Summary
Evolve Siper from IP-based network filtering (XDP) to a host-aware security agent by introducing process-level outbound connection monitoring and enforcement.
Problem
Current Siper only blocks predefined IP addresses at the network layer (XDP). It lacks process context and cannot enforce policies based on executable identity or runtime behavior.
Goal (MVP)
Implement process-aware monitoring of outbound connections and enable allow/deny decisions based on:
- Executable inode
- Executable path
- Destination IP
- Destination port
- Protocol
Non-Goals (MVP):
- Filesystem filtering
- Unix socket filtering
- D-Bus filtering
- Time-based rule expiration
- GUI interaction prompts
Kernel (eBPF):
- Attach to network system calls with tracepoint or equivalent hook
- Capture process identity and network details
- Enforce allow/deny decision
User-space:
- Static rule engine (no interactive UI yet)
- Configurable policy file
Summary
Evolve Siper from IP-based network filtering (XDP) to a host-aware security agent by introducing process-level outbound connection monitoring and enforcement.
Problem
Current Siper only blocks predefined IP addresses at the network layer (XDP). It lacks process context and cannot enforce policies based on executable identity or runtime behavior.
Goal (MVP)
Implement process-aware monitoring of outbound connections and enable allow/deny decisions based on:
Non-Goals (MVP):
Kernel (eBPF):
User-space: