Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
Hades agent part very first release.
Warning Default grpc address is: grpc.hades.store, which is owned by Hades-team and always points to 127.0.0.1. Change the code or add internal dns if used in prod env.
Note
CO-RE version is available. You can run on your machine if BTF is supported.
md5 8381c509f2bc7bad341a5f31720ae426
sb_mount
userspace decode errordata_context
inproper size decodeNULL
for save_str_to_buf
sshd
bugs in plugin/collector
Release for plugin/eBPF 目前内核态支持 13 个 Hook,uprobe 一个。pre-release 部分代码较为清晰,可根据自己需要做修改