louis is a simple tool using eBPF to automatically detect and respond to malicious behavior on a Linux system.
Usage
Usage:
louis [command]
Available Commands:
help Help about any command
hunt hunt for existing malicious activity
mitigate mitigate all known vulnerabilities
monitor actively monitor for malicious action
version print louis version
Flags:
-a, --active counter detected malicious activity (dangerous, may clobber)
-h, --help help for louis
-s, --syslog output to syslog
-v, --verbose enable verbose output
Use "louis [command] --help" for more information about a command.
Information
louis gathers information from the kernel through eBPF (with BCC). These sources are analyzed with information from categorized techniques and vulnerabilities.
There is no kernelspace component (other than the eBPF data-gathering code), which means louis is more susceptible to resource exhaustion and various types of executable manipulation. However, if that happens, you'll probably know about it.