ziosec/bitblazr

By ziosec

Updated about 2 years ago
Archived

Bitblazr offers a kernel-level rule system for policy enforcement as well as configurable logging.

Image
Security
Internet of things
0

598

ziosec/bitblazr repository overview

Docs, starting with Getting Started

BitBlazr harnesses the power of eBPF to fortify IoT and other Linux runtimes against potential threats. Blending features from Mandatory Access Controls (MAC) and eBPF-based monitoring programs, the sensor offers a kernel-level rule system for policy enforcement, as well as configurable logging targets, empowering users with robust filtering logic and clear delineation between events, alerts, and informational messages. Docker containers are available for the x86_64, arm64, and armv7a architectures. As with most security sensors "privileged" mode is required, as is host networking.

You can run the sensor by using the following command:

docker run -it --privileged --network host -v /custom/config/dir:/app/config -e sensor_name=SENSOR_NAME -e log_level=LOG_LEVEL --name CONTAINER_NAME ziosec/bitblazr

Most of the flags are optional, the only required ones are "--privileged" and "--network". So the simpliest way to run the sensor would be:

docker run -it --privileged --network host ziosec/bitblazr

​Here is the description of the rest of the switches:

/app/config volume - use this to mount in a custom configuration directory. Otherwise BitBlazr will use the defaults found in the container.
sensor_name - this is where you assign a custom name to the sensor so it's easier to track, it will show up in logs, MQTT client_id, and cloudevents "source" field.
log_evel - set desired log level here, standard log levels apply here, such as "trace", "debug", "info", "warn", "error". But default "info" level will be used.
name - docker container name for local management tasks.

Tag summary

Content type

Image

Digest

sha256:4431dc15c

Size

48.4 MB

Last updated

about 2 years ago

docker pull ziosec/bitblazr