Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Projects in Awesome Lists tagged with seccomp
A curated list of projects in awesome lists tagged with seccomp .
https://github.com/slimtoolkit/slim
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
apparmor containers docker go golang hacktoberfest minify minify-images seccomp seccomp-profile security slim
Last synced: 06 Jan 2025
https://github.com/sandstorm-io/sandstorm
Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.
capnproto decentralized sandstorm seccomp self-hosted self-hosting
Last synced: 25 Oct 2024
https://github.com/walidshaari/certified-kubernetes-security-specialist
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy
Last synced: 08 Jan 2025
https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
apparmor certification cks ckss exam-objectives falco kernel-hardening kube-bench kube-hunter kubernetes kubernetes-security mitre-attack open-policy-agent os-footprint pod pod-security-policy policy seccomp security trivy
Last synced: 15 Nov 2024
https://github.com/david942j/seccomp-tools
Provide powerful tools for seccomp analysis
ctf sandbox seccomp seccomp-filter seccomp-tools tools
Last synced: 08 Jan 2025
https://github.com/genuinetools/contained.af
A stupid game for learning about containers, capabilities, and syscalls.
apparmor containers docker game linux opencontainers seccomp security syscalls
Last synced: 08 Jan 2025
https://github.com/kubernetes-sigs/security-profiles-operator
The Kubernetes Security Profiles Operator
apparmor k8s-sig-node kubernetes kubernetes-operator seccomp seccomp-operator seccomp-profiles security-profiles selinux
Last synced: 04 Jan 2025
https://github.com/bytedance/varmor
vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.
bpf containers kubernetes lsm policy sandbox seccomp security
Last synced: 07 Jan 2025
https://github.com/seccomp/libseccomp-golang
The libseccomp golang bindings repository
Last synced: 07 Jan 2025
https://github.com/moabukar/cks-exercises-certified-kubernetes-security-specialist
A set of curated exercises to help you prepare for the CKS exam
anchore apparmor audit-log cks containerd containers falco gvisor kube-bench kubernetes networkpolicies opa seccomp secrets-management security security-tools static-analysis sysdig trivy
Last synced: 09 Jan 2025
https://github.com/xfernando/go2seccomp
Generate seccomp profiles from go binaries
containers go seccomp security
Last synced: 12 Nov 2024
https://github.com/grantseltzer/karn
Simplifying Seccomp enforcement in containerized or non-containerized apps
container-security containers karn seccomp seccomp-filter security security-hardening security-tools
Last synced: 18 Nov 2024
https://github.com/antitree/syscall2seccomp
Build custom Docker seccomp profiles for containers by finding syscalls it uses.
docker docker-container identify-syscalls seccomp
Last synced: 17 Dec 2024
https://github.com/elastic/go-seccomp-bpf
Go library for installing a seccomp BPF system call filter.
golang seccomp seccomp-bpf-policies
Last synced: 08 Jan 2025
https://github.com/orivej/fptrace
Record process launches and files read and written by each process
dependency-graph ptrace seccomp strace
Last synced: 05 Nov 2024
https://github.com/bnbdr/ida-bpf-processor
BPF Processor for IDA Python
bpf disasm disassembler ida idapython-plugin processor seccomp
Last synced: 16 Nov 2024
https://github.com/msantos/alcove
Control plane for system processes
capsicum exec fork linux-namespaces pledge prctl procctl seccomp signal system-programming
Last synced: 19 Dec 2024
https://github.com/blacktop/seccomp-gen
Docker Secure Computing Profile Generator
docker generator golang seccomp seccomp-profile
Last synced: 17 Nov 2024
https://github.com/alegrey91/harpoon
🔍 Trace syscalls of user-space defined functions, using eBPF
ebpf ebpf-programs golang seccomp security-audit security-tools syscalls system-calls
Last synced: 14 Nov 2024
https://github.com/antitree/keyctl-unmask
Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.
breakout containers docker keyctl kubernetes namespacing seccomp security-tools syscalls
Last synced: 17 Dec 2024
https://github.com/healeycodes/untrusted-python
📦 Run untrusted python code on the server.
pyseccomp rlimit sandbox seccomp setrlimit untrusted-code
Last synced: 10 Dec 2024
https://github.com/msantos/prx
an Erlang library for interacting with Unix processes
capsicum exec fork linux-namespaces pledge prctl procctl seccomp signal supervisor system-programming
Last synced: 19 Dec 2024
https://github.com/giuseppe/easyseccomp
DSL language to write seccomp filters
containers seccomp seccomp-bpf seccomp-filter security
Last synced: 28 Oct 2024
https://github.com/libseccomp-rs/libseccomp-rs
Rust Language Bindings for the libseccomp Library
api-bindings containers libseccomp linux-kernel rust seccomp
Last synced: 04 Jan 2025
https://github.com/utoni/potd
A high scalable low to medium interactive SSH/TCP honeypot using Linux Namespaces, capabilities, seccomp, cgroups designed for OpenWrt and IoT devices.
c capabilities cgroups honeypot openwrt sandbox seccomp ssh-honeypot
Last synced: 18 Nov 2024
https://github.com/vi/syscall_limiter
Start Linux programs with only selected syscalls enabled (libseccomp-based)
libseccomp linux seccomp security syscalls
Last synced: 08 Nov 2024
https://github.com/equk/torjail
:lock: download, verify & run torbrowser in a sandbox
dwm firejail linux sandbox seccomp seccomp-bpf-policies tor torbrowser xephyr
Last synced: 24 Nov 2024
https://github.com/federicoceratto/nim-seccomp
Seccomp (libseccomp2) adapter for the Nim language
Last synced: 05 Jan 2025
https://github.com/hartwork/antijack
:ninja: seccomp-based anti-TTY-hijacking proof-of-concept (prevents TIOCSTI and TIOCLINUX)
c99 command-injection doas ioctl libseccomp linux seccomp seccomp-filter seccomp-filtering seccomp-tools security sudo syscall-filter syscalls tioclinux tiocsti tty
Last synced: 28 Oct 2024
https://github.com/binarymist/dockersecurity-quickreference
:books: :whale: For DevOps Engineers :whale: :books:
application-security book books capabilities cgroups control-groups devops devsecops docker docker-security information-security infosec linux lsm namespaces seccomp security volumes web-application-security
Last synced: 19 Nov 2024
https://github.com/avilum/syscalls
Merged to firejail; Find syscalls of executables for seccomp-bpf sandbox policies.
firejail jail sandbox seccomp seccomp-bpf-policies seccomp-profile security-hardening syscalls
Last synced: 11 Oct 2024
https://github.com/nankeen/pwndocker
Docker tools for CTF pwning 👩🏻💻👨🏻💻🚩
ctf docker exploit-developers gadget gdb libc linux pwn seccomp
Last synced: 21 Nov 2024
https://github.com/msantos/stdio
Reliably reap, restrict and isolate system tasks: Stdio is a control plane for processes
capsicum exec fork inetd linux-namespaces pledge prctl procctl seccomp signal stdio supervisor
Last synced: 19 Dec 2024
https://github.com/proot-me/blog
PRoot Developer Blog
c care hacktoberfest linux proot seccomp
Last synced: 09 Nov 2024
https://github.com/moolen/secco
:shield: auto-generate seccomp profiles for Kubernetes
ebpf kubernetes seccomp security
Last synced: 11 Nov 2024
https://github.com/subconsciouscompute/seccomp-pledge
seccomp-BPF filtering and pledge/unveil sandboxing for Linux
Last synced: 09 Nov 2024
https://github.com/rustcc/libseccomp-rs
A mid-level binding to libseccomp
bindings linux sandbox seccomp
Last synced: 13 Nov 2024
https://github.com/taoky/greenhook
A seccomp-unotify-based syscall hook library for Linux
Last synced: 13 Dec 2024
https://github.com/foxcpp/scmp-confine
Simple CLI wrapper for libseccomp library written in Go.
Last synced: 19 Dec 2024
https://github.com/html-extract/hext-on-websockets
Websocket Server for Hext. Hext is a domain-specific language for extracting structured data from HTML documents.
async beast boost boost-asio cpp cpp17 seccomp ssl websockets
Last synced: 19 Dec 2024
https://github.com/schnatterer/cks-short-tips
Five short tips for passing the CKS exam (Certified Kubernetes Security Specialist)
apparmor certified-kubernetes-security-specialist cks etcd falco k8s kube-apiserver kube-bench kubectl kubernetes kubesec opa open-policy-agent psa seccomp security trivy
Last synced: 13 Nov 2024
https://github.com/joemiller/go-jail
[experiment] simple wrapper for executing sandboxed processes using Seccomp and capabilities filters
Last synced: 28 Dec 2024
https://github.com/appvia/auditd-container
Simple alpine image with auditd intended usage is to be used in combination with docker-desktop kubernetes to allow building a seccomp profiles with the kubernetes-sigs/security-profiles-operator
auditd kind kubernetes seccomp security-profiles-operator
Last synced: 31 Dec 2024
https://github.com/voidc/seccomp-notif
A PoC for using the new seccomp-notif Linux feature from Rust.
linux rust seccomp seccomp-notify
Last synced: 10 Dec 2024
https://github.com/msantos/libnoexec
Prevent dynamically linked executables from calling exec(3)
Last synced: 19 Dec 2024
https://github.com/gcmurphy/forkoff
prevent forking of external processes via kafel + neon + node.js
help-wanted kafel neon nodejs rust seccomp
Last synced: 02 Dec 2024
https://github.com/archguardian-io/kubernetes-apparmor-profiles
AppArmor and Seccomp profiles for K8S images
Last synced: 19 Dec 2024
https://github.com/msantos/prv
pressure relief valve for Unix process pipelines
capsicum flowcontrol pledge seccomp setrlimit
Last synced: 19 Dec 2024
https://github.com/msantos/genlb-ptrace
connect(2) load balancer for Unix processes
Last synced: 19 Dec 2024
https://github.com/msantos/collectd-prv
stdout to collectd notification
capsicum collectd flowcontrol monitoring pledge seccomp setrlimit
Last synced: 19 Dec 2024
https://github.com/lawndoc/seccomp-ci-demo
Automate seccomp filter generation in your CI pipeline
ci container-security containers devops devsecops ebpf linux seccomp security security-automation syscalls
Last synced: 14 Dec 2024
https://github.com/msantos/nonetexec
nonetexec: prevent an exec(3)'ed command from opening new sockets
Last synced: 19 Dec 2024
https://github.com/tomastomecek/devconf-container-roadshow-2017
My 'Advanced container deep-dive workshop at DevConf Container Roadshow 2017.
capabilities containers docker moby namespaces networking seccomp selinux
Last synced: 15 Oct 2024
https://github.com/rusty-snake/openat_dialog_poc
seccomp seccomp-addfd seccomp-notify
Last synced: 18 Nov 2024
https://github.com/archguardian-io/docker-apparmor-profiles
AppArmor and Seccomp profiles for Docker images
Last synced: 17 Nov 2024