suidsnoop
Rust
★ 16
updated 4y ago
suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.
No plain-English explanation yet — one is being written right now. Check back in a minute.