update trace #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

maheshbhatiya73 merged 1 commit into main from dev

Nov 9, 2025

.cargo/config.toml

-Original file line number
+Diff line change
@@ -0,0 +1,5 @@
+    [unstable]
+    build-std = ["core"]
+    [build]
+    rustflags = ["-C", "panic=abort"]

BUILD-EBPF.md

-Original file line number
+Diff line change
@@ -0,0 +1,46 @@
+    # Building Aya eBPF Programs
+    Aya eBPF programs require special compilation. Here are the options:
+    ## Option 1: Use Aya Template (Recommended)
+    The easiest way is to use Aya's template system:
+    ```bash
+    cargo install aya-toolchain
+    cd secrds-ebpf
+    cargo build --release
+    ```
+    ## Option 2: Manual Build with rustc + clang
+    Since `bpfel-unknown-none` target is not available in stable Rust, you can:
+. Compile Rust to LLVM IR:
+    ```bash
+    cd secrds-ebpf
+    rustc --emit=llvm-ir --target bpfel-unknown-none src/lib.rs
+    ```
+. Compile LLVM IR to eBPF with clang:
+    ```bash
+    clang -target bpf -O2 -g -c output.ll -o secrds-ebpf.bpf.o
+    ```
+    ## Option 3: Use Pre-compiled eBPF
+    For now, you can use the original C eBPF program (`trace_ssh_guard.c`)
+    and compile it with clang until the Rust eBPF build is set up:
+    ```bash
+    cd secrds-programs  # if you still have the C version
+    clang -O2 -g -target bpf -c trace_ssh_guard.c -o trace_ssh_guard.bpf.o
+    ```
+    ## Current Status
+    The Rust eBPF code is written but needs proper build setup. The agent
+    can load pre-compiled eBPF programs from `/usr/local/lib/secrds/`.
+    For production, set up the Aya build system or use the C version temporarily.

Cargo.toml

-Original file line number
+Diff line change
@@ -0,0 +1,29 @@
+    [workspace]
+    members = [
+        "secrds-ebpf",
+        "secrds-agent",
+        "secrds-cli",
+    ]
+    resolver = "2"
+    [workspace.package]
+    version = "0.1.0"
+    edition = "2021"
+    authors = ["secrds"]
+    license = "Dual BSD/GPL"
+    [workspace.dependencies]
+    serde = { version = "1.0", features = ["derive"] }
+    serde_json = "1.0"
+    serde_yaml = "0.9"
+    tokio = { version = "1.0", features = ["full"] }
+    anyhow = "1.0"
+    thiserror = "1.0"
+    log = "0.4"
+    env_logger = "0.11"
+    clap = { version = "4.5", features = ["derive"] }
+    [profile.release]
+    strip = true
+    lto = true
+    panic = "abort"

Makefile

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -1,21 +1,28 @@
  
    .PHONY: build install clean test fmt clippy docker-build docker-run help

    .PHONY: build install clean test fmt clippy build-bpf help

    help:

    	@echo "Available targets:"

    	@echo "  build         - Build all components"

    	@echo "  build         - Build all Rust components"

    	@echo "  build-bpf     - Build eBPF programs"

    	@echo "  install       - Install to system (requires root)"

    	@echo "  clean         - Clean build artifacts"

    	@echo "  test          - Run tests"

    	@echo "  fmt           - Format code"

    	@echo "  clippy        - Run clippy linter"

    	@echo "  docker-build  - Build Docker image"

    	@echo "  docker-run    - Run Docker container"

    	@echo "  help          - Show this help"

    build:

    build: build-bpf

    	@echo "Building secrds Security Monitor..."

    	@chmod +x build.sh

    	@./build.sh

    	@cargo build --release

    	@echo "Build complete."

    build-bpf:

    	@echo "Building eBPF programs..."

    	@echo "Note: Aya eBPF build requires special setup."

    	@echo "See BUILD-EBPF.md for instructions."

    	@chmod +x build-ebpf.sh

    	@./build-ebpf.sh

    	@echo "eBPF build complete (may be placeholder)."

    install:

    	@echo "Installing secrds Security Monitor..."

    @@ -24,24 +31,18 @@ install:
  
    clean:

    	@echo "Cleaning build artifacts..."

    	@cd secrds-programs && make clean || true

    	@cargo clean

    	@rm -rf target/release/secrds-*

    	@rm -rf target/bpfel-unknown-none

    test:

    	@echo "Running Go tests..."

    	@cd secrds-agent && go test ./... || true

    	@cd secrds-cli && go test ./... || true

    	@echo "Running Rust tests..."

    	@cargo test --workspace || true

    fmt:

    	@echo "Formatting Go code..."

    	@cd secrds-agent && go fmt ./... || true

    	@cd secrds-cli && go fmt ./... || true

    docker-build:

    	@echo "Building Docker image..."

    	@docker build -t secrds:latest .

    docker-run:

    	@echo "Running Docker container..."

    	@docker-compose up -d

    	@echo "Formatting Rust code..."

    	@cargo fmt --all || true

    clippy:

    	@echo "Running clippy linter..."

    	@cargo clippy --workspace || true

README.md

This file was deleted.

build-ebpf.sh

-Original file line number
+Diff line change
@@ -0,0 +1,46 @@
+    #!/bin/bash
+    set -e
+    # Colors
+    GREEN="\e[32m"
+    RED="\e[31m"
+    YELLOW="\e[33m"
+    RESET="\e[0m"
+    echo -e "${YELLOW}[*] Cleaning old build artifacts...${RESET}"
+    cargo clean
+    echo -e "${YELLOW}[*] Building secrds-ebpf for target bpfel-unknown-none...${RESET}"
+    cargo +nightly build --release -Z build-std=core -p secrds-ebpf --target bpfel-unknown-none
+    if [ $? -ne 0 ]; then
+        echo -e "${RED}[!] Build failed. Check errors above.${RESET}"
+        exit 1
+    fi
+    # Ensure target binary exists
+    EBPF_BIN="target/bpfel-unknown-none/release/secrds_ebpf"
+    if [ ! -f "$EBPF_BIN" ]; then
+        echo -e "${RED}[!] eBPF binary not found at $EBPF_BIN${RESET}"
+        exit 1
+    fi
+    echo -e "${YELLOW}[*] Copying built binary to /usr/local/lib/secrds/...${RESET}"
+    sudo mkdir -p /usr/local/lib/secrds
+    sudo cp "$EBPF_BIN" /usr/local/lib/secrds/secrds-ebpf.o
+    echo -e "${YELLOW}[*] Loading eBPF program into kernel...${RESET}"
+    sudo bpftool prog load /usr/local/lib/secrds/secrds-ebpf.o \
+      /sys/fs/bpf/secrds_prog type tracepoint pinmaps /sys/fs/bpf/secrds_maps 2>&1 | tee /tmp/secrds_load.log || true
+    if grep -q "failed" /tmp/secrds_load.log; then
+        echo -e "${RED}[!] eBPF load failed. See /tmp/secrds_load.log for verifier output.${RESET}"
+        exit 1
+    else
+        echo -e "${GREEN}[+] eBPF program loaded successfully!${RESET}"
+    fi
+    echo -e "${YELLOW}[*] Checking loaded programs...${RESET}"
+    sudo bpftool prog show | grep secrds || echo -e "${RED}[!] No secrds program found.${RESET}"
+    echo -e "${GREEN}[✓] Done.${RESET}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update trace #11

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!

Uh oh!