search

nefelim4ag / Ananicy

Ananicy - is Another auto nice daemon, with community rules support (Use pull request please)
GNU General Public License v3.0
568 stars 79 forks source link

Use eBPF to get events of new created processes #411

Open izissise opened 3 years ago

izissise commented 3 years ago

Use eBPF to get events on newly created processes (https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/)

Maybe this could be activated with a CLI flags, so older kernels are still supported using current starting method

https://github.com/iovisor/bcc/blob/master/tools/execsnoop.py

aviallon commented 3 years ago

Very interesting. Thank you for that :)