Logira – AI 代理运行的 eBPF 运行时审计

Logira – AI 代理运行的 eBPF 运行时审计
Show HN: Logira – eBPF runtime auditing for AI agent runs

原始链接: https://github.com/melonattacker/logira

## Logira：自动化运行时审计 Logira 是一款仅用于观察的 Linux 命令行工具，旨在审计自动化的运行时行为，特别是 AI 代理。它利用 eBPF 记录系统事件——进程执行、文件活动和网络连接——提供详细、可信的执行轨迹，*无需*干扰自动化流程。主要功能包括：为方便审查、搜索和检测分类，提供每次运行的本地存储（JSONL 和 SQLite）。Logira 提供内置检测规则，用于识别有风险的模式，例如凭据访问、破坏性命令和可疑网络活动，并允许添加自定义规则。它非常适合了解 AI 代理*实际*执行的操作，超越其报告的操作，并且可以轻松集成到本地自动化或 CI 任务中。安装通过脚本或 tarball 简单直接，需要较新的 Linux 内核（5.8+）和 systemd。Logira 不会阻止操作，仅记录和检测，使其成为有价值的安全和调试工具。更多信息和示例请访问：[https://github.com/melonattacker/logira](https://github.com/melonattacker/logira)。

Hacker News 新闻 | 过去 | 评论 | 提问 | 展示 | 招聘 | 提交登录 Show HN: Logira – AI 代理运行的 eBPF 运行时审计 (github.com/melonattacker) 6 分，由 melonattacker 4 小时前发布 | 隐藏 | 过去 | 收藏 | 讨论我开始使用 Claude Code (claude --dangerously-skip-permissions) 和 Codex (codex --yolo)，并意识到我没有可靠的方法来知道它们实际做了什么。代理自身的输出会告诉你一个故事，但那是代理的故事。 logira 通过 eBPF 在 OS 级别记录 exec、文件和网络事件，范围限定于每次运行。事件以 JSONL 和 SQLite 格式保存到本地。它附带默认的检测规则，用于检测凭证访问、持久性更改、可疑 exec 模式等。仅观察 – 它从不阻止。 https://github.com/melonattacker/logira 帮助指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请 YC | 联系方式搜索：

原文

OS-level runtime auditing for unpredictable automation.

logira is an observe-only Linux CLI that records runtime exec, file, and net events via eBPF. It helps you see what actually happened during AI agent runs and other forms of automation, with per-run local storage for auditing, post-run review, search, and detection triage.

eBPF-based runtime collection of process execution, file activity, and network activity.
cgroup v2 run-scoped tracking, so events can be attributed to a single audited run.
Per-run local storage in JSONL and SQLite for timeline review and fast querying.
Built-in default detection rules, with optional custom YAML rules.
Observe-only by design: logira records and detects, but does not enforce or block.

Audit what an AI agent actually executed, changed, and connected to during a run (for example, codex --yolo or claude --dangerously-skip-permissions).
Keep a trustworthy execution trail that does not depend on the agent’s own textual narrative.
Detect risky behavior patterns such as credential access, destructive commands, persistence changes, and suspicious network egress.
Review and share forensic evidence after a run using structured event history and detection results.
Add lightweight runtime auditing to local automation or CI tasks without changing workload behavior.

logira includes an opinionated, observe-only default ruleset aimed at auditing AI agent runs. You can also append your own per-run rules YAML with logira run --rules <file>.

Credential and secrets writes: ~/.ssh, ~/.aws, kube/gcloud/docker config, .netrc, .git-credentials, registry creds.
Sensitive credential reads: SSH private keys, AWS credentials/config, kubeconfig, docker config, .netrc, .git-credentials.
Persistence and config changes: writes under /etc, systemd units, cron, user autostart entries, shell startup files.
Temp droppers: executable files created under /tmp, /dev/shm, /var/tmp.
Suspicious exec patterns: curl|sh, wget|sh, tunneling/reverse shell tools and flags, base64 decode with shell hints.
Agent safety destructive patterns: rm -rf, git clean -fdx, find -delete, mkfs, terraform destroy, and similar commands.
Network egress: suspicious destination ports and cloud metadata endpoint access.

from script (recommended)

Option1. Install via the convenicent script:

curl -fsSL https://raw.githubusercontent.com/melonattacker/logira/main/install.sh | sudo bash

Option2. Manual install from a release tarball:

tar -xzf logira_vX.Y.Z_linux-<arch>.tar.gz
cd logira_vX.Y.Z_linux-<arch>
sudo ./install-local.sh

After reinstall / upgrade:

First install: no extra step is usually needed (install.sh runs systemctl enable --now).
Reinstall/upgrade over an existing install: restart logirad to ensure the new binary is running.

sudo systemctl daemon-reload
sudo systemctl restart logirad.service
sudo systemctl status logirad.service --no-pager

Build:

Start the root daemon (required for tracing):

How to run `logirad` via systemd

To run the root daemon in the background, install the unit file from packaging/systemd/logirad.service.

# 1) Generate eBPF objects (only needed if missing)
make generate

# 2) Install the systemd unit
sudo install -D -m 0644 packaging/systemd/logirad.service /etc/systemd/system/logirad.service

# 3) Install the daemon binary (unit defaults to /usr/local/bin/logirad)
sudo install -m 0755 ./logirad /usr/local/bin/logirad

# 4) (Recommended) Point systemd at the eBPF .o files via an environment file.
# This avoids relying on the service working directory.
sudo mkdir -p /etc/logira
sudo tee /etc/logira/logirad.env >/dev/null <<'EOF'
LOGIRA_EXEC_BPF_OBJ=/absolute/path/to/collector/linux/exec/trace_bpfel.o
LOGIRA_NET_BPF_OBJ=/absolute/path/to/collector/linux/net/trace_bpfel.o
LOGIRA_FILE_BPF_OBJ=/absolute/path/to/collector/linux/filetrace/trace_bpfel.o
EOF

# 5) Enable + start
sudo systemctl daemon-reload
sudo systemctl enable --now logirad

# Follow logs
sudo journalctl -u logirad -f

# Check status
systemctl status logirad --no-pager

# Stop + disable
sudo systemctl stop logirad
sudo systemctl disable --now logirad

Run an agent under audit as your normal user (events are auto-saved):

./logira run -- bash -lc 'echo hi > x.txt; curl -s https://example.com >/dev/null'
./logira run --rules ./my-rules.yaml -- bash -lc 'cat ~/.aws/credentials >/dev/null'

Run Codex CLI:

./logira run -- codex --yolo "Update the README to be clearer and add examples."

Run Claude Code CLI:

./logira run -- claude --dangerously-skip-permissions "Find and fix flaky tests."

List runs:

View and explain the last run:

./logira view last
./logira view last --ts both
./logira view last --color always
./logira explain last
./logira explain last --show-related
./logira explain last --drill 35

Query events:

./logira query last --type detection
./logira query last --type net --dest 140.82.121.4:443
./logira query last --related-to-detections --type net
./logira query last --contains curl

logira run -- <command...>: run a command under audit and auto-save a new run
logira runs: list saved runs
logira view [last|<run-id>]: run dashboard (use --raw for legacy text)
logira query [last|<run-id>] [filters...]: search events with type-specific table output
logira explain [last|<run-id>]: grouped detections by default (--show-related, --drill)

Rules:

built-in default ruleset is always active (internal/detect/rules/default_rules.yaml)
optional per-run custom rules can be appended with logira run --rules <yaml-file>
sample custom rules and trial commands: examples/rules/README.md
file event retention is rule-driven by file rules; --watch is deprecated compatibility only

Default home directory: ~/.logira (override: LOGIRA_HOME)

Each run is stored at:

~/.logira/
  runs/<run-id>/
    events.jsonl
    index.sqlite
    meta.json

run-id format: YYYYMMDD-HHMMSS-<tool>

Linux kernel 5.8+ is required.
systemd is required (the root daemon logirad is expected to run under systemd for normal installs).
cgroup v2 is required (check with logira status).
Tracing requires the root daemon logirad to be running; logira run itself does not require sudo.
If BPF object files are missing, set LOGIRA_EXEC_BPF_OBJ / LOGIRA_NET_BPF_OBJ / LOGIRA_FILE_BPF_OBJ.

Installed Paths (defaults)

The installer places:

binaries: /usr/local/bin/logira, /usr/local/bin/logirad
BPF objects: /usr/local/lib/logira/bpf/
systemd unit: /etc/systemd/system/logirad.service
environment file: /etc/logira/logirad.env (sets LOGIRA_EXEC_BPF_OBJ, LOGIRA_NET_BPF_OBJ, LOGIRA_FILE_BPF_OBJ)

Apache License 2.0. See LICENSE for details.

eBPF programs under collector/linux/ are dual-licensed: Apache-2.0 OR GPL-2.0-only.

This ensures compatibility with the Linux kernel when loading eBPF programs that require GPL-only helpers.