Python Tracing and Runtime security

Question

Python Tracing and Runtime security

avideci opened this issue a year ago · 0 comments

secimport is a tool that is able to create NSJail commands (Kafel SECCOMP string) for any python program.
https://github.com/avilum/secimport#nsjail-support-seccomp

It uses eBPF under the hood, and I am using nsjail as another layer of defence (global SECCOMP) while secimport verifies the syscalls per package (module level) and not only in process level (like nsjail).

it is capable of tracing:

python entrypoints
running processes (by PID)
interactive shell (like the interactive mode in NSJail)

Since I have the capability of generating nsjail profiles for any given Python program,
I would be happy to contribute it by adding a guide or any other idea you might have if it's valuable to you.

Thanks.