Feature #14529
open
eBPFShield
0%
Description
https://github.com/sagarbhure/eBPFShield
Advanced host monitoring and threat detection with eBPF 🛡️
eBPFShield is a high-performance security tool that utilizes eBPF and Python to provide real-time IP-Intelligence and DNS monitoring. By executing in kernel space, eBPFShield avoids costly context switches and offers efficient detection and prevention of malicious behavior on your network through monitoring of outbound connections and comparison with threat intelligence feeds. 🔍
Updated by Michael Lawrence 10 months ago
Also can send alerts to SIEM ie call outs to "ransomware_.com" or other nastyware infected machines calling out to c2c/botnet/malicious ips...
https://wiki.freebsd.org/SummerOfCode2020Projects/eBPFXDPHooks
Updated by Kris Phillips 10 months ago
- Priority changed from Normal-package to Low
The project appears to be primarily written for Debian-based Linux and the Summer of Code project from 2020 doesn't appear to have had any code contributions since. It would likely require likely a significant effort to make this viable on FreeBSD/pfSense, but I'll let a developer comment here.
Updated by Michael Lawrence 9 months ago
https://github.com/generic-ebpf/generic-ebpf
should do the job adds kernel/user space tools
Generic eBPF runtime. It (currently) consists of three components
ebpf: Portable interpreter, JIT compiler, and ebpf subsystems (e.g. map) library, works in both of userspace and kernel.
ebpf_dev: Character device for loading ebpf program or other related objects (e.g. map) into kernel. Alternative of Linux bpf(2).
libgbpf: A library which implements abstraction layer for interacting with various eBPF systems and eBPF ELF parser. Currently supports ebpf_dev and Linux's native eBPF (experimental) as backends.
Current support status
ebpf ebpf_dev
FreeBSD Kernel Yes Yes
FreeBSD User Yes -
Linux Kernel Yes Yes
Linux User Yes -
MacOSX User Yes -