Project

General

Profile

Actions

Feature #14529

open

eBPFShield

Added by Michael Lawrence over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
New Package Request
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

https://github.com/sagarbhure/eBPFShield

Advanced host monitoring and threat detection with eBPF 🛡️

eBPFShield is a high-performance security tool that utilizes eBPF and Python to provide real-time IP-Intelligence and DNS monitoring. By executing in kernel space, eBPFShield avoids costly context switches and offers efficient detection and prevention of malicious behavior on your network through monitoring of outbound connections and comparison with threat intelligence feeds. 🔍

Actions #1

Updated by Michael Lawrence over 1 year ago

Also can send alerts to SIEM ie call outs to "ransomware_.com" or other nastyware infected machines calling out to c2c/botnet/malicious ips...

https://wiki.freebsd.org/SummerOfCode2020Projects/eBPFXDPHooks

Actions #2

Updated by Kris Phillips over 1 year ago

  • Priority changed from Normal-package to Low

The project appears to be primarily written for Debian-based Linux and the Summer of Code project from 2020 doesn't appear to have had any code contributions since. It would likely require likely a significant effort to make this viable on FreeBSD/pfSense, but I'll let a developer comment here.

Actions #3

Updated by Michael Lawrence over 1 year ago

https://github.com/generic-ebpf/generic-ebpf

should do the job adds kernel/user space tools

Generic eBPF runtime. It (currently) consists of three components

ebpf: Portable interpreter, JIT compiler, and ebpf subsystems (e.g. map) library, works in both of userspace and kernel.
ebpf_dev: Character device for loading ebpf program or other related objects (e.g. map) into kernel. Alternative of Linux bpf(2).
libgbpf: A library which implements abstraction layer for interacting with various eBPF systems and eBPF ELF parser. Currently supports ebpf_dev and Linux's native eBPF (experimental) as backends.
Current support status

ebpf ebpf_dev
FreeBSD Kernel Yes Yes
FreeBSD User Yes -
Linux Kernel Yes Yes
Linux User Yes -
MacOSX User Yes -

Actions

Also available in: Atom PDF