fsprobe: fsprobe (FSProbe is a file system events notifier based on eBPF)
fsprobe:
fsprobe: FSProbe is a file system events notifier based on eBPF. Instead of
fsprobe: hooking at the syscall level (like other eBPF solutions: opensnoop,
fsprobe: Falco, ...), FSProbe works by listening for events at the VFS
fsprobe: level. Paths are resolved at runtime by going through the dentry tree
fsprobe: up to the mount point of the filesystem. One of the main advantages
fsprobe: of this solution is that the paths provided by FSProbe are absolute
fsprobe: and resolved, while a syscall based strategy would only export
fsprobe: syscall parameters (and thus potentially attacker controlled data).
fsprobe: Home: https://github.com/Gui774ume/fsprobe