search

Gui774ume / ebpfkit

ebpfkit is a rootkit powered by eBPF
Apache License 2.0
738 stars 85 forks source link

Error: couldn't start: couldn't init bootstrap manager: load license: missing license section #6

Open yasindce1998 opened 2 years ago

yasindce1998 commented 2 years ago

What license should I have to use?

yasindce1998@ubuntu-focal:~/ebpfkit$ sudo ./bin/ebpfkit -l info

Error: couldn't start: couldn't init bootstrap manager: load license: missing license section
Usage:
  ebpfkit [flags]

Flags:
      --append                        (file override feature only) when set, the content of the source file will be appended to the content of the target file
      --comm string                   (file override feature only) comm of the process for which the file override should apply
      --disable-bpf-obfuscation       when set, ebpfkit will not hide itself from the bpf syscall
      --disable-network-probes        when set, ebpfkit will not try to load its network related probes
      --docker string                 path to the Docker daemon executable (default "/usr/bin/dockerd")
  -e, --egress string                 egress interface name (default "enp0s3")
  -h, --help                          help for ebpfkit
  -i, --ingress string                ingress interface name (default "enp0s3")
  -l, --log-level string              log level, options: panic, fatal, error, warn, info, debug or trace (default "info")
      --postgres string               path to the Postgres daemon executable (default "/usr/lib/postgresql/12/bin/postgres")
      --src string                    (file override feature only) source file which content will be used to override the content of the target file
      --target string                 (file override feature only) target file to override
  -p, --target-http-server-port int   Target HTTP server port used for Command and Control (default 8000)
      --webapp-rasp string            path to the webapp on which the RASP is installed
yasindce1998 commented 2 years ago

Anyone looked into that?

tamilmaran5 commented 2 years ago

Yes I have and im also facing the same issue. Please come up with the solution. @Gui774ume

Gui774ume commented 2 years ago

Hey there 👋🏻

Thank you for reporting the bug. Please note that this repo was first and foremost a research project, we built it for a specific kernel version and environment and didn't plan any support for it. We wanted to prove that building a rootkit with eBPF was possible, not release an omnipotent one to the world.

That said, I'll try to have a look over the following weeks, but no promisses, I'm already swamped with my day job 😄

(this error often happens when the bundled eBPF programs were not compiled properly, have you modified the source ? are you sure the compilation was successful ? Could you provide steps to reproduce the issue ?)

yasindce1998 commented 2 years ago

@Gui774ume There were some fatal errors when compiling. I can show you the logs. Thank you once again.

cdxiaodong commented 3 months ago

Yes I have and im also facing the same issue. Please come up with the solution. @Gui774ume 。no modified the source