Package: endura-sensor
Version: 0.38.16-1
Architecture: amd64
Maintainer: Infrared Security, LLC.
Installed-Size: 26461
Filename: ./endura-sensor_0.38.16-1_amd64.deb
Size: 3866220
MD5sum: 0379f138bee1f6f70a90cfb19d20aba9
SHA1: ccae1a871860b1d1215cda8ab17c72d39f8f2adf
SHA256: 8c6f752fe76f15b80804d173dacaa9733c3c67c0f38615111179622dd91b2140
Section: Development
Priority: optional
Description: endura sensor
 # Endura Runtime Sensor
 .
 A Linux runtime security sensor that uses eBPF and LSM hooks to provide
 kernel-level security monitoring and policy enforcement for CI/CD pipelines and
 production deployments.
 .
 ## Overview
 .
 The Endura Runtime Sensor intercepts and validates security-relevant operations
 at the kernel level before they execute. It supports a deny-by-default policy
 model where operations not explicitly permitted are blocked when enforcement is
 enabled.
 .
 ### Key Capabilities
 .
 - **File System Monitoring** - Execution, file reads/writes/overwrites,
 creation, deletion, renaming, hard links, symbolic links, mounting, chroot,
 pivot root, disk quotas
 - **Network Monitoring** - TCP/IP bind/connect (IPv4/IPv6), Unix domain
 sockets, raw/packet sockets, netlink sockets, virtual sockets (vsock)
 - **Container Security** - Container image execution control, socket access
 restrictions
 - **Process Management** - Process termination, scheduling, resource limits,
 process groups
 - **Memory Protection** - Memory mapping control, W+X (write-execute) violation
 detection, LD_PRELOAD injection detection
 - **Kernel Operations** - eBPF program loading, kernel module loading, kernel
 memory access
 - **Privilege Escalation** - Linux capability monitoring (setuid, setgid,
 net_admin, sys_admin, etc.)
 - **IPC Monitoring** - System V shared memory and message queues
 .
 ### Architecture
 .
 The sensor operates in two layers:
 .
 1. **Kernel Space** (C/eBPF) - LSM and fentry hooks intercept security
 operations, evaluate policies via shared BPF LPM-trie maps, and emit events
 through BPF ring buffers
 2. **User Space** (Rust) - Processes events from ring buffers, manages jobs and
 policies, reports violations to the Endura Team Server
 .
 Each hook has both LSM and fentry variants for maximum kernel compatibility
 (5.11+). Some hooks cover both legacy and modern kernel APIs (e.g.,
 `security_sb_mount` and `security_move_mount` for mount operations).
 .
 ### Policy Enforcement
 .
 Policies are JSON documents that define permitted runtime operations:
 .
 - **Derive** - Monitor behavior and auto-generate policy rules
 - **Observe** - Log violations without blocking
 - **Enforce** - Block unauthorized operations
 .
 Policy rules use pipe-delimited expressions with support for wildcards (`all`),
 brace expansion (`{a,b}`), and workspace variables (`%workspace%`). Path
 expressions also do **parent-path matching** — a rule for a directory (e.g.
 `/usr/bin`) permits everything beneath it (`/usr/bin/cat`).
 .
 ### Jobs
 .
 A policy is activated by starting a **job** over a workspace directory:
 .
 ```bash
 endura job start --workspace <dir> --policy <file>
 ```
 .
 Non-root users may start jobs, but only for a workspace that **exists on disk
 and is owned by the calling user** — this confines an unprivileged user's
 policy to workspaces it owns. The sensor process (running as root) starts the
 built-in system jobs that protect its own files.
 .
 ## Configuration
 .
 ### Environment Variables
 .
 | Variable | Description | Default |
 | --- | --- | --- |
 | `ENDURA_BATCHER_AUTOFLUSH` | Submit violations as detected instead of
 batching them | `false` |
 | `ENDURA_EXIT_ZERO` | Force every `endura` command to exit with status code
 `0` even when an error is reported | `false` |
 | `ENDURA_HTTP_TIMEOUT` | HTTP client timeout, in seconds, when communicating
 with the Team Server | `5` |
 | `ENDURA_JOB_TIMEOUT` | Max duration a job may run before it is auto-purged
 (`s`/`m`/`h`/`d` suffix, e.g. `2h`); `0` or unset disables it | disabled |
 | `ENDURA_LICENSE_KEY` | License key required for sensor operation | — |
 | `ENDURA_LOG_FILE` | Log file destination (created mode `0600`, readable only
 by root) | `/var/log/endura/sensor.log` |
 | `ENDURA_LOG_LEVEL` | Log verbosity: `trace`, `debug`, `info`, `warn`, or
 `error` | `info` |
 | `ENDURA_SENSOR_KILL_TASK` | Kill tasks/processes that trigger violations |
 `true` |
 | `ENDURA_SENSOR_TOKEN` | Team Server authentication token | — |
 | `ENDURA_TEAM_SERVER` | Team Server URL for centralized reporting | — |
 | `ENDURA_TLS_VERIFY` | Verify Team Server TLS certificates (disabling is
 dangerous, testing only) | `true` |
 .
 ### Exit Codes
 .
 By default `endura` exits non-zero when a command reports an error. Two
 mechanisms override this so a failure does not abort the surrounding script or
 CI/CD pipeline:
 .
 - `ENDURA_EXIT_ZERO=true` — makes **every** `endura` command exit `0` even on
 error.
 - `--exit-zero` flag on `endura sensor stop`, `endura job stop`, and `endura
 job restart` — the per-command equivalent; the error is printed to stderr but
 the process still exits `0`.
 .
 ## Building
 .
 Builds require a privileged container with eBPF toolchain support:
 .
 ```bash
 make bootstrap  # Install system dependencies
 make lint       # Run cargo fmt and clippy
 make build      # Build release binary
 make test       # Run integration tests
 make world      # Full pipeline: clean, lint, build, test, package
 ```
 .
 ## Testing
 .
 ```bash
 # Run all integration tests (requires privileged container)
 make test
 .
 # Run a specific policy test
 make -C ./tests/policy/path_rename
 ```
 .
 ## License
 .
 Copyright Endura Security. All rights reserved.

