Hades
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
APACHE-2.0 License
Stars
278
Bot releases are visible (Hide)
Hades agent part very first release.
Warning
Default grpc address is: grpc.hades.store, which is owned by Hades-team and always points to 127.0.0.1. Change the code or add internal dns if used in prod env.
Hades
- Release collector-v1.1.0
Published by github-actions[bot] over 1 year ago
Hades
- Release ebpfdriver-v1.1.0
Published by github-actions[bot] over 1 year ago
Features
- #58 Support of some port-scanning detection, adding sport, sip in some network-related hooks.
- #38 Arm64 supported now
- bump ebpfmanager to v0.4.0, so that higher kernel version like v6.0.0+ should be supported now
- change the codes of BPF-bytecode, for now, in production, the BPF-bytecode should be downloaded
- Testcases enhanced
- Ratelimit in both kernel space(UDP) and userspace(sys_connection) for better performance
- Clean the old uprobe_bash_history
Bugs fix
- #63 #64 by @spoock1024
- Other fixes by @chriskaliX
Hades
- Hades-eBPF-Driver v1.0.0 release
Published by chriskaliX about 2 years ago
Note
CO-RE version is available. You can run on your machine if BTF is supported.
Features
- kernel hook detection (by comparing the address)
- 14 hooks for security detection
- many helpful fields almost like Elkeid
Contributors
- @rockingl contributed multiple patches #44 #45 #48 #50 #51
- @dark-lbp made his first contribution #47
Checksum
md5 8381c509f2bc7bad341a5f31720ae426
Package Rankings
Top 6.82% on Proxy.golang.org