BPF Performance Tools

Chapter 11. Security

This chapter summarizes the security of BPF and BPF for security analysis, providing various tools that can be helpful for both security and performance observability. You can use these tools to detect intrusions, create whitelists of normal executable and privileged usage, and to enforce policies.

Learning Objectives:

Understand use cases for BPF security
Show new process execution to detect possible malicious software
Show TCP connections and resets to detect possible suspicious activity
Study Linux capability usage to aid the creation of whitelists
Understand other forensic sources, such as shell and console logging

This chapter begins with background on security tasks and then summarizes BPF capabilities, configuring ...

Get BPF Performance Tools now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

BPF Performance Tools by Brendan Gregg

Chapter 11. Security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly