I came from this article: https://blog.quarkslab.com/defeating-ebpf-uprobe-monitoring.html and this worked well for me:
# First log-in as root.
# This line creates a uretprobe named bashReadline at offset 0xd5690 of /bin/bash program that prints the return value as a string.
echo 'r:bashReadline /bin/bash:0xd5690 cmd=+0($retval):string' >> /sys/kernel/tracing/uprobe_events
# When the uprobe is added, activate it with this command:
echo 1 > /sys/kernel/tracing/events/uprobes/bashReadline/enable
The interesting part is that I can use a static offset and no need to worry about ASLR. Why is that?