Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nanorobocop/execsnoop-k8s
WIP
https://github.com/nanorobocop/execsnoop-k8s
ebpf kubernetes
Last synced: about 1 month ago
JSON representation
WIP
- Host: GitHub
- URL: https://github.com/nanorobocop/execsnoop-k8s
- Owner: nanorobocop
- License: mit
- Created: 2021-09-14T15:04:56.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2023-05-11T20:40:07.000Z (over 1 year ago)
- Last Synced: 2024-06-21T08:08:15.437Z (7 months ago)
- Topics: ebpf, kubernetes
- Language: Go
- Homepage:
- Size: 4.58 MB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Execsnoop-K8s
Log all binary executions in Kubernetes.
Based on BPF program from [iovisor/gobpf](https://github.com/iovisor/gobpf/blob/2289761f1e2092a7416cd5fd55a218802d997cb6/examples/bcc/execsnoop/execsnoop.go).
Development WIP.
## Build
1. Install `https://github.com/iovisor/bcc`
([INSTALL.md](https://github.com/iovisor/bcc/blob/master/INSTALL.md))
2. Build on host machine:
```bash
go build execsnoop.go
```
3. Dockerize
```bash
docker build -t execsnoop .
```
## Run in Docker
```bash
sudo docker run --rm -it -v /lib:/lib -v /usr/src:/usr/src -v /var/run/docker.sock:/var/run/docker.sock --privileged execsnoop
```
## Run in Kubernetes
TBD