dirtypipe-ebpf_detection -- Dirtypipe detection tool
This program was made to detect Dirty Pipe exploitation attempts thanks to eBPF. It also monitors nonvulnerable kernels and docker containers.
๐ซ If you want more details on how it works please read the blog post ! ๐ฌ
How does it works?
Default execution:
sudo ./bin/dirtypipe_detectionDebug mode:
Show libbpf logs on execution
sudo ./bin/dirtypipe_detection --debugDaemon mode:
Run program as daemon and send alerts over syslog
sudo ./bin/dirtypipe_detection --daemonHow to build?
Debian
sudo apt install git make pkg-config libelf-dev clang-11 libc6-dev-i386 bpftool -y
git clone https://github.com/airbus-cert/dirtypipe-ebpf_detection
cd ./dirtypipe-ebpf_detection/src/
makeUbuntu
sudo apt install git make pkg-config libelf-dev clang-11 libc6-dev-i386 linux-tools-common linux-tools-$(uname -r) -y
git clone https://github.com/airbus-cert/dirtypipe-ebpf_detection
cd ./dirtypipe-ebpf_detection/src/
makeCredits and References
Read the original blog on Dirtypipe from max.kellermann@ionos.com
Read an interesting strategy from Datadog team