Update README.md

hackerschoice · Jan 30, 2024 · 717b9ee · 717b9ee
1 parent deaf780
commit 717b9ee
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ curl -o bpftrace -fsSL https://github.com/iovisor/bpftrace/releases/latest/downl
 chmod 755 bpftrace
 ```
 
-## Sniff all ssh/login/xterm session:
+## Project #1 - Sniff all ssh/login/xterm session:
 
 Record all PTY sessions and sniffs all ssh/sudo/su passwords of all users.
 
@@ -22,7 +22,7 @@ export BPFTRACE_STRLEN=200
 
 Tools by others: [SSHLog](https://ebpf.io/applications/#sshlog).
 
-## Keylogger:
+## Project #2 - Keylogger:
 
 Record all keys pressed on the keyboard:
 
@@ -33,4 +33,19 @@ Record all keys pressed on the keyboard:
 <img alt="keuylogger" src="https://github.com/hackerschoice/bpfhacks/assets/5938498/2d9d90bf-497d-4cc7-9583-5b8c162231b6">
 </p>
 
+## TIPS & TRICKS
+
+It may complain about missing Linux Kernel header files. Download them to a local directory:
+```sh
+wget https://debian.sipwise.com/debian-security/pool/main/l/linux/linux-headers-...
+dpkg-deb -xv linux-headers-*.deb "$(pwd)"
+export BPFTRACE_KERNEL_SOURCE="$(echo "$(pwd)/usr/src/linux-headers-"*)"
+sed '/generated\/autoconf.h/d' -i "${BPFTRACE_KERNEL_SOURCE}/include/linux/kconfig.h"
+```
+
+Check for BPF support in the Kernel (it is enabled by default):
+```sh
+grep CONFIG_BPF /boot/config-$(uname -r)
+```
+