Giter Site home page Giter Site logo

lowellmower / ingraind Goto Github PK

View Code? Open in Web Editor NEW

This project forked from foniod/foniod

0.0 2.0 1.0 1.15 MB

Data first monitoring agent using (e)BPF, built on RedBPF

License: GNU General Public License v3.0

C 32.66% C++ 0.26% Rust 65.18% Dockerfile 0.31% Ruby 1.21% Shell 0.37%

ingraind's Introduction

ingraind

CircleCI

Data-first monitoring.

ingraind is a security monitoring agent built around RedBPF for complex containerized environments and endpoints. The ingraind agent uses eBPF probes to provide safe and performant instrumentation for any Linux-based environment.

InGrain provides oversight of assets and risks:

  • Your customer data - an employee copying your customer database to their personal cloud store.
  • Your infrastructure - an attacker executing a zero day attack to gain access to your web servers.
  • Your resources - malware using your users machines compute resources to mine cryptocurrency.

This is what curl https://redsift.com looks like if seen through ingraind:

ingrain listening to DNS & TLS

Requirements

  • LLVM/Clang
  • Rust toolchain rustup.rs
  • BCC
  • Linux 4.4 or newer + headers

Compile

Compilation on Arch Linux will pick up the currently installed source tree using pacman.

On other distributions, set the KERNEL_SOURCE environment variable with the path to the kernel source tree.

Please note that this actually needs to be a dirty source tree of an actual kernel, not just a version compatible bare source tree.

The usual Rust compilation ritual will produce a binary in target/release:

cargo build --release

or with custom sources:

env KERNEL_SOURCE=/usr/src/kernel/$(uname -r) cargo build --release

To build a Docker container, make sure kernel directory is populated with the source tree of the target kernel.

The resulting container is tagged ingraind by default, but you can set additional tags or pass docker flags like so:

docker/build.sh -t ingraind:$(git rev-parse HEAD | cut -c-7)

Configuration & Run

To get an idea about the configuration file structure, consult the wiki or take a look at the example config for a full reference.

To start ingraind, run:

./target/release/ingraind config.toml

Depending on the backends used in the config file, some secrets may need to be passed as environment variables. These are documented in config.toml.example, which should be a good starting point, and a sane default to get ingraind running, printing everything to the standard output.

Repo structure

The bpf directory contains the BPF modules. These are compiled by build.rs, and embedded in the final binary, and will be managed by the grains.

Anything else?

For more information, look at the Wiki

ingraind's People

Contributors

rsdy avatar

Watchers

James Cloos avatar Lowell Mower avatar

Forkers

prajithp13

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.