Log all binary executions in Kubernetes.
Based on BPF program from iovisor/gobpf.
Development WIP.
-
Install
https://github.com/iovisor/bcc
(INSTALL.md) -
Build on host machine:
go build execsnoop.go
-
Dockerize
docker build -t execsnoop .
sudo docker run --rm -it -v /lib:/lib -v /usr/src:/usr/src -v /var/run/docker.sock:/var/run/docker.sock --privileged execsnoop
TBD