From 679600b1c4d9afc31c30f99e8128d4a9749e1652 Mon Sep 17 00:00:00 2001 From: chriskaliX Date: Sat, 29 Jul 2023 11:15:43 +0800 Subject: [PATCH] docs: readme update --- README-zh_CN.md | 8 ++++---- README.md | 8 ++++---- plugins/eguard/README.md | 4 ++++ 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/README-zh_CN.md b/README-zh_CN.md index 93f5882f..071db94d 100644 --- a/README-zh_CN.md +++ b/README-zh_CN.md @@ -32,10 +32,10 @@ Hades 是一个基于 eBPF 的主机入侵检测系统,同时兼容低版本 ## 插件列表 -- [Driver-eBPF](https://github.com/chriskaliX/Hades/tree/main/plugins/edriver) +- [EDriver](https://github.com/chriskaliX/Hades/tree/main/plugins/edriver) - [Collector](https://github.com/chriskaliX/Hades/tree/main/plugins/collector) -- HoneyPot -- Monitor +- [Eguard](https://github.com/chriskaliX/Hades/tree/main/plugins/eguard) +- [NCP](https://github.com/chriskaliX/Hades/tree/main/plugins/ncp) - Scanner - Logger @@ -43,7 +43,7 @@ Hades 是一个基于 eBPF 的主机入侵检测系统,同时兼容低版本 --- -### eBPF Driver +### EDriver > 支持 `21` 种 Hook,涵盖大部分安全审计检测需求,采集字段基本和 Elkeid 相同 diff --git a/README.md b/README.md index bb75b4a6..583c0f15 100644 --- a/README.md +++ b/README.md @@ -34,10 +34,10 @@ Declaration: This project is based on [Tracee](https://github.com/aquasecurity/t ## Plugins -- [eBPF Driver](https://github.com/chriskaliX/Hades/tree/main/plugins/edriver) +- [EDriver](https://github.com/chriskaliX/Hades/tree/main/plugins/edriver) - [Collector](https://github.com/chriskaliX/Hades/tree/main/plugins/collector) -- HoneyPot (gopacket-based) -- Monitor +- [Eguard](https://github.com/chriskaliX/Hades/tree/main/plugins/eguard) +- [NCP](https://github.com/chriskaliX/Hades/tree/main/plugins/ncp) - Scanner - Logger @@ -45,7 +45,7 @@ Declaration: This project is based on [Tracee](https://github.com/aquasecurity/t ------ -### eBPF Driver +### EDriver > Here are 21 hooks over `tracepoints`/`kprobes`/`uprobes`. The fields are extended just like Elkeid(basically). diff --git a/plugins/eguard/README.md b/plugins/eguard/README.md index 2006b274..f31e945b 100644 --- a/plugins/eguard/README.md +++ b/plugins/eguard/README.md @@ -5,6 +5,10 @@ > eguard is meant for the formal version of edr. This is based on libbpf-rs and will add BTFhub into this project. +## Features + +- [x] Ingress/Egress ACL + ## Quick start > prerequisite: BTF supported kernel version (will move on to the BTFHub in the feature)