My Linux Servers Were Sick… Need Triage STAT
My Linux systems started acting strange — high load, lagging terminals, and memory in use with no owner.
Auditd was flooding logs, rsyslogd was melting down, and even bpftool showed dozens of eBPF programs running silently under PID 1, UID 0..
CYVS is a diagnostic script for the modern Linux era, built for transparency, detection, and truth.
Supports:
Debian 13
Devuan 5
Pop!_OS 22,.04
Ubuntu 25.10
Arch
Alpine
Uses: Syft + Grype for SBOM + CVE analysis
You will need two other packages bpftools and jq
GitHub:COMING SOON
Chapters
00:00 - Intro
00:04 - cyvs
00:58 - Setup
01:32 - Install the toolk
02:05 - Run
02:31 - What it does
03:28 - Kernel Command Line
03:47 - Test 4: Systemd Analyze
03:59 - Test 5 Kernel Version
04:33 - Test 7 Kernel eBPF config check
05:11 - Test 8 Show Active eBPF programs
06:16 - Test 9 Attached BPF Cgrtoup and Net Filters
06:41 - Test 10 - rookit scan
06:47 - Test 11 - eBPF Loaded Maps (Memory Locks)
06:59 - systemd services bound to eBPF
07:04 - Test 13: If you use Auditd displays info
07:12 - Dummy Auditd rules I set up for today
08:01 - Test 14 : Security Modules for Kernel if any
08:05 - Test 15: If you use the older CVE Tracker
08:25 - Grype checking file system against CVE Database
08:52 - Grype Report
09:08 - Final Thoughts
Auditd was flooding logs, rsyslogd was melting down, and even bpftool showed dozens of eBPF programs running silently under PID 1, UID 0..
CYVS is a diagnostic script for the modern Linux era, built for transparency, detection, and truth.
Supports:
Debian 13
Devuan 5
Pop!_OS 22,.04
Ubuntu 25.10
Arch
Alpine
Uses: Syft + Grype for SBOM + CVE analysis
You will need two other packages bpftools and jq
GitHub:COMING SOON
Chapters
00:00 - Intro
00:04 - cyvs
00:58 - Setup
01:32 - Install the toolk
02:05 - Run
02:31 - What it does
03:28 - Kernel Command Line
03:47 - Test 4: Systemd Analyze
03:59 - Test 5 Kernel Version
04:33 - Test 7 Kernel eBPF config check
05:11 - Test 8 Show Active eBPF programs
06:16 - Test 9 Attached BPF Cgrtoup and Net Filters
06:41 - Test 10 - rookit scan
06:47 - Test 11 - eBPF Loaded Maps (Memory Locks)
06:59 - systemd services bound to eBPF
07:04 - Test 13: If you use Auditd displays info
07:12 - Dummy Auditd rules I set up for today
08:01 - Test 14 : Security Modules for Kernel if any
08:05 - Test 15: If you use the older CVE Tracker
08:25 - Grype checking file system against CVE Database
08:52 - Grype Report
09:08 - Final Thoughts
DJ Ware
I would like to use this channel to give back to the community what I have learned from others. I cover a wide range of topics on computing technology from Home Server setup on a budget, Linux for general use (workstation, server and development), High P...