syslog-mode
bpftrace
syslog-mode | bpftrace | |
---|---|---|
2 | 24 | |
27 | 7,647 | |
- | - | |
0.0 | 0.0 | |
over 2 years ago | 3 months ago | |
Emacs Lisp | C++ | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
syslog-mode
-
Why would you still want to use strace in 2023? [video]
In emacs you can use syslog-mode for analyzing strace output: https://github.com/vapniks/syslog-mode
- syslog-mode: Emacs major-mode for viewing log files & strace output
bpftrace
- Why would you still want to use strace in 2023? [video]
- Ask HN: How to measure the latency numbers every programmer should know?
-
Securing PyTorch Models with eBPF
In this blog, I will present secimport — a toolkit for creating and running sandboxed applications in Python that utilizes eBPF (bpftrace) to secure Python runtimes.
-
Tag Systems
I haven't come across of any project like that, but in case anyone wants to implement this and doesn't know where to start, here's a way to do it on a freedesktop-compatible linux:
Make a userspace daemon process that adds eBPF tracepoints[0] to open{,_at} etc syscalls which match files of your user directories with specific extensions (e.g. .docx).
Associate PIDs that open those files with their .desktop entries[1]
Store results in some database like sqlite3.[2]
Search this database with your favorite interface, like a CLI script or a GNOME shell search provider[3].
I have seen this Rust project on HN which does something similar but with file attribute syscalls, you can use it as reference: https://github.com/javierhonduco/sweeper
[0]: https://github.com/iovisor/bpftrace
- eBGP tracing for newbie
-
[beetrace]Trace your python process line by line with low overhead!
I develop a python tool that allows you to trace a Python process line by line or the functions' entries and returns. It uses USDT(User Statically-Defined Tracing) probes with bpftrace.
-
How to check is a linux server is compromised or rooted?
bpftrace and/or bpfcc-tools can also be useful (dpkg -L bpftrace to see available tools). You can monitor files being opened/written at kernel level (opensnoop*, filelife*, filetop*), connections being established (tcp*bpfcc), etc.
- Beginner questions
-
Getting notified when a process runs
Similar to this method is bpftrace: https://github.com/iovisor/bpftrace/blob/master/tools/execsnoop.bt
-
Regarding bpftrace vfs_unlink, why can't I monitor the uid, and the obtained value is 0
uname -a Linux ying 5.18.5-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Jun 16 14:51:11 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
What are some alternatives?
ebpf_exporter - Prometheus exporter for custom eBPF metrics
bcc - BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
kubectl-trace - Schedule bpftrace programs on your kubernetes cluster using the kubectl
el7-bpf-specs - RPM specs for building bpf related tools on CentOS 7
OpenCSD - OpenCSD: eBPF Computational Storage Device (CSD) for Zoned Namespace (ZNS) SSDs in QEMU
btrfs-fuzz - Unsupervised coverage-guided btrfs fuzzer
streamlit - Streamlit — A faster way to build and share data apps.
awesome-ebpf - A curated list of awesome projects related to eBPF.
gyeeta - Gyeeta - An Open Source Observability Product for your Infrastructure, Services and Processes. This repository is for the Agent and Server C++ code.
ebpf-assembler - eBPF bytecode assembler and compiler
rules - Repository of yara rules
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.