Argus

Argus is an eBPF-based File Integrity Monitoring (FIM) tool that provides real-time detection of unauthorized file modifications by leveraging eBPF to efficiently track file system events at the kernel level.

Prerequisites:

Linux kernel version 5.7 or later
LLVM 11 or later
libbpf headers
Linux kernel headers
Go compiler version supported by ebpf-go's Go module
ebpf-go library

How to run:

go generate
go build (An executable named filemon will be generated if the build succeeds)
sudo ./filemon

Features:

Monitors file operations by tracing syscalls using eBPF
Currently traces openat and unlinkat syscalls
Reports PID, process name, operation type, and filename for each event

Name	Name	Last commit message	Last commit date
Latest commit suchit07-git init: trace openat and unlinkat syscalls Mar 17, 2025 525c119 · Mar 17, 2025 History 1 Commit
bpf	bpf	init: trace openat and unlinkat syscalls	Mar 17, 2025
README.md	README.md	init: trace openat and unlinkat syscalls	Mar 17, 2025
go.mod	go.mod	init: trace openat and unlinkat syscalls	Mar 17, 2025
go.sum	go.sum	init: trace openat and unlinkat syscalls	Mar 17, 2025
main.go	main.go	init: trace openat and unlinkat syscalls	Mar 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Argus

Prerequisites:

How to run:

Features:

About

Releases

Packages

Languages

WebClub-NITK/Argus

Folders and files

Latest commit

History

Repository files navigation

Argus

Prerequisites:

How to run:

Features:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages