π¦ Installation
Get Jibril running in minutes. Choose from simple binary execution, production-ready systemd services, or containerized deployments with Docker and Kubernetes.
π Quick Startβ
Choose your deployment method:
- π¦ Binary
- βοΈ Systemd
- π³ Docker
- βΈοΈ Kubernetes
Download and run Jibril directly:
sudo curl -L -o /usr/bin/jibril https://github.com/garnet-org/jibril-releases/releases/download/v2.8/loader
sudo chmod +x /usr/bin/jibril
Perfect for: Quick testing, development, single-server deployments
Install as a system service:
sudo curl -L -o /usr/bin/jibril https://github.com/garnet-org/jibril-releases/releases/download/v2.8/loader
sudo chmod +x /usr/bin/jibril
sudo jibril --systemd install
Perfect for: Production servers, automatic startup, process supervision
Run in a container:
docker pull garnetlabs/jibril:v2.8
docker run --rm --name=jibril --privileged \
--pid=host --cgroupns=host --network=host \
-e TERM=xterm -v /sys:/sys:ro \
-v /sys/fs/bpf:/sys/fs/bpf:rw \
-v /etc/jibril/:/etc/jibril:rw \
-v /var/log/jibril:/var/log/jibril:rw \
garnetlabs/jibril:v2.8
Perfect for: Container environments, testing, isolation
Deploy with Helm:
helm repo add garnet https://helm.garnet.ai
helm repo update
helm install jibril garnet/garnet \
--namespace security \
--create-namespace \
--set standalone.enabled=true
helm install jibril ./helm/garnet \
--namespace security \
--create-namespace \
--set standalone.enabled=true
Perfect for: Kubernetes clusters, cloud-native deployments, GitOps
π Requirementsβ
π§ Linux Systemβ
β Kernel Versionβ
Minimum: Linux 5.10+
Recommended: Linux 6.2+
Check your kernel version
uname -r
Output should be 5.10 or higher.
π eBPF Supportβ
Jibril requires eBPF support in your kernel. Modern distributions include this by default.
β Supported Distributions
- Ubuntu 22.04+ (all flavors)
- RHEL/CentOS/Rocky 9+
- Fedora 36+
- Debian 11+
- Amazon Linux 2023
- Arch Linux (latest)
π Verify eBPF support
Method 1: Check kernel config
zcat /proc/config.gz | grep -E "CONFIG_BPF=|CONFIG_BPF_SYSCALL=|CONFIG_HAVE_EBPF_JIT="
Expected output:
CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_HAVE_EBPF_JIT=y
Method 2: Use bpftool
Install bpftool:
# Arch Linux
sudo pacman -S extra/bpf
# Ubuntu/Debian
sudo apt install linux-tools-common linux-tools-generic
# Fedora/RHEL
sudo dnf install bpftool
Check available features:
sudo bpftool feature probe
Look for BPF and JIT features marked as available.
π Privileges & Capabilitiesβ
Jibril requires elevated privileges to attach eBPF programs to the kernel.
β οΈ Root Access Required
Jibril must run as root or with specific Linux capabilities.
Required capabilities:
CAP_BPFβ
- Load and manage eBPF programs
- Kernel: 5.8+ (preferred)
CAP_PERFMONβ
- Performance monitoring events
- Kernel: 5.8+
CAP_NET_ADMINβ
- Network observability
- Kernel: All versions
CAP_SYS_ADMINβ
- Fallback for older kernels
- Kernel: Pre-5.8
βΈοΈ Kubernetes Requirementsβ
βοΈ Cloud Provider Notesβ
AWS EKSβ
Ensure nodes use Amazon Linux 2 or 3 with kernel 5.10+ and eBPF support enabled.
Google GKEβ
Use standard or hardened node images with kernel 5.10+ and eBPF support enabled.
Azure AKSβ
All node pools support eBPF on supported kernel versions with kernel 5.10+ and eBPF support enabled.
DigitalOcean DOKSβ
Use standard or hardened node images with kernel 5.10+ and eBPF support enabled.
π― Next Stepsβ
Installation Methods
Explore all deployment options
Configuration
Customize Jibril behavior
Kubernetes Guide
Deploy on K8s clusters
Customization
Custom detections & reactions
π¬ Need Help?β
Join our community for support:
- π¬ Discord - #jibril - General questions and community support
- βΈοΈ Discord - #kubernetes - Kubernetes-specific help
- π§ Email Support - Official technical support
- π GitHub Issues - Bug reports and feature requests