https://github.com/assaf-r/aisir

Named after the beautiful loch Aisir in northen Scotland, Aisir is an Ebpf based tool that logs and filters connection to remote IP addresses
https://github.com/assaf-r/aisir

ebpf ebpf-programs firewall linux security security-tools

Last synced: 10 months ago
JSON representation

Named after the beautiful loch Aisir in northen Scotland, Aisir is an Ebpf based tool that logs and filters connection to remote IP addresses

• Host: GitHub
• URL: https://github.com/assaf-r/aisir
• Owner: Assaf-R
• Created: 2024-11-18T11:22:06.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-03-27T14:12:13.000Z (11 months ago)
• Last Synced: 2025-04-14T17:49:06.484Z (10 months ago)
• Topics: ebpf, ebpf-programs, firewall, linux, security, security-tools
• Language: Python
• Homepage:
• Size: 14.6 KB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: Readme.md

Awesome Lists containing this project

README

          
### Aisir

Named after the beautiful loch Aisir in northen Scotland, Aisir is an eBpf based tool that logs and filters connection to remote IP addresses

### How does this work?

The python program - **aisir.py** - loads the bpf c program - **aisir_bpf.c** - and hooks the connect syscall with a kprobe.

The eBpf program checks if a connection to the remote IP is allowed. in the ip_list.txt file.

The results are logged to /var/log/loch/aisirX.log

### How to run

***RUN AS ROOT*** \

You need to run the program with either the **-w** or **-b** flags, To determine if your firewall wil work based on a whitelist or blacklist.

If you chose whitelist only connections to addresses in the list will be allowed, and if you chose blacklist they will be dropped

***notes***

- The ip_list.txt needs to be in the same dir with the programs

- The ip_list.txt file needs to include only valid ip addresses