Skip to content
/ aisir Public

Named after the beautiful loch Aisir in northen Scotland, Aisir is an Ebpf based tool that logs and filters connection to remote IP addresses

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Assaf-R/aisir

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.gitignore
.gitignore
 
 
Readme.md
Readme.md
 
 
aisir.py
aisir.py
 
 
aisir_bpf.c
aisir_bpf.c
 
 

Repository files navigation

Aisir

Named after the beautiful loch Aisir in northen Scotland, Aisir is an eBpf based tool that logs and filters connection to remote IP addresses

How does this work?

The python program - aisir.py - loads the bpf c program - aisir_bpf.c - and hooks the connect syscall with a kprobe. The eBpf program checks if a connection to the remote IP is allowed. in the ip_list.txt file. The results are logged to /var/log/loch/aisirX.log

How to run

RUN AS ROOT
You need to run the program with either the -w or -b flags, To determine if your firewall wil work based on a whitelist or blacklist. If you chose whitelist only connections to addresses in the list will be allowed, and if you chose blacklist they will be dropped

notes

  • The ip_list.txt needs to be in the same dir with the programs
  • The ip_list.txt file needs to include only valid ip addresses

About

Named after the beautiful loch Aisir in northen Scotland, Aisir is an Ebpf based tool that logs and filters connection to remote IP addresses

Topics

linux security firewall ebpf ebpf-programs security-tools

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages