has anyone played around with ebpf? The feed of exec() and open() calls seems quite useful from a security monitoring perspective
@jerry how does ebpf compare to auditd?
I've only ever seen auditd in any detail (it's pretty awesome), but the bits and pieces I've heard about bpf have been positive...
A Mastodon instance for info/cyber security-minded people.