Hades
Hades copied to clipboard
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
**Is your feature request related to a problem? Please describe.** Nope **Describe the solution you'd like** compatible vmlinux.h or generate it. **Describe alternatives you've considered** None **Additional context** Git actions...
**Is your feature request related to a problem? Please describe.** Nope **Describe the solution you'd like** Test-case for every event and add these into CI/CD **Describe alternatives you've considered** **Additional...
use Ringbuf as default map over kernel version 5.8. Since ringbuf get better performance and ordered the msgs
Ordered msgs in perf_event, add a function to sort the msgs in time order, so that a ppid_argv (parent pid argv) can be done properly
**Describe the bug** dport always 512 in Centos 8(CORE) **Environment** - OS Information: 4.18.0-348.7.1.el8_5.x86_64 **To Reproduce** reverse shell **Expected behavior** port just like we use in the command
Let the plugin collector support windows
In some situation, udp-related syscall is called very frequently. The kprobe itself may become the limitation of the performace. Let the ebpfmanager unload the probe.