Build
First, install build dependencies:
Generate vmlinux.rs or skip this step if your kernel version is 6.8.0-86-generic
(use uname -a to check kernel version).
cargo xtask vmlinux-gen
Release build:
cargo xtask build --release
Run
sudo ./target/release/bombini --bpf-objs ./target/bpfel-unknown-none/release --config-dir ./config
Or using cargo:
cargo xtask run --release -- --bpf-objs ./target/bpfel-unknown-none/release --config-dir ./config
By default Bombini sends event to stdout in JSON format and starts only ProcMon detector intercepting
process execs and exits. To customize your Bombini setup, please, follow the Configuration.
Bombini uses env_logger crate. To see agent logs set RUST_LOG=info|debug environment variable.
Tarball
You can generate a tarball with installation scripts for bombini systemd service.
If you need config customization than update detector configs in ./config directory and execute:
cargo xtask tarball --release
Release tarball will be located at target/bombini.tar.gz
Install / Uninstall
Install bombini systemd service:
tar -xvf ./target/bombini.tar.gz -C ./target && \
sudo ./target/bombini/install.sh
Check events:
tail -f /var/log/bombini/bombini.log
Uninstall with uninstall.sh:
sudo ./target/bombini/uninstall.sh