Skip to content

airbus-cert/dirtypipe-ebpf_detection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.images
.images
 
 
libbpf @ 20f0330
libbpf @ 20f0330
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

dirtypipe-ebpf_detection -- Dirtypipe detection tool

This program was made to detect Dirty Pipe exploitation attempts thanks to eBPF. It also monitors nonvulnerable kernels and docker containers.

🛫 If you want more details on how it works please read the blog post ! 🛬

How does it works?

Default execution:

sudo ./bin/dirtypipe_detection

Debug mode:

Show libbpf logs on execution

sudo ./bin/dirtypipe_detection --debug

Daemon mode:

Run program as daemon and send alerts over syslog

sudo ./bin/dirtypipe_detection --daemon

How to build?

Debian

sudo apt install git make pkg-config libelf-dev clang-11 libc6-dev-i386 bpftool -y
git clone https://github.com/airbus-cert/dirtypipe-ebpf_detection
cd ./dirtypipe-ebpf_detection/src/
make

Ubuntu

sudo apt install git make pkg-config libelf-dev clang-11 libc6-dev-i386 linux-tools-common linux-tools-$(uname -r) -y
git clone https://github.com/airbus-cert/dirtypipe-ebpf_detection
cd ./dirtypipe-ebpf_detection/src/
make

Credits and References

Read the original blog on Dirtypipe from max.kellermann@ionos.com

Read an interesting strategy from Datadog team

About

An eBPF detection program for CVE-2022-0847

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

27 stars

Watchers

9 watching

Forks

3 forks
Report repository

Releases 1

Initial Release Latest
Jul 5, 2022

Packages

No packages published

Languages