eguard: doc patch

plugins/eguard/README.md

@@ -5,11 +5,12 @@
 
 > eguard is meant for the formal version of edr. This is based on libbpf-rs and will add BTFhub into this project.
 
-> The tc ingress may impact on the hook already does, considering cgroup_skb in the future.
-
 ## Features
 
-- [x] Ingress/Egress ACL
+- [x] (Layer 4) TC-based ip restriction
+- [x] (Layer 7) Dns-based restriction
+- [ ] File access restriction
+- [ ] Kernel exploit detection
 
 ## Quick start
 
@@ -26,13 +27,4 @@ For debugging usage, `make debug`
 
 1. Why Rust
 
-    Nothing special. This would be easier if we use golang since edriver is already finished. Just want to try things differently, which means we may trans to golang if the libs of rust is not as good as we want.
-
-2. What the features?
-
-    Several basic features which, I think, would be useful in real world. Detection is NOT the purpose of this plugin.
-
-    [x] (Layer 4) TC-based ip restriction
-    [x] (Layer 7) Dns-based restriction
-    [ ] File access restriction
-    [ ] Kernel exploit detection
+    Nothing special. This would be easier if we use golang since edriver is already finished. Just want to try things differently, which means we may trans to golang if the libs of rust is not as good as we expected.

plugins/eguard/config.yaml

@@ -23,4 +23,8 @@ dns:
     domain: "grpc.hades.store"
   - name: "eguard_egress_test_dns_1"
     action: DENY
-    domain: "*.baidu.com"
+    domain: "*.baidu.com"
+file:
+  - name: "file_test_1"
+    action: DENY
+    file: /etc/passwd