Skip to content

WebClub-NITK/Argus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
bpf
bpf
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Argus

Argus is an eBPF-based File Integrity Monitoring (FIM) tool that provides real-time detection of unauthorized file modifications by leveraging eBPF to efficiently track file system events at the kernel level.

Prerequisites:

  • Linux kernel version 5.7 or later
  • LLVM 11 or later
  • libbpf headers
  • Linux kernel headers
  • Go compiler version supported by ebpf-go's Go module
  • ebpf-go library

How to run:

go generate
go build (An executable named filemon will be generated if the build succeeds)
sudo ./filemon

Features:

  • Monitors file operations by tracing syscalls using eBPF
  • Currently traces openat and unlinkat syscalls
  • Reports PID, process name, operation type, and filename for each event

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

17 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages