has anyone played around with ebpf? The feed of exec() and open() calls seems quite useful from a security monitoring perspective


@jerry how does ebpf compare to auditd?

I've only ever seen auditd in any detail (it's pretty awesome), but the bits and pieces I've heard about bpf have been positive...

Sign in to participate in the conversation

Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.