suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.

Last update: Dec 22, 2022

Overview

suidsnoop

Log suid binaries and enforce per-uid suid policy.

suidsnoop is a tool for logging whenever a suid binary is executed on your system and optionally enforcing a per-uid policy for suid binaries. suidnsoop is built using eBPF LSM programs and is written in pure Rust using the Aya library.

Prerequisites

Install a rust stable toolchain: rustup install stable
Install a rust nightly toolchain: rustup install nightly
Install bpf-linker: cargo install bpf-linker

Build and Install

git clone https://github.com/willfindlay/suidsnoop && cd suidsnoop
make install

Make sure $HOME/.cargo/bin is in your $PATH!

Examples

Log all attempts to run suid binaries:

sudo suidsnoop

Allow uid 1000 and deny all others:

sudo suidsnoop -u 1000

Deny uid 1001 and allow all others:

sudo suidsnoop -U 1001

Do a dry run of a policy:

sudo suidsnoop -U 1001 -d

Tool for debugging WebAssembly (like gdb).

wasmgdb gdb for WebAssembly Install cargo install wasmgdb Usage Use wasm-edit to transform your module and, once WebAssembly traps, collect the WebAs

12 Dec 15, 2022

Distrod is a meta-distro for WSL 2 which runs Systemd as init process. You can run Ubuntu, Arch, and et.c with systemd in a minute. Distrod also has built-in auto-start feature on Windows startup and port forwarding abiltiy.

Distrod - WSL2 Distros with Systemd! Distrod is a systemd-based meta-distro for WSL2 that allows you to install Ubuntu, Arch Linux, Gentoo and many ot

1.6k Jan 9, 2023

Open Source Rust kernel; Runs WASM and WASI as lightweight containers.

😳 etheryal Kernel etheryal kernel is an Open Source capability-based Kernel written in the Rust programming language. The kernel allows implementing

32 Dec 4, 2022

The official kernel for Popcorn OS, and operating system designed for handheld devices.

About Popkern is the kernel for Popcorn OS, an operating system designed for handheld devices. As such, the kernel is (to be) optimised at all levels

3 Sep 19, 2021

🍒 Small, simple, and fast kernel written in Rust. 🌸

5 May 20, 2022

An UEFI application that unlocks a SED and starts an OS from it. Written in Rust

opal-uefi-greeter This is an UEFI application written in Rust that unlocks a SED and then launches another UEFI application from the unlocked drive -

26 Jan 4, 2023

A RISC-V and unix-like operating system developed just for fun.

Orca 虎鲸 A RISC-V and unix-like operating system developed just for fun. Schedule [*] bootloader (use RustSBI-qemu) [ ] linker & stack [ ] memory alloc

4 May 29, 2022

Writing an OS in Rust, To Study Operating System and Computer System

Hun Os Writing an OS in Rust, To Study Operating System and Computer System Reference Os Written In Rust https://github.com/seonghun-dev/blog_os https

2 Dec 15, 2022

Cross-architecture utilities for temporarily disabling interrupts and signals.

interrupts Cross-architecture utilities for temporarily disabling interrupts and signals. Use disable to disable interrupts with a guard: // interrupt

4 Oct 5, 2023

Owner

William Findlay

Member of the CISL @ CarletonU Interested in: Computer Security, Operating Systems, GNU/Linux, eBPF

GitHub

A custom kernel for educational reasons

16 Dec 25, 2022

A new operating system kernel with Linux binary compatibility written in Rust.

Kerla Kerla is a monolithic operating system kernel from scratch in Rust which aims to be compatible with the Linux ABI, that is, runs Linux binaries

3.1k Jan 1, 2023

A library that makes it VERY easy to run Holochain as a library, from your own binary, with great defaults

embedded-holochain-runner A library that makes it VERY easy to run Holochain as a library, from your own binary, with great defaults How it will work

14 Jul 23, 2022

This project is based on code from freertos.rs and some additions to simplify the usage of FreeRTOS in embedded applications written in Rust

FreeRTOS-rust This project is based on code from freertos.rs and some additions to simplify the usage of FreeRTOS in embedded applications written in

196 Jan 4, 2023

A language-based OS to run Rust on bare metal

RustOS A simple, language-based OS. Current features: Simple VGA for seeing output Some Rust libraries (core, alloc, collections) already in Working (

402 Dec 8, 2022

A language-based OS to run Rust on bare metal

RustOS A simple, language-based OS. Current features: Simple VGA for seeing output Some Rust libraries (core, alloc, collections) already in Working (

79 Dec 3, 2022

Aero is a new modern, unix based operating system. It is being developed for educational purposes.

Areo Aero is a new modern, unix based operating system written in Rust and is being developed for educational purposes. Aero follows the monolithic ke

623 Dec 24, 2022

A lightweight microkernel/IPC based operating system built with Rust which is not a clone of any existing operating system

Noble Operating System Noble is a lightweight microkernel and IPC based operating system built with Rust which is not a clone of any existing operatin

3 Jan 10, 2022

A Rust-based userland which also adds compile-time assurances to seL4 development.

ferros Overview A Rust library to add extra assurances to seL4 development. ferros provides smart type-safe wrappers around seL4 features with an emph

68 Dec 25, 2022

A fresh FRAME-based Substrate node, ready for hacking

Substrate Node Template A fresh FRAME-based Substrate node, ready for hacking ?? Getting Started Follow the steps below to get started with the Node T

13 Aug 26, 2022

suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.

Related tags

Overview

suidsnoop

Prerequisites

Build and Install

Examples

You might also like...

Tool for debugging WebAssembly (like gdb).

Distrod is a meta-distro for WSL 2 which runs Systemd as init process. You can run Ubuntu, Arch, and et.c with systemd in a minute. Distrod also has built-in auto-start feature on Windows startup and port forwarding abiltiy.

Open Source Rust kernel; Runs WASM and WASI as lightweight containers.

The official kernel for Popcorn OS, and operating system designed for handheld devices.

🍒 Small, simple, and fast kernel written in Rust. 🌸

An UEFI application that unlocks a SED and starts an OS from it. Written in Rust

A RISC-V and unix-like operating system developed just for fun.

Writing an OS in Rust, To Study Operating System and Computer System

Cross-architecture utilities for temporarily disabling interrupts and signals.

Owner

William Findlay

A custom kernel for educational reasons

A new operating system kernel with Linux binary compatibility written in Rust.

A library that makes it VERY easy to run Holochain as a library, from your own binary, with great defaults

This project is based on code from freertos.rs and some additions to simplify the usage of FreeRTOS in embedded applications written in Rust

A language-based OS to run Rust on bare metal

A language-based OS to run Rust on bare metal

Aero is a new modern, unix based operating system. It is being developed for educational purposes.

A lightweight microkernel/IPC based operating system built with Rust which is not a clone of any existing operating system

A Rust-based userland which also adds compile-time assurances to seL4 development.

A fresh FRAME-based Substrate node, ready for hacking