eBPF for Process and File Auditing: Extending to macOS with uBPF

Question

eBPF for Process and File Auditing: Extending to macOS with uBPF

Closed this issue 4 months ago · 1 comments

Hi,

I'm working on a research project where I want to use eBPF for auditing purposes, specifically for the following objectives:

Monitoring the creation and termination of each process.
Tracking file accesses for specific processes, such as creation and modification.

We already have a project addressing similar tasks for Linux, but we want to extend this capability to macOS as well. In my search, I came across the uBPF project and I'm curious if it could be used for the above goals.

Thank you!

Answer 1 · 2024-05-21T03:39:43.000Z

@hadisinaee I think this should be working now. Please re-open if this still needs more work.