aa-ebpf 0.0.1-alpha.9

eBPF-based kernel-level monitoring hooks for Agent Assembly
1
2
3
4
5

//! Kprobe handler for `sys_openat`.
//!
//! Intercepts file open operations to detect access to sensitive paths
//! (e.g., `/etc/shadow`, `~/.ssh/`) and capture the open flags
//! (`O_RDONLY`, `O_WRONLY`, `O_RDWR`, `O_CREAT`).