{"id":47529050,"url":"https://github.com/innerwarden/innerwarden","last_synced_at":"2026-05-16T09:14:48.637Z","repository":{"id":344599775,"uuid":"1179528666","full_name":"InnerWarden/innerwarden","owner":"InnerWarden","description":"Autonomous security agent for Linux and macOS. 40 eBPF hooks. 48 detectors. 20 response playbooks. 30 correlation rules. 98% MITRE ATT\u0026CK coverage (41/42). Kill chain tracking. AI agent protection. Mesh defense. Pure Rust.","archived":false,"fork":false,"pushed_at":"2026-04-02T01:34:57.000Z","size":10985,"stargazers_count":84,"open_issues_count":5,"forks_count":11,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-02T02:46:08.272Z","etag":null,"topics":["agent-guard","ai-agent-security","anomaly-detection","autonomous-defense","correlation-engine","ebpf","firewall","honeypot","host-security","incident-response","intrusion-detection","ja3","kernel","linux","rust","security","sigma-rules","threat-detection","tls-fingerprinting","yara"],"latest_commit_sha":null,"homepage":"https://www.innerwarden.com","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/InnerWarden.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["maiconburn"]}},"created_at":"2026-03-12T05:40:36.000Z","updated_at":"2026-04-02T01:23:12.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/InnerWarden/innerwarden","commit_stats":null,"previous_names":["maiconburn/innerwarden","innerwarden/innerwarden"],"tags_count":46,"template":false,"template_full_name":null,"purl":"pkg:github/InnerWarden/innerwarden","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnerWarden%2Finnerwarden","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnerWarden%2Finnerwarden/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnerWarden%2Finnerwarden/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnerWarden%2Finnerwarden/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/InnerWarden","download_url":"https://codeload.github.com/InnerWarden/innerwarden/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InnerWarden%2Finnerwarden/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31508282,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T03:10:19.677Z","status":"ssl_error","status_checked_at":"2026-04-07T03:10:13.982Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-guard","ai-agent-security","anomaly-detection","autonomous-defense","correlation-engine","ebpf","firewall","honeypot","host-security","incident-response","intrusion-detection","ja3","kernel","linux","rust","security","sigma-rules","threat-detection","tls-fingerprinting","yara"],"created_at":"2026-03-27T20:54:09.627Z","updated_at":"2026-05-16T09:14:48.621Z","avatar_url":"https://github.com/InnerWarden.png","language":"Rust","funding_links":["https://github.com/sponsors/maiconburn"],"categories":[],"sub_categories":[],"readme":"# Inner Warden\n\n**The security agent that fights back.**\n\nMost security tools warn you when something's wrong. Inner Warden runs its own AI **inside your server**, decides what's a real threat, and stops it. No team to react, no cloud needed. Open source, you decide where your data goes.\n\n\u003e It's 2 AM. Someone brute-forces your SSH. You're asleep.\n\u003e Inner Warden blocks the IP, captures the session, deploys a honeypot, and alerts you on Telegram.\n\u003e You wake up to a report, not a compromised server.\n\n```bash\ncurl -fsSL https://innerwarden.com/install | sudo bash\n```\n\nInstalls in 10 seconds. Starts in observe-only mode. Dry-run by default. You decide when to go live.\n\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/InnerWarden/innerwarden/badge)](https://scorecard.dev/viewer/?uri=github.com/InnerWarden/innerwarden)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12546/badge)](https://www.bestpractices.dev/projects/12546)\n[![codecov](https://codecov.io/gh/InnerWarden/innerwarden/branch/main/graph/badge.svg)](https://codecov.io/gh/InnerWarden/innerwarden)\n[![CI](https://github.com/InnerWarden/innerwarden/actions/workflows/ci.yml/badge.svg)](https://github.com/InnerWarden/innerwarden/actions/workflows/ci.yml)\n[![Security](https://github.com/InnerWarden/innerwarden/actions/workflows/security.yml/badge.svg)](https://github.com/InnerWarden/innerwarden/actions/workflows/security.yml)\n[![Release](https://img.shields.io/github/v/release/InnerWarden/innerwarden?label=release\u0026color=blue)](https://github.com/InnerWarden/innerwarden/releases/latest)\n[![License: Apache-2.0](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](LICENSE)\n[![GitHub Stars](https://img.shields.io/github/stars/InnerWarden/innerwarden)](https://github.com/InnerWarden/innerwarden/stargazers)\n[![Last Commit](https://img.shields.io/github/last-commit/InnerWarden/innerwarden)](https://github.com/InnerWarden/innerwarden/commits/main)\n\n![Built with Rust](https://img.shields.io/badge/built%20with-Rust-orange)\n![eBPF Hooks](https://img.shields.io/badge/eBPF%20hooks-40-blueviolet)\n![Detectors](https://img.shields.io/badge/detectors-49-blue)\n![Correlation Rules](https://img.shields.io/badge/correlation%20rules-47-purple)\n![Tests](https://img.shields.io/badge/tests-6632-brightgreen)\n![MITRE Coverage](https://img.shields.io/badge/MITRE%20ATT%26CK-65%20mappings-red)\n![Sigma Rules](https://img.shields.io/badge/Sigma%20rules-208-blueviolet)\n![Memory](https://img.shields.io/badge/memory-~250MB%20(full%20stack)-green)\n![AI Optional](https://img.shields.io/badge/AI-optional-lightgrey)\n![Storage](https://img.shields.io/badge/storage-SQLite%20WAL-blue)\n![Graph](https://img.shields.io/badge/knowledge%20graph-11%20types%2C%2050%20relations-purple)\n\n---\n\n### Who is this for?\n\n- **SREs and sysadmins** who manage Linux servers and want automated threat response, not just alerts\n- **Self-hosters** who run exposed services and need production-grade security without enterprise pricing\n- **AI agent operators** who run OpenClaw, LangChain, or n8n and need to stop agents from executing dangerous commands\n- **Security teams** who want kernel-level visibility (eBPF) with MITRE ATT\u0026CK coverage and compliance (ISO 27001)\n\n### How is this different?\n\nIt lives where the action is. Not a tool watching from outside, not an alert in someone else's dashboard. Inner Warden runs inside the server, sees what every program does, and decides what to do — all without leaving the box. One binary, one SQLite database, no SIEM bundle, no external IDS, no cloud control plane. Two Rust daemons and a CLI.\n\n40 eBPF kernel hooks. 49 detectors. 22 collectors. 47 cross-layer correlation rules. 65 MITRE ATT\u0026CK techniques (40% validated via Caldera). 208 Sigma community rules. Autoencoder anomaly detection. Behavioral DNA attacker fingerprinting. JA3/JA4 TLS fingerprinting. YARA + Sigma rule engines. Monthly threat reports. Mesh collaborative defense. **Unified SQLite store** for every artifact (incidents, decisions, KV cache, graph snapshots, attacker profiles). **Intelligent notifications**: incidents group into a single Telegram message per IP instead of one-per-event. **Circuit breaker**: per-hour cap on autonomous block decisions protects against runaway enforcement (pause / log-only / dry-run modes). **Continuous trust scoring**: graduated enforcement plus daily self-check. **Regression safety net**: `make scenario-qa` gates every PR against drift for 7 canonical attack scenarios.\n\n\u003ch3 align=\"center\"\u003e\n \u003ca href=\"https://innerwarden.com/live\"\u003eSee it responding to real attacks right now\u003c/a\u003e\n\u003c/h3\u003e\n\nhttps://github.com/user-attachments/assets/b55967a6-a2d0-4158-9007-05e689d5bf0c\n\nhttps://github.com/user-attachments/assets/6ea1e124-52c2-48fe-8600-4b2f3d670116\n\n---\n\n### Why this exists\n\nI built Inner Warden because I wanted something that could detect a reverse shell at the kernel level, block the attacker, deploy a honeypot, and alert me on Telegram, all in under 5 seconds, with zero external dependencies. So I built it.\n\nSolo developer. Apache-2.0. If this project helps protect your servers, [give it a star](https://github.com/InnerWarden/innerwarden/stargazers) so others can find it.\n\n---\n\n## Architecture\n\n```\n┌─────────────────────────────────────────────────────────────────────┐\n│ FIRMWARE / BIOS (Ring -2) │\n│ MSR write guard (LSTAR/SMRR) | ACPI method monitoring | ESP hash │\n│ SPI controller probing | eBPF weaponization detection (VoidLink) │\n└─────────────────────────────────────────────┬───────────────────────┘\n │\n┌─────────────────────────────────────────────┼───────────────────────┐\n│ HYPERVISOR (Ring -1) │ │\n│ VM introspection | KVM monitoring | VM exit analysis │\n└─────────────────────────────────────────────┼───────────────────────┘\n │\n┌─────────────────────────────────────────────┼──────────────────────┐\n│ KERNEL (Ring 0) │ │\n│ │\n│ ┌───────────── ─┐ ┌───────────┐ ┌─────────┐ ┌───────────────┐ │\n│ │23 tracepoints │ │ 5 kprobes │ │ 3 LSM │ │ XDP │ │\n│ │ execve, │ │ creds, │ │ exec │ │ wire-speed │ │\n│ │ connect, │ │ MSR, ACPI │ │ file │ │ IP blocking │ │\n│ │ openat, │ │ timestomp │ │ bpf │ │ 10M+ pps │ │\n│ │ mount, clone, │ │ truncate │ │ + kill │ │ allowlist + │ │\n│ │ ptrace, ... │ │ │ │ chain │ │ blocklist │ │\n│ └──────┬─────── ┘ └─────┬─────┘ └───┬─────┘ └──────┬────────┘ │\n│ └─ ───────┬───────┘ │ │ │\n│ ▼ │ │ │\n│ ┌─────────────┐ │ │ │\n│ │ Ring Buffer │ │ │ │\n│ │ (1MB epoll) │ │ │ │\n│ └──────┬──────┘ │ │ │\n└──────────────────┼────────────── ──────┼───────────────┼───────────┘\n │ │ │\n ▼ │ │\n┌────────────────────────────────────────────────────────────────── ┐\n│ SENSOR │\n│ │\n│ ┌─────────┐ ┌─────────┐ ┌────────┐ ┌────────────────────────┐ │\n│ │auth.log │ │journald │ │ Docker │ │ eBPF collector │◄─┘ |\n│ │nginx │ │syslog │ │ cgroup │ │ (40 hooks) │ |\n│ └────┬────┘ └────┬────┘ └──┬──── ┘ └───────────┬────────────┘ │\n│ │ │ │ │ │\n│ ┌────┴────┐ ┌────┴─────┐ ┌─┴──────────────┐ │ │\n│ │DNS/HTTP │ │TLS/JA3 │ │kernel_integrity│ │ │\n│ │capture │ │JA4 │ │proc_maps │ │ │\n│ │(native) │ │(native) │ │fanotify │ │ │\n│ └────┬────┘ └────┬─────┘ └───────┬────────┘ │ │\n│ └───────────┴───────────────┴─────────────┘ │\n│ │ │\n│ ┌─────▼──────┐ │\n│ │49 detectors│ + 8 YARA + 8 Sigma │\n│ │ stateful │ │\n│ └─────┬──────┘ │\n│ │ │\n│ ┌───────────▼───────────┐ │\n│ │ events + incidents │ │\n│ │ (SQLite WAL) │ │\n│ └───────────┬───────────┘ │\n└──────────────────────────┼────────────────────────────────────────┘\n │\n┌──────────────────────────┼────────────────────────────────────────┐\n│ AGENT │ │\n│ ▼ │\n│ ┌───────────────────────────────────────────────────────────┐ │\n│ │ Knowledge Graph (in-memory) │ │\n│ │ 11 node types (Process, IP, File, User, Domain, ...) │ │\n│ │ 50 relation types | 27 graph detectors | 10 graph rules │ │\n│ │ Autoencoder anomaly scoring (58 features) │ │\n│ └────────────────────────┬──────────────────────────────────┘ │\n│ ▼ │\n│ ┌──────────────────────────────────────────────┐ │\n│ │ 47 Cross-Layer Correlation Rules │ │\n│ │ + Kill Chain Tracker (7 stages per entity) │ │\n│ │ + Threat DNA behavioral fingerprinting │ │\n│ └────────────────────┬─────────────────────────┘ │\n│ ▼ │\n│ ┌──────────────────┐ │\n│ │ Algorithm Gate │ skip low-sev, private IP │\n│ └────────┬─────────┘ │\n│ ▼ │\n│ ┌────────────────────┐ │\n│ │ Enrich: AbuseIPDB, │ │\n│ │ GeoIP, CrowdSec │ │\n│ └────────┬───────────┘ │\n│ ▼ │\n│ ┌──────────────────────┐ │\n│ │ Local Warden │ on-device ONNX classifier │\n│ │ (warden default, │ ~91 MB, 61 ms p50, runs │\n│ │ securebert opt) │ before any cloud LLM call │\n│ └──────────┬───────────┘ │\n│ ▼ │\n│ ┌─────────────────────┐ │\n│ │ AI Triage (opt LLM) │ OpenAI / Anthropic / Ollama │\n│ └────────┬────────────┘ via AI Capability Router │\n│ ▼ │\n│ ┌─────────────────┐ ┌──────────────┐ │\n│ │ Skill Executor │────►│ LSM enforce │ │\n│ │ block_ip (5) │ │ XDP block │ │\n│ │ kill_process │ └──────────────┘ │\n│ │ suspend_sudo │ ┌──────────────┐ │\n│ │ honeypot │────►│ Cloudflare │ │\n│ │ playbooks (20) │ │ AbuseIPDB │ │\n│ └────────┬────────┘ └──────────────┘ │\n│ │ │\n│ ┌────────────┼────────────┬──────────────┐ │\n│ ▼ ▼ ▼ ▼ │\n│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────┐ │\n│ │ Telegram │ │ Slack │ │ Webhook │ │ Mesh Network │ │\n│ │ bot │ │ │ │ (any) │ │ peer defense │ │\n│ └──────────┘ └──────────┘ └──────────┘ └──────────────┘ │\n│ │\n│ ┌───────────────────────────────────────────────────────────┐ │\n│ │ innerwarden.db (SQLite WAL) │ │\n│ │ Events, incidents, decisions, graph snapshots, KV state, │ │\n│ │ attacker profiles, baselines | Hash chain audit trail │ │\n│ └───────────────────────────────────────────────────────────┘ │\n│ │\n│ ┌───────────────────────────────────────────────────────────┐ │\n│ │ Dashboard: HUD, threats, investigation, attacker intel, │ │\n│ │ MITRE ATT\u0026CK map, monthly reports, baseline learning, │ │\n│ │ ISO 27001 compliance, hash chain, live SSE, audit trail, │ │\n│ │ drift metrics (spec 024), trust scores (spec 020) │ │\n│ └───────────────────────────────────────────────────────────┘ │\n└───────────────────────────────────────────────────────────────────┘\n```\n\n**Runtime layers added in v0.12.0** (sit between the AI Triage and the notification channels above):\n\n- **Notification gate** (spec 005) — every channel (Telegram, Slack, Webhook, Push) goes through a single policy that returns `SendNow` / `DailyBriefingOnly` / `Drop`. Burst summary collapses 50+/h auto-blocks into one \"all handled\" message.\n- **Graduated enforcement** (spec 020) — state machine promotes a responder from `Observe` → `Warn` → `Contain` → `Enforce` based on continuous trust scoring and AI SOC daily checks (11 system parsers).\n- **Observation verification** (spec 021) — behavioural score engine + AI batch verification clears active false positives instead of leaving them to rot.\n- **Regression safety net** (spec 024) — `make scenario-qa` asserts volume envelopes for 7 canonical scenarios; 10 drift metrics exported on `/metrics`; `docs/prometheus-alerts.yaml` consumes them.\n- **Structured subgraph prompt** (spec 025, opt-in) — when `ai.use_structured_subgraph = true`, the LLM receives the graph context as JSON nodes/edges instead of prose (measured +20pp action accuracy on qwen2.5:3b).\n\n---\n\n## What it does\n\n1. **Watches**: 20+ collectors across all layers — eBPF syscall tracing (40 kernel hooks including timestomp and log truncation), firmware integrity (ESP, UEFI, ACPI, MSR, SPI), memory forensics (/proc/maps RWX detection), native network capture (DNS queries, HTTP requests, JA3/JA4 TLS fingerprinting), filesystem real-time monitoring, cgroup resource abuse, kernel integrity (syscall table + eBPF inventory), plus auth.log, journald, Docker, nginx, CloudTrail\n2. **Detects**: 49 stateful detectors + 8 YARA malware rules + 8 Sigma log rules identify brute-force, credential stuffing, port scans, C2 callbacks, privilege escalation, container escapes, reverse shells (eBPF syscall sequence — impossible to evade), ransomware (entropy analysis), rootkits, DNS tunneling, data exfiltration (sensitive file read → outbound connect by PID), timestomping, log tampering, discovery bursts, and more. **65 MITRE ATT\u0026CK techniques covered** across 14 tactics.\n3. **Correlates**: 47 cross-layer rules connect Firmware × Kernel × Userspace × Network × Honeypot events. Baseline anomalies, neural scores, and DDoS shield state all feed the correlation engine. Detects multi-stage attacks no single detector can see: firmware tampering → rootkit install, recon → brute force → data exfil, honeypot engagement → real attack on same IP. The kill chain tracker tracks 7 attack stages per entity (IP, user, container).\n4. **Learns**: baseline anomaly detection trains for 7 days then alerts on deviations — event rate drops (silence = compromise), new process lineages (nginx→sh), unusual login times, unknown network destinations. No rules needed.\n5. **Blocks at the kernel**: LSM enforcement stops reverse shells and /tmp execution before they run. XDP drops attack traffic at wire speed. 8 kill chain patterns detected and blocked without signatures. Blocks propagate to mesh peers.\n6. **Responds automatically**: 20 built-in playbooks covering every detector — ransomware, reverse shell, data exfil, malware, privilege escalation, kernel module load, process injection, persistence (SSH key, crontab, systemd), container escape, crypto miner, DNS tunnelling, lateral movement, web shell, discovery burst, and more. Response sequences: kill process, block IP, suspend sudo, quarantine file, isolate network, capture forensics, pcap, notify, escalate\n7. **Fingerprints attackers**: behavioral DNA (SHA-256 of detectors + tools + targets + timing patterns), **cross-IP tracking** (same attacker detected across VPN/Tor rotations via fuzzy DNA matching — risk score and detector knowledge inherited automatically), campaign detection via IOC clustering, recurrence tracking, risk scoring 0-100, monthly threat reports with MITRE heatmap\n\nEverything is local, audited, and reversible.\n\n---\n\n## What happens when your server is attacked\n\n```\n00:00 SSH brute-force begins from 203.0.113.10\n00:45 Detector fires: 8 failed logins, 5 usernames, one IP\n\n AI evaluates: \"coordinated brute-force\"\n Confidence: 0.94\n Recommended action: block_ip\n\n00:46 Firewall rule added: ufw deny from 203.0.113.10\n00:46 Telegram alert lands on your phone\n00:46 Decision logged to audit trail\n\n Threat contained.\n```\n\nNo human needed when auto-execution is enabled. Otherwise, you approve via Telegram or the dashboard. Full audit trail. Every action reversible.\n\n---\n\n## Response skills\n\nWhen a threat is confirmed, Inner Warden picks the right tool.\n\n| Skill | What it does |\n|-------|-------------|\n| **Block IP (XDP)** | Wire-speed drop at the network driver, 10M+ packets/sec, zero CPU overhead |\n| **Block IP (firewall)** | Deny via ufw, iptables, nftables, or pf (macOS). Persists across reboots. |\n| **Suspend sudo** | Revokes sudo for a user via sudoers drop-in. Auto-expires after TTL. |\n| **Kill process** | Terminates all processes for a compromised user. TTL-bounded. |\n| **Block container** | Pauses a Docker container. Auto-unpauses after TTL. |\n| **Deploy honeypot** | SSH/HTTP decoy with tiered authentication (rejects single-shot scanners, accepts Mirai-class bots on known-weak credentials, adaptive accept on 3+ unique guesses to catch human-direct attackers) and LLM-powered interactive shell. OpenSSH banner masquerade so scanners don't fingerprint it. Captures credentials, commands, and IOCs. |\n| **Rate limit nginx** | Blocks abusive HTTP traffic at the nginx layer with TTL |\n| **Monitor IP** | Bounded tcpdump capture for forensic analysis |\n| **Block IP (Cloudflare)** | Edge-level blocking via Cloudflare API, stops traffic before it reaches your server |\n| **Report to AbuseIPDB** | Shares attacker IPs with community threat intelligence |\n| **Kill chain response** | Kills process tree + blocks C2 IP via XDP + captures forensics (ss, /proc) |\n\nBlocking is **layered**: a single block decision triggers XDP (instant kernel drop) + firewall (persists reboot) + mesh broadcast (peer nodes block too) + Cloudflare edge (stops traffic upstream) + AbuseIPDB report (community intelligence). Kill chain incidents trigger the `kill-chain-response` skill: kill process tree + block C2 via XDP + capture forensics. All skills are bounded, audited, and reversible.\n\n### Posture-aware alerting (v0.13.1)\n\nInner Warden snapshots your host's defensive posture every 10 minutes (sshd config, sudoers, services, firewall) and downgrades incident severity for attack vectors the host already neutralised. An `ssh_bruteforce` against a host with `PasswordAuthentication=no` becomes Low instead of High; the operator stops getting paged for things the kernel was always going to refuse anyway. Hard invariant: never demote when the attacker actually established a session, executed a process, or wrote a file. Read the live posture via `innerwarden get posture` or the dashboard panel; ask Telegram with `/posture`.\n\n### Honeypot that actually traps (v0.13.1)\n\nThe default `[honeypot] interaction = \"llm_shell\"` ships a tiered SSH listener that:\n\n- Rejects the first 2 password attempts unconditionally so single-shot credential scanners disconnect with cred-only intel.\n- Then accepts ONLY when `(user, password)` matches a curated list of Mirai canonical defaults + classic root defaults + appliance defaults. This is what makes a real dropper bot open the shell and run its payload.\n- After 3 distinct guesses on a single connection, accepts adaptively to catch human-direct attackers typing org-specific passwords.\n- Masquerades as `SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6` so scanners don't fingerprint the listener.\n- Drops the trapped payload commands + IOCs into the dashboard's Honeypot tab, paginated and engaged-only by default.\n\n---\n\n## What it detects\n\n49 stateful detectors + 8 YARA rules + 8 Sigma rules covering the full attack lifecycle. Highlights:\n\n| Detector | Threat | MITRE |\n|----------|--------|-------|\n| `ssh_bruteforce` | Repeated SSH failures from one IP | T1110.001 |\n| `credential_stuffing` | Many usernames tried from one IP | T1110.004 |\n| `distributed_ssh` | Coordinated botnet scan: many IPs, few attempts each | T1110 |\n| `suspicious_login` | Brute-force followed by successful login = compromise | T1110 |\n| `port_scan` | Rapid unique-port probing | T1595 |\n| `reverse_shell` | Reverse/bind shell detection via eBPF + behavioral analysis | T1059 |\n| `execution_guard` | Suspicious shell commands via AST analysis | T1059 |\n| `process_tree` | Suspicious parent-child: web server → shell, Java RCE | T1059 |\n| `privesc` | Real-time privilege escalation via eBPF kprobe on `commit_creds` | T1068 |\n| `rootkit` | Kernel module and userland rootkit detection | T1014 |\n| `ransomware` | Rapid file encryption, ransom note creation, extension changes | T1486 |\n| `c2_callback` | Beaconing, C2 port connections, data exfiltration patterns | T1071 |\n| `dns_tunneling` | Encoded DNS queries for covert data transfer | T1071.004 |\n| `container_escape` | nsenter, Docker socket access, host file reads from container | T1611 |\n| `lateral_movement` | SSH pivoting, credential reuse across hosts | T1021 |\n| `crypto_miner` | CPU abuse from mining processes | T1496 |\n| `web_scan` | HTTP error floods, path traversal, LFI probing | T1190 |\n| `web_shell` | Web shell upload and command execution | T1505.003 |\n| `data_exfiltration` | Large outbound transfers, DNS exfil, staging patterns | T1048 |\n| `fileless` | In-memory execution, /proc/self/mem writes | T1055 |\n| `log_tampering` | Log deletion, truncation, timestomping | T1070 |\n| `kernel_module_load` | Unauthorized kernel module insertion | T1547.006 |\n| `sudo_abuse` | Burst of privileged commands by a user | T1548 |\n| `integrity_alert` | Changes to /etc/passwd, /etc/shadow, sudoers, SSH keys | T1098 |\n| `packet_flood` | DDoS / volumetric attack detection | - |\n| `user_agent_scanner` | Known scanner signatures (Nikto, sqlmap, Nuclei, 20+) | T1595.002 |\n\nPlus: `docker_anomaly`, `search_abuse`, `credential_harvest`, `ssh_key_injection`, `user_creation`, `crontab_persistence`, `systemd_persistence`, `process_injection`, `outbound_anomaly`, `data_exfil_ebpf` (sensitive file read → outbound connect by PID), `yara_scan` (8 built-in rules: XMRig, webshells, Cobalt Strike, Metasploit, rootkits), `sigma_rule` (8 built-in rules: cron modification, /tmp execution, shadow access, docker.sock), `cgroup_abuse` (CPU/memory resource abuse), `io_uring_anomaly`, `container_drift`, `host_drift`, `sensitive_write`.\n\n`execution_guard` parses commands structurally using tree-sitter-bash. It catches `curl | sh` pipelines, `/tmp` execution, reverse shell patterns, and staged download-chmod-execute sequences.\n\n`c2_callback` uses coefficient-of-variation analysis to detect beaconing: regular-interval connections to the same IP that indicate a compromised process phoning home.\n\n`privesc` hooks the kernel's `commit_creds` function via kprobe. When a non-root process gains root through an unexpected path (not sudo/su/login), a Critical incident fires instantly, before any log is written.\n\n---\n\n## How it works\n\n**Sensor**: deterministic signal collection. No AI, no HTTP. 22 collectors (auth.log, journald, Docker events, file integrity, firmware integrity, nginx access/error, shell audit, macOS unified log, syslog firewall, eBPF syscall tracing with 40 kernel hooks, JA3/JA4 TLS fingerprinting, memory forensics via /proc/maps, real-time filesystem monitoring with entropy analysis, kernel integrity monitoring, cgroup resource abuse detection, AWS CloudTrail). Events flow through a unified SQLite database (WAL mode) or Redis Streams to the agent. Syslog CEF output for SIEM integration.\n\n**eBPF**: 40 kernel hooks running inside Linux (5.8+, CO-RE/BTF portable):\n- **23 tracepoints**: execve, connect, openat, ptrace, setuid, bind, mount, memfd_create, init_module, dup2/dup3, listen, mprotect, clone, unlinkat, renameat2, kill, prctl, accept4, sched_process_exit, ioperm, iopl, io_uring_submit, io_uring_create\n- **3 kprobes**: `commit_creds` (privilege escalation), `native_write_msr` (firmware MSR tampering), `acpi_evaluate_object` (ACPI rootkit detection)\n- **3 LSM hooks**: `bprm_check_security` (exec blocking + kill chain with 8 attack patterns), `file_open` (sensitive path write protection), `bpf` (eBPF weaponisation / VoidLink defence)\n- **4 kprobe/kretprobe pairs** (Trace of the Times): iterate_dir, filldir64, tcp4_seq_show, proc_pid_readdir — timing-based rootkit detection\n- **XDP program**: wire-speed IP blocking at the network driver (10M+ pps drop rate)\n- **Phase 2 firmware hooks**: MSR write guard (LSTAR/SMRR), I/O port access (SPI controller probing), ACPI method execution monitoring\n\n\u003e **Looking for the eBPF source code?** All 40 kernel programs live in a single file: [`crates/sensor-ebpf/src/main.rs`](crates/sensor-ebpf/src/main.rs).\n\n**Kernel-level noise filters** keep overhead near zero: COMM_ALLOWLIST (137 trusted processes like sshd, systemd, docker), CGROUP_ALLOWLIST, PID_RATE_LIMIT, and PID_CHAIN. Tail call dispatcher routes events through a single attach point to N handlers via ProgramArray. Ring buffer with epoll wakeup delivers events in microseconds.\n\n**DDoS defense**: 4-layer adaptive protection. XDP kernel drop (wire speed) + Shield module (dynamic rate limiting) + Cloudflare auto-failover (edge blocking) + Nginx rate limit. Rate limits tighten dynamically under attack.\n\n**Mesh network**: collaborative defence between nodes. Attack one server, and all others block the IP automatically. Ed25519 signed signals, game-theory trust model (tit-for-tat), staging pool with TTL-based auto-reversal. No signal causes immediate action. Everything is scored and staged.\n\n```bash\ninnerwarden config mesh enable\ninnerwarden config mesh add-peer https://peer-server:8790\n```\n\nContainer-aware via cgroup ID. Zero performance overhead.\n\n**Agent**: reads incidents from SQLite or Redis Streams. Fast loop (2s): algorithm gate → enrichment (AbuseIPDB, GeoIP, CrowdSec, threat feeds) → VirusTotal hash check on YARA matches → AI triage → playbook evaluation → skill execution → pcap capture on High/Critical → audit trail. Slow loop (30s): cross-layer correlation (47 rules) → baseline learning → attacker intelligence consolidation (DNA + campaigns) → monthly report generation → narrative summary.\n\nTwo Rust daemons. No external dependencies. ~250 MB RAM with all features active (sensor + agent + satellite modules, single SQLite database). Dashboard with 10 views: Sensors HUD, Threats investigation, Report, Health, Honeypot, Compliance (ISO 27001), Intelligence (Profiles, Campaigns, Chains, Baseline, Playbooks), Monthly Report. Live SSE feed, MITRE ATT\u0026CK mapping, 20 integration cards. Sleeps after 15 min of inactivity.\n\n---\n\n## AI is optional and controlled\n\nInner Warden detects and logs threats without any AI provider. Add AI when you want:\n\n- **Confidence-scored recommendations**: not binary yes/no, but 0.0-1.0 scored decisions\n- **Policy-gated execution**: AI recommends, your policy decides if it runs\n- **Full transparency**: every AI decision is recorded in an append-only audit trail with reasoning\n- **Twelve providers**: OpenAI, Anthropic, Ollama (local), OpenRouter, Groq, Together, Mistral, DeepSeek, Fireworks, Cerebras, Google Gemini, xAI Grok\n\nAI is advisory unless you explicitly enable auto-execution. You set the confidence threshold.\n\n---\n\n## Operator in the loop\n\nNot everything should be automatic.\n\n- **Telegram**: every High/Critical incident pushed to your phone. Approve or deny with inline buttons. Sensitivity control: quiet/normal/verbose.\n- **Slack**: incident notifications via incoming webhook\n- **Webhook**: HTTP POST to any endpoint. Works with PagerDuty, Opsgenie, Discord, Microsoft Teams, Google Chat, DingTalk, Feishu/Lark, WeCom, n8n, Zapier, Make, Home Assistant.\n- **Dashboard**: local authenticated UI with sensor HUD, investigation timeline, entity search, operator actions, live SSE feed, attack map, MITRE ATT\u0026CK mapping, attacker path viewer, 20 integration cards, ISO 27001 compliance tab with hash chain verification\n\n---\n\n## Safe defaults\n\nInner Warden ships with the safest possible posture. On first run, **nothing is blocked, killed, or modified**. The system only observes and logs.\n\n| Default | Meaning |\n|---------|---------|\n| `responder.enabled = false` | No actions taken. Observe only. |\n| `dry_run = true` | Logs what it *would* do, without doing it. |\n| `execution_guard` in observe mode | Detects suspicious commands, does not block. |\n| Shell audit opt-in | Requires explicit privacy consent. |\n| AI optional | Detection and logging work without any provider. |\n| Append-only audit trail | Every decision stored in SQLite with full reasoning. |\n\nYou must explicitly change **two settings** before any response action can fire: enable the responder and disable dry-run. Neither happens automatically.\n\n## Start in observe mode. Always.\n\nBefore enabling automatic responses, run Inner Warden in observe-only mode for a period that makes sense for your environment (days to weeks). During this time:\n\n1. **Review the logs**: check the dashboard or query `innerwarden.db` in your data directory to understand what the detectors are flagging.\n2. **Check for false positives**: make sure legitimate traffic (CI/CD systems, monitoring probes, your own scripts) is not being misidentified.\n3. **Configure your allowlist**: add trusted IPs and users so they are never acted upon:\n ```bash\n innerwarden trust add --ip 10.0.0.0/8\n innerwarden trust add --user deploy\n ```\n4. **Enable dry-run first**: when you enable the responder, keep `dry_run = true` so you can see what *would* happen without any actual effect:\n ```bash\n innerwarden config responder --enable\n ```\n5. **Go live only when you trust what you see**:\n ```bash\n innerwarden config responder --enable --dry-run false\n ```\n\nThere is no rush. The system is designed to be useful in observe-only mode indefinitely.\n\n---\n\n## Modules\n\nEnable what you need.\n\n| Module | Threat | Response |\n|--------|--------|----------|\n| `ssh-protection` | SSH brute-force + credential stuffing | Block IP |\n| `network-defense` | Port scanning | Block IP |\n| `sudo-protection` | Sudo privilege abuse | Suspend user sudo |\n| `execution-guard` | Malicious shell commands (AST) | Kill process / observe |\n| `search-protection` | HTTP endpoint abuse | Rate limit nginx |\n| `file-integrity` | Unauthorized file changes | Alert |\n| `container-security` | Docker lifecycle anomalies | Block container / observe |\n| `threat-capture` | Active threat investigation | Honeypot + traffic capture |\n| `nginx-error-monitor` | HTTP error floods, path traversal | Block IP |\n| `slack-notify` | Incident notifications | Slack webhook |\n| `cloudflare-integration` | L7 DDoS / botnet IPs | Block at Cloudflare edge |\n| `abuseipdb-enrichment` | IP reputation context | Enriched AI prompt |\n| `geoip-enrichment` | Country/ISP geolocation | Enriched AI prompt |\n| `fail2ban-integration` | Sync active fail2ban bans | Block enforcement |\n| `crowdsec-integration` | CrowdSec community intel | Block enforcement (experimental) |\n\n```bash\ninnerwarden enable block-ip\ninnerwarden enable ssh-protection\ninnerwarden enable shell-audit # prompts for privacy consent\n```\n\nCommunity modules:\n```bash\ninnerwarden module install \u003curl\u003e # SHA-256 verified\ninnerwarden module search \u003cterm\u003e # search the registry\n```\n\n---\n\n## Protecting AI agents\n\nIf you run OpenClaw, n8n, Langchain, or any autonomous AI agent on your server, Inner Warden can watch what it does and stop it if something goes wrong.\n\n```bash\ninnerwarden enable openclaw-protection\n```\n\nThis enables real-time monitoring of every command your agent executes, using structural analysis (tree-sitter AST) instead of regex. Download-and-execute pipelines, reverse shells, staged attacks, and obfuscated commands are caught before they can do damage.\n\n### Let your agent ask before acting\n\nInner Warden exposes an API that AI agents can query:\n\n```bash\n# \"Is my server safe right now?\"\ncurl -s http://localhost:8787/api/agent/security-context\n# → {\"threat_level\": \"low\", \"recommendation\": \"safe to proceed\"}\n\n# \"Is this command safe to run?\"\ncurl -s -X POST http://localhost:8787/api/agent/check-command \\\n -H \"Content-Type: application/json\" \\\n -d '{\"command\": \"curl https://example.com/setup.sh | bash\"}'\n# → {\"risk_score\": 40, \"recommendation\": \"review\", \"signals\": [\"download_and_execute\"]}\n\n# \"Is this IP safe to connect to?\"\ncurl -s \"http://localhost:8787/api/agent/check-ip?ip=203.0.113.10\"\n# → {\"known_threat\": true, \"blocked\": true, \"recommendation\": \"avoid\"}\n```\n\nYour agent calls `check-command` before executing. If the recommendation is `deny`, it stops. No changes to the agent runtime needed, just an HTTP call.\n\nSee [AI Agent Protection docs](modules/openclaw-protection/docs/README.md) for the full integration guide.\n\n---\n\n## Hardening advisor\n\nScan your system and get actionable security recommendations without changing anything.\n\n```\n$ innerwarden system harden\n\n ✓ SSH\n ⚠ Password authentication is enabled [high]\n → Set 'PasswordAuthentication no' in /etc/ssh/sshd_config\n ⚠ Root login via SSH is permitted [high]\n → Set 'PermitRootLogin no' in /etc/ssh/sshd_config\n\n ✓ Firewall\n ✓ 2 check(s) passed\n\n ! Kernel\n ⚠ ICMP redirects accepted (MITM risk) [medium]\n → Run: sudo sysctl -w net.ipv4.conf.all.accept_redirects=0\n\n ✓ Permissions\n ✓ 3 check(s) passed\n\n ! Updates\n ⚠ 3 security update(s) pending (8 total) [high]\n → Run: sudo apt update \u0026\u0026 sudo apt upgrade -y\n\n ✓ Docker\n ✓ 3 check(s) passed\n\n ✓ Services\n ✓ 2 check(s) passed\n\n Score: 68/100 (Fair)\n ██████████████████████░░░░░░░░░\n```\n\nChecks SSH config, firewall, kernel params (ASLR, SYN cookies, IP forwarding), file permissions (SUID, world-writable), pending updates, Docker (privileged containers, socket), and exposed services. Advisory only, never applies changes.\n\n---\n\n## Live threat feed\n\nSee Inner Warden responding to real attacks in real time: [innerwarden.com/live](https://innerwarden.com/live)\n\nThe agent exposes public read-only endpoints for live monitoring:\n\n```bash\n# Last 20 incidents with decisions\ncurl https://live.innerwarden.com/api/live-feed\n\n# Real-time SSE stream\ncurl https://live.innerwarden.com/api/live-feed/stream\n```\n\n---\n\n## Scan advisor\n\nLet your server tell you what it needs.\n\n```\n$ innerwarden system scan\n\n sshd running → ssh-protection ESSENTIAL [NATIVE]\n docker running → container-security RECOMMENDED [NATIVE]\n nginx running → search-protection RECOMMENDED [NATIVE]\n fail2ban running → fail2ban-integration RECOMMENDED [NATIVE]\n\n Conflicts detected:\n fail2ban-integration + abuseipdb-enrichment: both auto-block IPs; enable one\n\n Activation sequence:\n 1. innerwarden enable block-ip\n 2. innerwarden enable ssh-protection\n 3. innerwarden enable fail2ban-integration\n```\n\n**NATIVE** = reads existing logs, zero external deps. **EXTERNAL** = requires separate tool install.\n\n---\n\n## Install\n\n```bash\ncurl -fsSL https://innerwarden.com/install | sudo bash\n```\n\nNo API key required. What the installer does:\n- Creates a dedicated `innerwarden` service user\n- Downloads sensor + agent + ctl binaries for your architecture (`x86_64` / `aarch64`)\n- Verifies each binary's **SHA-256 sidecar** against the canonical release\n- Verifies each binary's **Ed25519 signature** against the embedded release public key (Spec 048; requires `openssl \u003e= 3.0`)\n- Writes config to `/etc/innerwarden/`, creates the data directory\n- Starts sensor + agent via systemd (Linux) or launchd (macOS)\n- Safe posture: detection active, no response skills enabled, `dry_run = true`\n\nThe installer fail-closes for stable releases when signatures are missing or invalid. Override env vars exist for migration / air-gapped scenarios. See [Supply Chain Security](docs/supply-chain-security.md) for the manual verification recipe (`SHA256SUMS` + `.sig` + `gh attestation verify`), the active key fingerprint, and an honest list of what is and is not guaranteed.\n\nWith external integrations:\n```bash\ncurl -fsSL https://innerwarden.com/install | sudo bash -s -- --with-integrations\n```\n\nBuild from source:\n```bash\nINNERWARDEN_BUILD_FROM_SOURCE=1 curl -fsSL https://innerwarden.com/install | sudo bash\n```\n\n### Configure AI\n\nAI triage is optional. Add it when you want confidence-scored decisions.\n\n**OpenAI:**\n```bash\n# /etc/innerwarden/agent.env\nOPENAI_API_KEY=sk-...\n```\n\n**Anthropic:**\n```bash\n# /etc/innerwarden/agent.env\nANTHROPIC_API_KEY=sk-ant-...\n```\n```toml\n# /etc/innerwarden/agent.toml\n[ai]\nprovider = \"anthropic\"\nmodel = \"claude-haiku-4-5-20251001\"\n```\n\n**Ollama (local, no key):**\n```bash\ncurl -fsSL https://ollama.ai/install.sh | sh \u0026\u0026 ollama pull llama3.2\n```\n```toml\n# /etc/innerwarden/agent.toml\n[ai]\nenabled = true\nprovider = \"ollama\"\nmodel = \"llama3.2\"\n```\n\nAfter changing config:\n```bash\nsudo systemctl restart innerwarden-agent # Linux\nsudo launchctl kickstart -k system/com.innerwarden.agent # macOS\n```\n\nRun `innerwarden system doctor` to validate your provider.\n\n### After install\n\n```bash\ninnerwarden get status # verify services are running\ninnerwarden system doctor # diagnose issues with fix hints\ninnerwarden system test # inject a synthetic incident and verify the full pipeline responds\ninnerwarden list # see capabilities and modules\n```\n\nEnable response skills when ready:\n```bash\ninnerwarden enable block-ip # IP blocking (ufw default, or iptables/nftables)\ninnerwarden enable sudo-protection # detect + respond to sudo abuse\ninnerwarden enable shell-audit # shell command trail via auditd\n```\n\n### Configure notifications\n\n```bash\ninnerwarden config telegram # interactive wizard\ninnerwarden config slack # Slack webhook setup\ninnerwarden config web-push --subject mailto:you@example.com\ninnerwarden config webhook --url https://hooks.example.com/notify\ninnerwarden config test-alert # verify all channels\n```\n\n### Go live\n\nAfter enabling skills, the responder is active but still in `dry_run = true`. When you trust the decisions:\n\n```bash\ninnerwarden config responder --enable --dry-run false\n```\n\n### Updates\n\n```bash\ninnerwarden upgrade # fetch + install latest (SHA-256 verified)\ninnerwarden upgrade --check # check without installing\n```\n\n### 8 commands to protect your server\n\n```bash\ninnerwarden get status # services + today's activity\ninnerwarden get incidents --days 2 # recent threats\ninnerwarden get decisions --action block_ip # what was blocked and why\ninnerwarden get report # daily security report\n\ninnerwarden stream # live event stream\n\ninnerwarden action block 203.0.113.10 # manual IP block\ninnerwarden action unblock 203.0.113.10 # remove block\n\ninnerwarden trust add --ip 10.0.0.0/8 # skip AI for trusted ranges\ninnerwarden trust add --user deploy # skip AI for trusted users\n\ninnerwarden config ai # interactive AI provider setup (12 providers)\ninnerwarden config responder --enable --dry-run false\ninnerwarden config telegram # notification setup\ninnerwarden config cloudflare --token YOUR_TOKEN # edge blocking\n\ninnerwarden system doctor # diagnostics with fix hints\ninnerwarden system harden # security hardening advisor\ninnerwarden system scan # detect + recommend modules\ninnerwarden system test # verify full pipeline end-to-end\ninnerwarden system backup # archive configs to tar.gz\ninnerwarden system navigator # export MITRE ATT\u0026CK coverage map\n\ninnerwarden module install \u003curl\u003e # SHA-256 verified community modules\ninnerwarden agent connect # connect to running agents\n```\n\n---\n\n## Supported environments\n\n- **Linux**: Ubuntu 22.04+, any systemd-based distro. Full feature set with 22 eBPF kernel hooks (tracepoints, kprobes, LSM, XDP), kill chain enforcement, wire-speed blocking.\n- **macOS**: Ventura and later (launchd, pf firewall, unified log). Detection and response work fully, but eBPF kernel programs are Linux-only. macOS uses log-based collectors instead.\n\nPre-built binaries: `x86_64` and `aarch64` for both platforms.\n\n---\n\n## Build and test\n\n```bash\nmake test # 6632 tests across the workspace\nmake build # debug build (sensor + agent + ctl)\nmake replay-qa # end-to-end integration test\n```\n\nRun locally:\n```bash\nmake run-sensor # writes to ./data/\nmake run-agent # reads from ./data/\n```\n\n---\n\n## FAQ\n\n**Is this an EDR?**\nNo. It is a self-contained defence agent with bounded response skills and full audit trails. No cloud, no phone-home, runs entirely on your host.\n\n**Does it block by default?**\nNo. Starts in observe-only mode. You enable response skills and disable dry-run when ready.\n\n**Do I need an AI provider?**\nNo. Detection, logging, dashboard, and reports all work without AI. AI adds confidence-scored triage for autonomous response and is entirely optional.\n\n**How is this different from Fail2ban?**\nFail2ban blocks IPs based on regex patterns. Inner Warden has 36 detectors, 22 eBPF kernel hooks with kill chain enforcement, a collaborative defence mesh network, 10 response skills (including sudo suspension, process kill, container pause, honeypots, and traffic capture), twelve AI providers, 4-layer DDoS defence, Telegram bot, AbuseIPDB intelligence sharing, and a full investigation dashboard with MITRE ATT\u0026CK mapping.\n\n**How is this different from other HIDS tools?**\nMost host intrusion detection systems only observe. They write alerts for a human to act on. Inner Warden observes AND blocks. LSM hooks stop reverse shells at the kernel's execve before the process runs. XDP drops attack traffic at wire speed. Kill chain detection blocks 7 generic exploit patterns without CVE signatures, catching zero-day exploits by behaviour rather than known hashes.\n\n**Can I add custom detectors or skills?**\nYes. See [module authoring guide](https://github.com/InnerWarden/innerwarden/wiki/Module-Authoring).\n\n---\n\n## Disclaimer\n\n\u003e **Warning**\n\u003e Inner Warden is an **experimental** security agent that can **block IP addresses, kill processes, suspend user privileges, pause containers, and modify firewall rules** on your system. These are powerful, potentially disruptive actions. Read this document carefully before deploying. Always start in observe-only mode and review behavior before enabling automatic responses.\n\nInner Warden is provided as-is, without warranty. It is experimental software that interacts with your system's firewall, process table, and user permissions. Automated security responses carry inherent risk. A false positive can block a legitimate user or disrupt a production service.\n\n**You are responsible for:**\n- Testing thoroughly in observe/dry-run mode before enabling responses\n- Configuring allowlists to protect trusted IPs, users, and services\n- Monitoring the audit trail and adjusting thresholds for your environment\n- Understanding the response skills you enable and their effects\n\nThe authors are not responsible for downtime, data loss, or service disruption caused by misconfiguration or false positives. Use good judgment and test in a staging environment first.\n\n---\n\n## Community \u0026 feedback\n\nInnerWarden is built in the open and we are actively trying to grow the community around it. If you are running it (or thinking about it), we want to hear from you — the install on your box tells us more than any benchmark suite.\n\n**Feedback we want, however small:**\n\n- [**Open an issue**](https://github.com/InnerWarden/innerwarden/issues/new/choose) — install problem, false positive, surprising behaviour, missing detector, anything that did not match your expectation\n- [**Start a discussion**](https://github.com/InnerWarden/innerwarden/discussions) — questions, ideas, sharing your config, \"did anyone else see X?\"\n- [**Star the repo**](https://github.com/InnerWarden/innerwarden) if it is useful — visibility is how more security engineers find it\n- **Quick survey:** [usage + pain points (60 sec)](https://github.com/InnerWarden/innerwarden/discussions/categories/feedback) — even one-liners help us prioritise\n- **Email** for private feedback or security disclosures: see [SECURITY.md](SECURITY.md)\n\nTell us: what did you install it on (distro / kernel)? Did it catch anything real? What blocked you? What would make you trust it on a production box? No answer is too small.\n\n## Contributing\n\nWe need more hands. Detector writers, integration authors, docs hackers, testers — every contribution moves the project forward.\n\n- [**Contributing guide**](CONTRIBUTING.md) — local dev setup, PR checklist, code style\n- [**Good first issues**](https://github.com/InnerWarden/innerwarden/labels/good%20first%20issue) — documentation, config flags, small features\n- [**Help wanted**](https://github.com/InnerWarden/innerwarden/labels/help%20wanted) — new detectors, sinks, integrations, CLI commands\n- [**Module authoring**](https://github.com/InnerWarden/innerwarden/wiki/Module-Authoring) — write a vertical security module (manifest + config + docs + tests)\n- [**Integration recipes**](https://github.com/InnerWarden/innerwarden/wiki/Integration-Recipes) — declarative YAML to wire an external tool in minutes, no Rust required\n\nNew detectors, integration recipes, and module documentation are especially appreciated. If you have a specific use case (different distro, weird kernel, missing collector for your stack), open an issue and we will help you ship it.\n\n---\n\n## Links\n\n- [Website](https://www.innerwarden.com)\n- [Live attack feed](https://innerwarden.com/live) — real attacks against our prod box, in real time\n- [Blog](https://innerwarden.com/blog)\n- [Changelog](CHANGELOG.md)\n- [Contributing](CONTRIBUTING.md)\n- [Security policy](SECURITY.md)\n- [Documentation](https://github.com/InnerWarden/innerwarden/wiki)\n- [Module authoring](https://github.com/InnerWarden/innerwarden/wiki/Module-Authoring)\n- [GitHub Discussions](https://github.com/InnerWarden/innerwarden/discussions) — questions, ideas, war stories\n- [Report an issue](https://github.com/InnerWarden/innerwarden/issues/new/choose) — install problems, FPs, missing detectors\n\n## License\n\nApache License 2.0. See [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finnerwarden%2Finnerwarden","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finnerwarden%2Finnerwarden","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finnerwarden%2Finnerwarden/lists"}