this post was submitted on 25 Jun 2026
51 points (98.1% liked)

Linux

14168 readers
311 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
 

I wrote a dead simple file canary tool that will install an eBPF program that drops all outgoing packets if a canary is touched. I wrote this in response to the current trend of supply chain attacks that try to harvest credentials

you are viewing a single comment's thread
view the rest of the comments
[–] BetterDev@programming.dev 2 points 1 week ago (5 children)

This is really cool. I appreciate you sharing it. I'm currently building out my homelab to try out various softwares and scenarios, and one of the things I'm worried about is malicious software sneaking in, and compromising my LAN.

In the case that something does, this essentiallyy provides a tripwire which leaves all the evidence intact while stopping the bleed (unless it has a VM escape, but that's another story).

In any case, this is very useful and I'm really glad you made it. Thanks!

[–] MonkderVierte@lemmy.zip 2 points 1 week ago (3 children)

This should definitely not be run on a server unless you really know what you're doing. You will lose all connectivity and you will never be able to get it back by normal means!

[–] BetterDev@programming.dev 3 points 1 week ago (1 children)

Uh yeah, that's the whole idea. I can always just bring it offline and mount the root as a separate disk to a different VM to investigate.

[–] BetterDev@programming.dev 1 points 1 week ago (1 children)

Or even just log in via serial console, but that's not a capability I have coded in yet.

[–] BetterDev@programming.dev 2 points 1 week ago

I guess what I'm saying is I match the "really know what you're doing" criteria.

load more comments (1 replies)
load more comments (2 replies)