Overview
Explore a comprehensive conference talk on Sysarmor, Meta's eBPF-based security detection and enforcement tool. Delve into the tool's deployment in high-threat environments, including collocated hosts, Meta Network Appliances, development servers, Meta cloud gaming, and public cloud platforms. Discover Sysarmor's unique approach of evaluating rules within the BPF program, enabling BPF-LSM enforcement. Learn about its 40+ BPF-based detections covering networking, privilege escalation, hardware attacks, rootkits, unknown executables, container creation, and container escape. Gain insights into challenging areas addressed by the Sysarmor team, such as efficient process information gathering, container information association with kernel data, effective use of uprobes in system executables, and leveraging BPF iterators for context recreation after service restarts.
Syllabus
Sysarmor Metas eBPF Security Detection and Enforcement Tool- Liam Wisehart, Shankaran Gnanashanmugam
Taught by
Linux Plumbers Conference