","full_name":"trailofbits/linuxevents","owner":"trailofbits","description":"A sample PoC for container-aware exec events for osquery","archived":false,"fork":false,"pushed_at":"2024-02-15T18:55:44.000Z","size":21,"stargazers_count":24,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-28T12:51:14.552Z","etag":null,"topics":["bpf","ebpf","linux","monitoring","runtime-code-generation","tracing"],"latest_commit_sha":null,"homepage":"https://www.trailofbits.com/services/security-engineering","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-07T20:56:29.000Z","updated_at":"2025-03-07T04:40:36.000Z","dependencies_parsed_at":"2023-01-20T05:35:24.386Z","dependency_job_id":null,"html_url":"https://github.com/trailofbits/linuxevents","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Flinuxevents","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Flinuxevents/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Flinuxevents/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Flinuxevents/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/linuxevents/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248984386,"owners_count":21193737,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bpf","ebpf","linux","monitoring","runtime-code-generation","tracing"],"created_at":"2024-11-08T08:17:49.382Z","updated_at":"2025-04-15T00:31:53.686Z","avatar_url":"https://github.com/trailofbits.png","language":"C++","readme":"## LibLinuxEvents\n\nThis is a **proof-of-concept** for a container-aware process and network event publisher library with no runtime dependencies (i.e. kernel headers).\n\nIt works by using LLVM/Clang, the BTF debug information ([btfparse](https://github.com/trailofbits/btfparse)) and our C++ BPF utilities ([ebpf-common](https://github.com/trailofbits/ebpf-common)).\n\n## Build instructions\n\n1. Download and extract the [osquery-toolchain](https://github.com/osquery/osquery-toolchain)\n2. Clone the repository: `git clone --recursive https://github.com/trailofbits/linuxevents`\n3. Install the following dependencies: LLVM libraries, Clang libraries, Ninja, CMake\n4. Configure the project: `cmake -S linuxevents -B build-linuxevents -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain.cmake -G Ninja -DCMAKE_BUILD_TYPE=Release`\n5. Build the project: `cmake --build build-linuxevents`\n6. Run the `execsnoop` sample: `sudo build-linuxevents/examples/execsnoop/execsnoop`\n\n## Runtime requirements\n\nSince this library uses BTF, you need a kernel that is recent enough to support it. You can quickly check if your system is supported by checking for the existance of the following file: `/sys/kernel/btf/vmlinux`\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Flinuxevents","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Flinuxevents","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Flinuxevents/lists"}