BitBlazr: Getting Started

The project runs under Linux, kernel 5.13+. It has been tested on x86_64(amd64), arm64(aarch64), and armv7a architectures. Currently, available deployment methods include:

Docker
Build from source

Docker

Docker containers are available for the x86_64, arm64, and armv7a architectures and can be found on DockerHub: https://hub.docker.com/repository/docker/ziosec/bitblazr

As with most security sensors "privileged" mode is required, as is host networking.

docker run -it --privileged --network host -v /custom/config/dir:/app/config -e sensor_name=SENSOR_NAME -e log_level=LOG_LEVEL --name CONTAINER_NAME ziosec/bitblazr

Command to run the sensor

Most of the flags are optional, the only required ones are "--privileged" and "--network".

Here is the description of the rest of the switches:

/app/config volume - use this to mount in a custom configuration directory. Otherwise BitBlazr will use the defaults found in the container.
sensor_name - this is where you assign a custom name to the sensor so it's easier to track, it will show up in logs, MQTT client_id, and cloudevents "source" field.
log_level - set desired log level here, standard log levels apply here, such as "trace", "debug", "info", "warn", "error". But default "info" level will be used.
name - docker container name for local management tasks

Build from source

To build and run the sensor first make sure you have prerequisites installed. Those include:

Rust - rustc and cargo components. The best way to install these is by using rustup and following directions here.
Latest version of LLVM.

Then follow these steps:

Install bpf-linker by running:
cargo install bpf-linker
Clone the repository:
git clone https://github.com/auseckas/bitblazr.git
Build eBPF modules:
cargo xtask build-ebpf --release
Build user space application:
cargo build --release

And finally, run it:
RUST_LOG=info cargo xtask run