'ebpf program to prevent VSCode server from running
I have to manage a Linux host with ssh enabled on it. It's a jump host and it's not supposed to be used for anything else other than for getting into a secure network. The problem is I have noticed users using it as dev box by running VSCode server (remote ssh mode) on it. The binary that VSCode seems to be running remotely is code-server. Is it possible to create a ebpf program that gets called when a new process is created, such that the program checks the binary name and fails the fork?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|