Total Pageviews

Monday, 14 February 2022

FoxEar

Fox Ear is a Linux process behavior trace tool powered by eBPF.

Features

  • Log process and its subprocesses' creation and create a graph.
  • Log processes' file access.
  • Log processes' TCP connection(IPv4 and IPv6).

Documents

Fox Ear used some parts of following projects:

  • Probes - bcc (Apache-2.0)

from https://github.com/KernelErr/foxear
-----

Installation

Fox Ear is written in Rust, C and Python. And the minimal supported version of Linux kernel is 5.6 as eBPF features' requirements. As kernels for different Linux flavors may varies, it's recommended to compile Fox Ear on your computer rather than using a prebuilt binary.

Requirements

  • Linux kernel >= 5.6
  • bcc toolchain - bcc/INSTALL.md
    • Linux header
  • Rust toolchain
  • Python 3

Compile

First, you should use ./configure to generate configure fitting your kernel.

$ ./configure

Then use cargo to compile.

$ cargo build --release

Or you can use cargo install --path . to install Fox Ear and add it into your path.

Usage

Check Example.


from https://github.com/KernelErr/foxear/blob/main/docs/install.md

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)