suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.

Overview

suidsnoop

Log suid binaries and enforce per-uid suid policy.

suidsnoop is a tool for logging whenever a suid binary is executed on your system and optionally enforcing a per-uid policy for suid binaries. suidnsoop is built using eBPF LSM programs and is written in pure Rust using the Aya library.

Prerequisites

  1. Install a rust stable toolchain: rustup install stable
  2. Install a rust nightly toolchain: rustup install nightly
  3. Install bpf-linker: cargo install bpf-linker

Build and Install

git clone https://github.com/willfindlay/suidsnoop && cd suidsnoop
make install

Make sure $HOME/.cargo/bin is in your $PATH!

Examples

Log all attempts to run suid binaries:

sudo suidsnoop

Allow uid 1000 and deny all others:

sudo suidsnoop -u 1000

Deny uid 1001 and allow all others:

sudo suidsnoop -U 1001

Do a dry run of a policy:

sudo suidsnoop -U 1001 -d
You might also like...
Tool for debugging WebAssembly (like gdb).

wasmgdb gdb for WebAssembly Install cargo install wasmgdb Usage Use wasm-edit to transform your module and, once WebAssembly traps, collect the WebAs

Distrod is a meta-distro for WSL 2 which runs Systemd as init process. You can run Ubuntu, Arch, and et.c with systemd in a minute. Distrod also has built-in auto-start feature on Windows startup and port forwarding abiltiy.
Distrod is a meta-distro for WSL 2 which runs Systemd as init process. You can run Ubuntu, Arch, and et.c with systemd in a minute. Distrod also has built-in auto-start feature on Windows startup and port forwarding abiltiy.

Distrod - WSL2 Distros with Systemd! Distrod is a systemd-based meta-distro for WSL2 that allows you to install Ubuntu, Arch Linux, Gentoo and many ot

Open Source Rust kernel; Runs WASM and WASI as lightweight containers.

๐Ÿ˜ณ etheryal Kernel etheryal kernel is an Open Source capability-based Kernel written in the Rust programming language. The kernel allows implementing

The official kernel for Popcorn OS, and operating system designed for handheld devices.

About Popkern is the kernel for Popcorn OS, an operating system designed for handheld devices. As such, the kernel is (to be) optimised at all levels

๐Ÿ’ Small, simple, and fast kernel written in Rust. ๐ŸŒธ
๐Ÿ’ Small, simple, and fast kernel written in Rust. ๐ŸŒธ

๐Ÿ’ Small, simple, and fast kernel written in Rust. ๐ŸŒธ

An UEFI application that unlocks a SED and starts an OS from it. Written in Rust

opal-uefi-greeter This is an UEFI application written in Rust that unlocks a SED and then launches another UEFI application from the unlocked drive -

A RISC-V and unix-like operating system developed just for fun.

Orca ่™Ž้ฒธ A RISC-V and unix-like operating system developed just for fun. Schedule [*] bootloader (use RustSBI-qemu) [ ] linker & stack [ ] memory alloc

Writing an OS in Rust, To Study Operating System and Computer System

Hun Os Writing an OS in Rust, To Study Operating System and Computer System Reference Os Written In Rust https://github.com/seonghun-dev/blog_os https

Cross-architecture utilities for temporarily disabling interrupts and signals.

interrupts Cross-architecture utilities for temporarily disabling interrupts and signals. Use disable to disable interrupts with a guard: // interrupt

Owner
William Findlay
Member of the CISL @ CarletonU Interested in: Computer Security, Operating Systems, GNU/Linux, eBPF
William Findlay
A custom kernel for educational reasons

A custom kernel for educational reasons

TornaxO7 16 Dec 25, 2022
A new operating system kernel with Linux binary compatibility written in Rust.

Kerla Kerla is a monolithic operating system kernel from scratch in Rust which aims to be compatible with the Linux ABI, that is, runs Linux binaries

Seiya Nuta 3.1k Jan 1, 2023
A library that makes it VERY easy to run Holochain as a library, from your own binary, with great defaults

embedded-holochain-runner A library that makes it VERY easy to run Holochain as a library, from your own binary, with great defaults How it will work

Sprillow 14 Jul 23, 2022
This project is based on code from freertos.rs and some additions to simplify the usage of FreeRTOS in embedded applications written in Rust

FreeRTOS-rust This project is based on code from freertos.rs and some additions to simplify the usage of FreeRTOS in embedded applications written in

Lobaro 196 Jan 4, 2023
A language-based OS to run Rust on bare metal

RustOS A simple, language-based OS. Current features: Simple VGA for seeing output Some Rust libraries (core, alloc, collections) already in Working (

null 402 Dec 8, 2022
A language-based OS to run Rust on bare metal

RustOS A simple, language-based OS. Current features: Simple VGA for seeing output Some Rust libraries (core, alloc, collections) already in Working (

null 79 Dec 3, 2022
Aero is a new modern, unix based operating system. It is being developed for educational purposes.

Areo Aero is a new modern, unix based operating system written in Rust and is being developed for educational purposes. Aero follows the monolithic ke

Anhad Singh 623 Dec 24, 2022
A lightweight microkernel/IPC based operating system built with Rust which is not a clone of any existing operating system

Noble Operating System Noble is a lightweight microkernel and IPC based operating system built with Rust which is not a clone of any existing operatin

Revolution Xenon 3 Jan 10, 2022
A Rust-based userland which also adds compile-time assurances to seL4 development.

ferros Overview A Rust library to add extra assurances to seL4 development. ferros provides smart type-safe wrappers around seL4 features with an emph

Auxon Corporation 68 Dec 25, 2022
A fresh FRAME-based Substrate node, ready for hacking

Substrate Node Template A fresh FRAME-based Substrate node, ready for hacking ?? Getting Started Follow the steps below to get started with the Node T

Worlddev5007 13 Aug 26, 2022