The eBPF File Creation Blocker is a cutting-edge security module designed to prevent file creation in specified directories using the Eunomia eBPF Runtime.
Leveraging the Linux Security Module (LSM) framework and eBPF technology, this tool offers an efficient and lightweight solution for enforcing directory-specific file creation policies.
/etc/test/
directory.bpf_printk
, enabling administrators to monitor security events.The blocker uses LSM hooks, such as security_file_permission
, to intercept file creation operations. When triggered, the eBPF program checks the target directory and denies access if it matches the restricted path.
This inline enforcement ensures that unauthorized file creation is blocked before it occurs, enhancing system security without significant performance trade-offs.
CONFIG_DEBUG_INFO_BTF=y
).git clone https://github.com/YOUR_GITHUB_USERNAME/ebpf-block-file.git cd ebpf-block-file
ecc block_file_create.c
ecli run package.json
To test functionality, attempt to create a file in /etc/test/
:
bashtouch /etc/test/file
The operation will fail with an error: Operation not permitted
.
For logs of blocked attempts, use:
bashsudo cat /sys/kernel/debug/tracing/trace_pipe
Example log output:
texttouch-2502 [007] ....1 161.355842: bpf_trace_printk: Blocked file creation in /etc/test: file
eBPF-based solutions like this blocker offer significant benefits over traditional methods. By executing code directly in kernel space, they reduce latency and overhead while providing granular control over system operations.
This project is licensed under GPL-2.0, ensuring open-source accessibility for further development and customization.
The eBPF File Creation Blocker exemplifies how modern technologies like eBPF can be harnessed to enhance system security efficiently and effectively.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…