The eBPF module requires the following kernel features: KProbes (CONFIG_KPROBES = y) syscalls tracing support (CONFIG_FTRACE_SYSCALLS = y) Instructions are taken from the following website: https://www.slackbook.org/html/system-configuration-kernel.html Run all of the following commands below as root. - Enter into the kernel source directory: cd /usr/src/linux - Back up the current .config file: cp .config .config_backup - Bring the kernel back to its base state: make mrproper - Restore the previous .config file: cp .config_backup .config - Configure the kernel (it will load up .config): make menuconfig - Enable KProbes support: General architecture-dependent-options ---> [*] KProbes - Enable syscalls tracing: Kernel Hacking ---> [*] Tracers ---> [*] Trace Syscalls - Save the changes before exiting. - After exiting, prepare the source tree for compiling: make dep make clean - Compile the kernel: make bzImage - Then compile kernel modules: make modules - Back up previous vmlinuz and System.map files - Then copy the new vmlinuz and System.map files to /boot - For example (change depending on ARCH, generic vs huge kernel, etc.): KERNEL_VER=$(uname -r) mv /boot/vmlinuz-generic-$KERNEL_VER /boot/vmlinuz-generic-$KERNEL_VER-old cp arch/x86_64/boot/bzImage /boot/vmlinuz-generic-$KERNEL_VER mv /boot/System.map-generic-$KERNEL_VER /boot/System.map-generic-$KERNEL_VER.old cp System.map /boot/System.map-generic-$KERNEL_VER - Finally, install the kernel: make modules_install - Please complete any extra necessary steps on your system (ex. recompile initrd, run /sbin/lilo, etc.)