extended Log4j observability tool used to detect and prevent malicious JNDI (/LDAP) lookups. Currently tested in a controlled environment.
- Developed with aya (https://github.com/aya-rs/aya) a Rust eBPF library.
- Use in tandem with https://github.com/christophetd/log4shell-vulnerable-app (baseline).
0.1.2: Rulesets added as static file (logger-info). . . revised overall event data structures . \ - rulesets, EventLog . added experimental LSM module (bpf syscall -- blackbox eLogJ) . 0.1.5: Rulesets configured using yaml file. 0.1.6: "file"/"local" log_type (yaml) 0.1.7: Added whitelist to yaml & LDAP Response tracing 0.1.8: Remote Agent-less logging (Wazuh Manager)
Rust stable and nightly toolchain:
rustup install stable
rustup toolchain install nightly --component rust-src
bpf-linker:
cargo install bpf-linker
Ref: https://aya-rs.dev/book/start/development/#how-to-use-this-guide
cargo build
cargo xtask build-ebpf
Default config: draft-rule-set-default.yml
cat logger-info/src/draft-rule-set-v1.yml
cargo xtask run
RUST_LOG=info cargo xtask run
WIP, Check out the wiki!