Ingraind - a security monitoring agent built around RedBPF for complex containerized environments and endpoints.

Overview

ingraind

Data-first Monitoring

CircleCI

ingraind is a security monitoring agent built around RedBPF for complex containerized environments and endpoints. The ingraind agent uses eBPF probes to provide safe and performant instrumentation for any Linux-based environment.

InGrain provides oversight of assets and risks:

  • Your customer data - an employee copying your customer database to their personal cloud store.
  • Your infrastructure - an attacker executing a zero day attack to gain access to your web servers.
  • Your resources - malware using your users machines compute resources to mine cryptocurrency.

This is what curl https://www.linkedin.com/in/abdelhasib-naamaoui/ looks like if seen through ingraind:

ingrain listening to DNS & TLS

Requirements

  • LLVM/Clang version 9 or newer
  • Rust toolchain rustup.rs
  • Linux 4.15 kernel or newer including kernel headers
  • capnproto

Compile

The usual Rust compilation ritual will produce a binary in target/release:

$ cargo build --release

or for a kernel version other than the running one:

$ export KERNEL_VERSION=1.2.3
$ cargo build --release

or with a custom kernel tree path (needs to include generated files):

$ export KERNEL_SOURCE=/build/linux
$ cargo build --release

We keep ingraind compatible with the musl target on x86_64, which you can build like so:

$ cargo build --release --target=x86_64-unknown-linux-musl

Build a docker image

To build a Docker image, use the instructions above to build an ingrain binary for the desired kernel. By default, the Dockerfile will assume you've built ingraind for the musl target.

$ docker build .

You can specify an arbitrary ingraind binary by setting the BINARY_PATH environment variable:

$ docker build --build-arg BINARY_PATH=./target/x86_64-unknown-linux-musl/release/ingraind .

Configuration & Run

To get an idea about the configuration file structure, consult the wiki or take a look at the example config for a full reference.

To start ingraind, run:

$ ./target/release/ingraind config.toml

Depending on the backends used in the config file, some secrets may need to be passed as environment variables. These are documented in config.toml.example, which should be a good starting point, and a sane default to get ingraind running, printing everything to the standard output.

Repo structure

The bpf directory contains the BPF programs written in C. These are compiled by build.rs, and embedded in the final binary, and will be managed by the grains.

The ingraind-probes directory contains the BPF programs written in Rust.

Anything else?

For more information, take a look at the Wiki

Contribution

This project is for everyone. We ask that our users and contributors take a few minutes to review our [code of conduct]((https://github.com/abdelhasib)

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the GPL-3.0 license, shall be licensed as GPL-3.0, without any additional terms or conditions.

For further advice on getting started, please consult the Please note that all contributions MUST contain a sign-off line. Abdelhasib Naamaoui

You might also like...
A suite of programs for Solana key management and security.
A suite of programs for Solana key management and security.

🔑 goki Goki is a suite of programs for Solana key management and security. It currently features: Goki Smart Wallet: A wallet loosely based on the Se

Automated security testing for open source libraries and applications.

autovet continuously searches for security breaches in open source libraries and applications. Recently processed packages package version channel las

Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆

privacy-sexy Open-source tool to enforce privacy & security best-practices on Windows and MacOs, because privacy is sexy 🍑 🍆 privacy-sexy is a data-

Standing watch over the Pi Network, PiSentinel is a consensus algorithm that safeguards security, decentralization, and scalability.

pi-sentinel Standing watch over the Pi Network, PiSentinel is a consensus algorithm that safeguards security, decentralization, and scalability. Intro

Bindings to the macOS Security.framework

macOS/iOS Security framework for Rust Documentation Bindings to the Apple's Security.framework. Allows use of TLS and Keychain from Rust. License Lice

A Rust implementation of the Message Layer Security group messaging protocol

Molasses An extremely early implementation of the Message Layer Security group messaging protocol. This repo is based on draft 4 of the MLS protocol s

Audit Cargo.lock files for dependencies with security vulnerabilities

RustSec Crates 🦀 🛡️ 📦 The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via crates.io. The a

An uploader honeypot designed to look like poor website security.

HoneyUp An uploader honeypot designed to look like poor website security. Requirements Linux server NGiNX Rust toolchain (build only) Installation Bui

security.txt for Solana Contracts

security.txt This library defines a macro, which allows developers to provide easy-to-parse information to security researchers that wish to contact t

Owner
KingoOo
KingoOo
This is my home environment setup for monitoring temperature and humidity

Home EnViroNment Motivation This is my IoT temperature and humidity monitoring solution for where i live. I found it cheaper to go buy sensors and hoo

Fredrik 1 Jan 5, 2022
`llm-chain` is a powerful rust crate for building chains in large language models allowing you to summarise text and complete complex tasks

llm-chain ?? llm-chain is a collection of Rust crates designed to help you work with Large Language Models (LLMs) more effectively. Our primary focus

Sobel IO 36 Apr 6, 2023
A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules.

Sauron is a minimalistic, YARA based malware scanner with realtime filesystem monitoring written in Rust. Features Realtime scan of created and modifi

Simone Margaritelli 155 Dec 26, 2022
Lockstitch is an incremental, stateful cryptographic primitive for symmetric-key cryptographic operations in complex protocols.

Lockstitch is an incremental, stateful cryptographic primitive for symmetric-key cryptographic operations (e.g. hashing, encryption, message authentication codes, and authenticated encryption) in complex protocols.

Coda Hale 3 Dec 27, 2022
Release complex cargo-workspaces automatically with changelog generation, used by `gitoxide`

cargo smart-release Fearlessly release workspace crates and with beautiful semi-handcrafted changelogs. Key Features zero-configuration cargo smart-re

Sebastian Thiel 24 Oct 11, 2023
A challenge agent for Optimism written in pure Rust.

op-challenger • Note Work in progress. A set-and-forget challenge agent for the OP Stack written in pure Rust ?? Usage op-challenger [OPTIONS] \ --l

null 18 Apr 6, 2023
CrustAGI is an Task-driven Autonomous Agent experiment written in Rust

CrustAGI ?? CrustAGI is an experimental Rust-based implementation of an AI-powered task management system that uses OpenAI and Pinecone APIs to create

Lukas Schmyrczyk 20 Apr 19, 2023
Built for Perpetual Protocol v2 Curie on Optimism chain. This CLI tool was built with Rust.

Perpetual Protocol CLI for Perp v2 Curie This tool is to provide a simple, fast and efficient way to interact Perpetual Protocol contracts from your t

Brendan Wenzel 4 Jan 11, 2023
Diem’s mission is to build a trusted and innovative financial network that empowers people and businesses around the world.

Note to readers: On December 1, 2020, the Libra Association was renamed to Diem Association. The project repos are in the process of being migrated. A

Diem 16.7k Jan 8, 2023
Diem’s mission is to build a trusted and innovative financial network that empowers people and businesses around the world.

Note to readers: On December 1, 2020, the Libra Association was renamed to Diem Association. The project repos are in the process of being migrated. A

Diem 16.7k Jan 9, 2023