diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4174b182e..81f6cdeab 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -240,6 +240,7 @@ jobs: maiconburn/innerwarden-agent:${{ steps.version.outputs.version }} - name: Build and push agent-openclaw image + continue-on-error: true # OpenClaw upstream may break; don't block the release uses: docker/build-push-action@v6 with: context: docker diff --git a/CLAUDE.md b/CLAUDE.md index 4efb678ca..b9b72d9de 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -6,10 +6,14 @@ Sensor (eBPF) + Agent (AI triage) + CTL (CLI). Open source (Apache-2.0). ``` crates/ - sensor/ 49 detectors, 40 eBPF hooks, 20 collectors + sensor/ 49 detectors, 40 eBPF hooks, 22 collectors agent/ AI pipeline, dashboard, skills, correlation, notifications ctl/ CLI: setup, configure, scan, harden, upgrade agent-guard/ AI agent protection (ATR rules, MCP inspection) + smm/ Ring -2 firmware/UEFI/SMM security audit (migrated from standalone repo) + hypervisor/ Ring -1 hypervisor security — VM detection, KVM monitoring (migrated from standalone repo) + killchain/ Kill chain detection — 8 attack patterns via bitmask tracking (migrated from standalone repo) + dna/ Threat DNA — behavioral fingerprinting, anomaly detection, MITRE chain tracking (migrated from standalone repo) core/ Shared types: Event, Incident, Severity sensor-ebpf/ eBPF bytecode (no_std, bpfel target) sensor-ebpf-types/ Shared eBPF ↔ userspace types @@ -32,7 +36,7 @@ make replay-qa # validacao E2E ## Estado (2026-04-04) -- 49 detectors, 40 eBPF hooks, 65 MITRE IDs, 40 correlation rules (CL-001 to CL-040, includes 5 AlphaZero V4 discoveries) +- 49 detectors, 40 eBPF hooks, 65 MITRE IDs, 43 correlation rules (CL-001 to CL-043, includes 5 AlphaZero V4 discoveries + 3 hypervisor rules) - Server producao: ver config local (nao expor no repo publico) - Branches: main = stable, develop = bleeding edge - CI: `make check` + `make test` + `make spec-check` diff --git a/Cargo.lock b/Cargo.lock index e3d1f149d..38852bb72 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -103,7 +103,7 @@ version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" dependencies = [ - "windows-sys 0.61.2", + "windows-sys 0.60.2", ] [[package]] @@ -114,7 +114,7 @@ checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" dependencies = [ "anstyle", "once_cell_polyfill", - "windows-sys 0.61.2", + "windows-sys 0.60.2", ] [[package]] @@ -123,6 +123,15 @@ version = "1.0.102" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" +[[package]] +name = "arc-swap" +version = "1.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a3a1fd6f75306b68087b831f025c712524bcb19aad54e557b1129cfa0a2b207" +dependencies = [ + "rustversion", +] + [[package]] name = "arcstr" version = "1.2.0" @@ -267,7 +276,7 @@ checksum = "d18bc4e506fbb85ab7392ed993a7db4d1a452c71b75a246af4a80ab8c9d2dd50" dependencies = [ "assert_matches", "aya-obj", - "bitflags", + "bitflags 2.11.0", "bytes", "libc", "log", @@ -364,6 +373,12 @@ version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7" +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + [[package]] name = "bitflags" version = "2.11.0" @@ -394,7 +409,7 @@ version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" dependencies = [ - "hybrid-array 0.4.8", + "hybrid-array", ] [[package]] @@ -651,6 +666,17 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" +[[package]] +name = "core-models" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0940496e5c83c54f3b753d5317daec82e8edac71c33aaa1f666d76f518de2444" +dependencies = [ + "hax-lib", + "pastey", + "rand 0.9.2", +] + [[package]] name = "cpufeatures" version = "0.2.17" @@ -717,7 +743,7 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" dependencies = [ - "hybrid-array 0.4.8", + "hybrid-array", ] [[package]] @@ -866,7 +892,7 @@ checksum = "cf5597a4b7fe5275fc9dcf88ce26326bc8e4cb87d0130f33752d4c5f717793cf" dependencies = [ "cfg-if", "libc", - "socket2", + "socket2 0.6.3", "windows-sys 0.60.2", ] @@ -931,6 +957,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + [[package]] name = "elliptic-curve" version = "0.13.8" @@ -977,7 +1009,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.2", + "windows-sys 0.52.0", ] [[package]] @@ -1003,9 +1035,9 @@ dependencies = [ [[package]] name = "fancy-regex" -version = "0.14.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e24cb5a94bcae1e5408b0effca5cd7172ea3c5755049c5f3af4cd283a165298" +checksum = "72cf461f865c862bb7dc573f643dd6a2b6842f7c30b07882b56bd148cc2761b8" dependencies = [ "bit-set", "regex-automata", @@ -1034,6 +1066,17 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" +[[package]] +name = "filetime" +version = "0.2.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f98844151eee8917efc50bd9e8318cb963ae8b297431495d3f758616ea5c57db" +dependencies = [ + "cfg-if", + "libc", + "libredox", +] + [[package]] name = "find-msvc-tools" version = "0.1.9" @@ -1281,6 +1324,43 @@ version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" +[[package]] +name = "hax-lib" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74d9ba66d1739c68e0219b2b2238b5c4145f491ebf181b9c6ab561a19352ae86" +dependencies = [ + "hax-lib-macros", + "num-bigint", + "num-traits", +] + +[[package]] +name = "hax-lib-macros" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24ba777a231a58d1bce1d68313fa6b6afcc7966adef23d60f45b8a2b9b688bf1" +dependencies = [ + "hax-lib-macros-types", + "proc-macro-error2", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "hax-lib-macros-types" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "867e19177d7425140b417cd27c2e05320e727ee682e98368f88b7194e80ad515" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", +] + [[package]] name = "heck" version = "0.5.0" @@ -1362,15 +1442,6 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" -[[package]] -name = "hybrid-array" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2d35805454dc9f8662a98d6d61886ffe26bd465f5960e0e55345c70d5c0d2a9" -dependencies = [ - "typenum", -] - [[package]] name = "hybrid-array" version = "0.4.8" @@ -1436,7 +1507,7 @@ dependencies = [ "libc", "percent-encoding", "pin-project-lite", - "socket2", + "socket2 0.5.10", "tokio", "tower-service", "tracing", @@ -1588,7 +1659,7 @@ dependencies = [ [[package]] name = "innerwarden-agent" -version = "0.9.3" +version = "0.9.4" dependencies = [ "aes-gcm", "anyhow", @@ -1605,13 +1676,16 @@ dependencies = [ "hkdf", "hmac", "innerwarden-agent-guard", + "innerwarden-dna", + "innerwarden-hypervisor", + "innerwarden-killchain", "innerwarden-mesh", "innerwarden-smm", "innerwarden_core", "p256", "rand_core 0.6.4", "redb", - "redis", + "redis 1.2.0", "regex", "reqwest", "rpassword", @@ -1631,7 +1705,7 @@ dependencies = [ [[package]] name = "innerwarden-agent-guard" -version = "0.9.3" +version = "0.9.4" dependencies = [ "anyhow", "chrono", @@ -1649,7 +1723,7 @@ dependencies = [ [[package]] name = "innerwarden-ctl" -version = "0.9.3" +version = "0.9.4" dependencies = [ "anyhow", "base64", @@ -1671,11 +1745,60 @@ dependencies = [ "ureq", ] +[[package]] +name = "innerwarden-dna" +version = "0.9.4" +dependencies = [ + "anyhow", + "axum", + "chrono", + "clap", + "hex", + "notify", + "serde", + "serde_json", + "sha2 0.10.9", + "tempfile", + "tikv-jemallocator", + "tokio", + "tracing", + "tracing-subscriber", +] + [[package]] name = "innerwarden-ebpf-types" -version = "0.9.3" +version = "0.9.4" +dependencies = [ + "serde", +] + +[[package]] +name = "innerwarden-hypervisor" +version = "0.9.4" dependencies = [ + "anyhow", + "chrono", + "hex", "serde", + "serde_json", + "sha2 0.10.9", + "tempfile", + "tracing", +] + +[[package]] +name = "innerwarden-killchain" +version = "0.9.4" +dependencies = [ + "anyhow", + "chrono", + "clap", + "redis 0.27.6", + "serde", + "serde_json", + "tokio", + "tracing", + "tracing-subscriber", ] [[package]] @@ -1701,7 +1824,7 @@ dependencies = [ [[package]] name = "innerwarden-sensor" -version = "0.9.3" +version = "0.9.4" dependencies = [ "anyhow", "aya", @@ -1714,7 +1837,7 @@ dependencies = [ "innerwarden_core", "libc", "proptest", - "redis", + "redis 1.2.0", "serde", "serde_json", "serde_yaml", @@ -1730,8 +1853,7 @@ dependencies = [ [[package]] name = "innerwarden-smm" -version = "0.1.0" -source = "git+https://github.com/InnerWarden/innerwarden-smm.git#5d6abbb5baa974a0007f47bc94345295711a1911" +version = "0.9.4" dependencies = [ "anyhow", "chrono", @@ -1740,12 +1862,13 @@ dependencies = [ "serde", "serde_json", "sha2 0.10.9", + "tempfile", "tracing", ] [[package]] name = "innerwarden_core" -version = "0.9.3" +version = "0.9.4" dependencies = [ "anyhow", "chrono", @@ -1757,6 +1880,26 @@ dependencies = [ "tempfile", ] +[[package]] +name = "inotify" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdd168d97690d0b8c412d6b6c10360277f4d7ee495c5d0d5d5fe0854923255cc" +dependencies = [ + "bitflags 1.3.2", + "inotify-sys", + "libc", +] + +[[package]] +name = "inotify-sys" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e05c02b5e89bff3b946cedeca278abc628fe811e604f027c45a8aa3cf793d0eb" +dependencies = [ + "libc", +] + [[package]] name = "inout" version = "0.1.4" @@ -1767,6 +1910,15 @@ dependencies = [ "generic-array 0.14.7", ] +[[package]] +name = "instant" +version = "0.1.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0242819d153cba4b4b05a5a8f2a7e9bbf97b6055b2a002b395c96b5ff3c0222" +dependencies = [ + "cfg-if", +] + [[package]] name = "internal-russh-forked-ssh-key" version = "0.6.16+upstream-0.6.7" @@ -1820,6 +1972,15 @@ version = "1.70.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + [[package]] name = "itoa" version = "1.0.18" @@ -1847,22 +2008,23 @@ dependencies = [ ] [[package]] -name = "keccak" -version = "0.1.6" +name = "kqueue" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653" +checksum = "eac30106d7dce88daf4a3fcb4879ea939476d5074a9b7ddd0fb97fa4bed5596a" dependencies = [ - "cpufeatures", + "kqueue-sys", + "libc", ] [[package]] -name = "kem" -version = "0.3.0-pre.0" +name = "kqueue-sys" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b8645470337db67b01a7f966decf7d0bafedbae74147d33e641c67a91df239f" +checksum = "ed9625ffda8729b85e45cf04090035ac368927b8cebc34898e7c120f52e4838b" dependencies = [ - "rand_core 0.6.4", - "zeroize", + "bitflags 1.3.2", + "libc", ] [[package]] @@ -1882,9 +2044,75 @@ checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" [[package]] name = "libc" -version = "0.2.183" +version = "0.2.184" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af" + +[[package]] +name = "libcrux-intrinsics" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc9ee7ef66569dd7516454fe26de4e401c0c62073929803486b96744594b9632" +dependencies = [ + "core-models", + "hax-lib", +] + +[[package]] +name = "libcrux-ml-kem" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4bb6a88086bf11bd2ec90926c749c4a427f2e59841437dbdede8cde8a96334ab" +dependencies = [ + "hax-lib", + "libcrux-intrinsics", + "libcrux-platform", + "libcrux-secrets", + "libcrux-sha3", + "libcrux-traits", + "rand 0.9.2", + "tls_codec", +] + +[[package]] +name = "libcrux-platform" +version = "0.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db82d058aa76ea315a3b2092f69dfbd67ddb0e462038a206e1dcd73f058c0778" +dependencies = [ + "libc", +] + +[[package]] +name = "libcrux-secrets" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e4dbbf6bc9f2bc0f20dc3bea3e5c99adff3bdccf6d2a40488963da69e2ec307" +dependencies = [ + "hax-lib", +] + +[[package]] +name = "libcrux-sha3" +version = "0.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" +checksum = "2400bec764d1c75b8a496d5747cffe32f1fb864a12577f0aca2f55a92021c962" +dependencies = [ + "hax-lib", + "libcrux-intrinsics", + "libcrux-platform", + "libcrux-traits", +] + +[[package]] +name = "libcrux-traits" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9adfd58e79d860f6b9e40e35127bfae9e5bd3ade33201d1347459011a2add034" +dependencies = [ + "libcrux-secrets", + "rand 0.9.2", +] [[package]] name = "libm" @@ -1892,6 +2120,18 @@ version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" +[[package]] +name = "libredox" +version = "0.1.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ddbf48fd451246b1f8c2610bd3b4ac0cc6e149d89832867093ab69a17194f08" +dependencies = [ + "bitflags 2.11.0", + "libc", + "plain", + "redox_syscall 0.7.3", +] + [[package]] name = "linux-raw-sys" version = "0.12.1" @@ -1981,41 +2221,57 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" dependencies = [ "libc", + "log", "wasi", "windows-sys 0.61.2", ] -[[package]] -name = "ml-kem" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8de49b3df74c35498c0232031bb7e85f9389f913e2796169c8ab47a53993a18f" -dependencies = [ - "hybrid-array 0.2.3", - "kem", - "rand_core 0.6.4", - "sha3", -] - [[package]] name = "nix" version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" dependencies = [ - "bitflags", + "bitflags 2.11.0", "cfg-if", "cfg_aliases", "libc", ] +[[package]] +name = "notify" +version = "7.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c533b4c39709f9ba5005d8002048266593c1cfaf3c5f0739d5b8ab0c6c504009" +dependencies = [ + "bitflags 2.11.0", + "filetime", + "inotify", + "kqueue", + "libc", + "log", + "mio", + "notify-types", + "walkdir", + "windows-sys 0.52.0", +] + +[[package]] +name = "notify-types" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "585d3cb5e12e01aed9e8a1f70d5c6b5e86fe2a6e48fc8cd0b3e0b8df6f6eb174" +dependencies = [ + "instant", +] + [[package]] name = "nu-ansi-term" version = "0.50.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" dependencies = [ - "windows-sys 0.61.2", + "windows-sys 0.60.2", ] [[package]] @@ -2212,7 +2468,7 @@ checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.5.18", "smallvec", "windows-link", ] @@ -2228,6 +2484,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "pastey" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35fb2e5f958ec131621fdd531e9fc186ed768cbe395337403ae56c17a74c68ec" + [[package]] name = "pbkdf2" version = "0.12.2" @@ -2321,6 +2583,12 @@ dependencies = [ "spki 0.8.0-rc.4", ] +[[package]] +name = "plain" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6" + [[package]] name = "poly1305" version = "0.8.0" @@ -2387,6 +2655,28 @@ dependencies = [ "elliptic-curve", ] +[[package]] +name = "proc-macro-error-attr2" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" +dependencies = [ + "proc-macro2", + "quote", +] + +[[package]] +name = "proc-macro-error2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" +dependencies = [ + "proc-macro-error-attr2", + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "proc-macro2" version = "1.0.106" @@ -2404,7 +2694,7 @@ checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744" dependencies = [ "bit-set", "bit-vec", - "bitflags", + "bitflags 2.11.0", "num-traits", "rand 0.9.2", "rand_chacha 0.9.0", @@ -2434,7 +2724,7 @@ dependencies = [ "quinn-udp", "rustc-hash", "rustls", - "socket2", + "socket2 0.5.10", "thiserror 2.0.18", "tokio", "tracing", @@ -2471,7 +2761,7 @@ dependencies = [ "cfg_aliases", "libc", "once_cell", - "socket2", + "socket2 0.5.10", "tracing", "windows-sys 0.60.2", ] @@ -2573,18 +2863,42 @@ dependencies = [ [[package]] name = "redb" -version = "3.1.1" +version = "4.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef99362319c782aa4639ad3a306b64c3bb90e12874e99b8df124cb679d988611" +checksum = "67f7f231ea7b1172b7ac00ccf96b1250f0fb5a16d5585836aa4ebc997df7cbde" dependencies = [ "libc", ] [[package]] name = "redis" -version = "1.1.0" +version = "0.27.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09d8f99a4090c89cc489a94833c901ead69bfbf3877b4867d5482e321ee875bc" +dependencies = [ + "arc-swap", + "async-trait", + "bytes", + "combine", + "futures-util", + "itertools", + "itoa", + "num-bigint", + "percent-encoding", + "pin-project-lite", + "ryu", + "sha1_smol", + "socket2 0.5.10", + "tokio", + "tokio-util", + "url", +] + +[[package]] +name = "redis" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d76e41a79ae5cbb41257d84cf4cf0db0bb5a95b11bf05c62c351de4fe748620d" +checksum = "f44e94c96d8870a387d88ce3de3fdd608cbfc0705f03cb343cdde91509d3e49a" dependencies = [ "arcstr", "async-lock", @@ -2598,7 +2912,7 @@ dependencies = [ "pin-project-lite", "ryu", "sha1_smol", - "socket2", + "socket2 0.6.3", "tokio", "tokio-util", "url", @@ -2611,7 +2925,16 @@ version = "0.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" dependencies = [ - "bitflags", + "bitflags 2.11.0", +] + +[[package]] +name = "redox_syscall" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce70a74e890531977d37e532c34d45e9055d2409ed08ddba14529471ed0be16" +dependencies = [ + "bitflags 2.11.0", ] [[package]] @@ -2747,13 +3070,13 @@ dependencies = [ [[package]] name = "russh" -version = "0.58.1" +version = "0.58.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68d53bd2e1d6c49e32ae183c09bdc710ace41e7c8c564cc8a2286aad3bffe10d" +checksum = "30f6ce4f5d5105b934cfb4b8b3028aab4d5dcdff863cb8dda9edd06d39b8c4e8" dependencies = [ "aes", "aws-lc-rs", - "bitflags", + "bitflags 2.11.0", "block-padding", "byteorder", "bytes", @@ -2776,9 +3099,9 @@ dependencies = [ "hmac", "inout", "internal-russh-forked-ssh-key", + "libcrux-ml-kem", "log", "md5", - "ml-kem", "num-bigint", "p256", "p384", @@ -2851,11 +3174,11 @@ version = "1.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" dependencies = [ - "bitflags", + "bitflags 2.11.0", "errno", "libc", "linux-raw-sys", - "windows-sys 0.61.2", + "windows-sys 0.52.0", ] [[package]] @@ -2927,6 +3250,15 @@ dependencies = [ "cipher", ] +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + [[package]] name = "scopeguard" version = "1.2.0" @@ -3113,16 +3445,6 @@ dependencies = [ "digest 0.11.2", ] -[[package]] -name = "sha3" -version = "0.10.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" -dependencies = [ - "digest 0.10.7", - "keccak", -] - [[package]] name = "sharded-slab" version = "0.1.7" @@ -3186,6 +3508,16 @@ version = "1.15.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" +[[package]] +name = "socket2" +version = "0.5.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e22376abed350d73dd1cd119b57ffccad95b4e585a7cda43e286245ce23c0678" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + [[package]] name = "socket2" version = "0.6.3" @@ -3193,7 +3525,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" dependencies = [ "libc", - "windows-sys 0.61.2", + "windows-sys 0.60.2", ] [[package]] @@ -3316,7 +3648,7 @@ dependencies = [ "getrandom 0.4.2", "once_cell", "rustix", - "windows-sys 0.61.2", + "windows-sys 0.52.0", ] [[package]] @@ -3444,6 +3776,27 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" +[[package]] +name = "tls_codec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "tokio" version = "1.50.0" @@ -3456,7 +3809,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2", + "socket2 0.6.3", "tokio-macros", "windows-sys 0.61.2", ] @@ -3570,7 +3923,7 @@ version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" dependencies = [ - "bitflags", + "bitflags 2.11.0", "bytes", "futures-util", "http", @@ -3658,9 +4011,9 @@ dependencies = [ [[package]] name = "tree-sitter" -version = "0.26.7" +version = "0.26.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7a6592b1aec0109df37b6bafea77eb4e61466e37b0a5a98bef4f89bfb81b7a2" +checksum = "887bd495d0582c5e3e0d8ece2233666169fa56a9644d172fc22ad179ab2d0538" dependencies = [ "cc", "regex", @@ -3806,6 +4159,17 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" +[[package]] +name = "uuid" +version = "1.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ac8b6f42ead25368cf5b098aeb3dc8a1a2c05a3eee8a9a1a68c640edbfc79d9" +dependencies = [ + "getrandom 0.4.2", + "js-sys", + "wasm-bindgen", +] + [[package]] name = "valuable" version = "0.1.1" @@ -3827,6 +4191,16 @@ dependencies = [ "libc", ] +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + [[package]] name = "want" version = "0.3.1" @@ -3947,7 +4321,7 @@ version = "0.244.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" dependencies = [ - "bitflags", + "bitflags 2.11.0", "hashbrown 0.15.5", "indexmap", "semver", @@ -3998,6 +4372,15 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" +[[package]] +name = "winapi-util" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" +dependencies = [ + "windows-sys 0.52.0", +] + [[package]] name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" @@ -4346,7 +4729,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" dependencies = [ "anyhow", - "bitflags", + "bitflags 2.11.0", "indexmap", "log", "serde", @@ -4457,6 +4840,20 @@ name = "zeroize" version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] [[package]] name = "zerotrie" diff --git a/Cargo.toml b/Cargo.toml index d80cac4f5..c15572280 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,13 +6,17 @@ members = [ "crates/ctl", "crates/sensor-ebpf-types", "crates/agent-guard", + "crates/smm", + "crates/hypervisor", + "crates/killchain", + "crates/dna", ] exclude = ["crates/sensor-ebpf"] # crates/sensor-ebpf compiles to bpfel-unknown-none target (separate build) resolver = "2" [workspace.package] -version = "0.9.3" +version = "0.9.4" edition = "2021" license = "Apache-2.0" repository = "https://github.com/InnerWarden/innerwarden" diff --git a/README.md b/README.md index 6bacf8447..954231474 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,17 @@ # Inner Warden +**The open-source security agent that detects, scores, and fights back.** + +> It's 2 AM. Someone brute-forces your SSH. You're asleep. +> Inner Warden blocks the IP, captures the session, deploys a honeypot, and alerts you on Telegram. +> You wake up to a report, not a compromised server. + +```bash +curl -fsSL https://innerwarden.com/install | sudo bash +``` + +Installs in 10 seconds. Starts in observe-only mode. Dry-run by default. You decide when to go live. + [](https://github.com/InnerWarden/innerwarden/actions/workflows/ci.yml) [](https://github.com/InnerWarden/innerwarden/actions/workflows/security.yml) [](https://github.com/InnerWarden/innerwarden/releases/latest) @@ -10,41 +22,44 @@    - - + +   -green)  -Inner Warden is an autonomous security agent for Linux and macOS. Full-stack visibility from Ring -2 (firmware) to Ring 3 (userspace). 40 eBPF kernel hooks. 49 detectors. 22 collectors. 30 cross-layer correlation rules. 65 MITRE ATT&CK technique mappings (40% validated via Caldera adversary emulation). 208 Sigma community rules. Autoencoder anomaly detection. Behavioral DNA attacker fingerprinting. Baseline anomaly detection. JA3/JA4 TLS fingerprinting. YARA + Sigma rule engines. Automated playbook response. Monthly threat reports. AI agent protection (Agent Guard + 71 ATR rules). Mesh collaborative defense. No cloud. No dependencies. Just two Rust daemons and a CLI. - -```bash -curl -fsSL https://innerwarden.com/install | sudo bash -``` - -Installs in 10 seconds. Starts in observe-only mode. You decide when to go live. - --- -## Who this is for +### Who is this for? -Inner Warden is built for **system administrators, DevOps engineers, and security professionals** who manage Linux or macOS servers and want host-level threat detection and response. +- **SREs and sysadmins** who manage Linux servers and want automated threat response, not just alerts +- **Self-hosters** who run exposed services and need production-grade security without enterprise pricing +- **AI agent operators** who run OpenClaw, LangChain, or n8n and need to stop agents from executing dangerous commands +- **Security teams** who want kernel-level visibility (eBPF) with MITRE ATT&CK coverage and compliance (ISO 27001) -You should be comfortable with: -- Managing firewall rules (ufw, iptables, nftables, or pf) -- Reading system logs and understanding security events -- Configuring services via TOML files and systemd/launchd -- Evaluating whether automated responses are appropriate for your environment +### How is this different? -This is **not** a plug-and-play consumer security product. Misconfigured response skills can lock out legitimate users or disrupt services. If you are unfamiliar with Linux system administration, start with the observe-only mode and study the logs before enabling any response capabilities. +| | Inner Warden | Falco | Wazuh | CrowdSec | +|---|:---:|:---:|:---:|:---:| +| Kernel-level detection (eBPF) | 40 hooks | Rules-based | No | No | +| Autonomous response (block, kill, isolate) | 20 playbooks | Alert only | Limited | IP only | +| AI-powered triage | 12 providers | No | No | No | +| Behavioral DNA fingerprinting | Per-attacker | No | No | No | +| Mesh collaborative defense | Ed25519 signed | No | No | Community lists | +| AI agent protection | Agent Guard + 71 rules | No | No | No | +| Dry-run by default | Yes | N/A | Yes | Yes | +| Memory footprint | ~150 MB | ~60 MB | ~500 MB+ | ~50 MB | +| License | Apache-2.0 | Apache-2.0 | GPL | AGPL | + +40 eBPF kernel hooks. 49 detectors. 22 collectors. 40 cross-layer correlation rules. 65 MITRE ATT&CK techniques (40% validated via Caldera). 208 Sigma community rules. Autoencoder anomaly detection. Behavioral DNA attacker fingerprinting. JA3/JA4 TLS fingerprinting. YARA + Sigma rule engines. 20 automated playbooks. Monthly threat reports. Mesh collaborative defense. No cloud. No dependencies. Just two Rust daemons and a CLI.
- Test the tool in real time · Watch the explainer video
+ See it responding to real attacks right now · 3-minute explainer video
No brain suggestions yet.
Deploy defender-brain.json to the data directory and the brain will start providing suggestions on each incident.
No brain suggestions yet.
The AlphaZero defender model is loaded and ready. Suggestions will appear here as incidents are processed and the brain evaluates each one alongside the AI provider.
| Time | '; html += 'Detector | '; html += 'Severity | '; @@ -10999,21 +11103,22 @@ const INDEX_HTML: &str = r##" for (const e of recent.entries) { const agreeIcon = e.agreed ? '✅' : '⚠️'; - const feedbackHtml = e.feedback === true ? 'TP' - : e.feedback === false ? 'FP' - : ``; - const sevColor = e.severity === 'Critical' ? '#e74c3c' : e.severity === 'High' ? '#e67e22' : e.severity === 'Medium' ? '#f1c40f' : '#95a5a6'; + const iid = esc(e.incident_id).replace(/'/g, "\\'"); + const feedbackHtml = e.feedback === true ? 'TP' + : e.feedback === false ? 'FP' + : ``; + const sevColor = e.severity === 'Critical' ? 'var(--danger)' : e.severity === 'High' ? 'var(--orange)' : e.severity === 'Medium' ? 'var(--warn)' : 'var(--muted)'; html += `|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ${new Date(e.ts).toLocaleString()} | `; - html += `${e.detector} | `; - html += `${e.severity} | `; - html += `${e.brain_action} (${e.brain_confidence}) | `; - html += `${e.ai_action} (${e.ai_confidence}) | `; + html += `${new Date(e.ts).toLocaleString()} | `; + html += `${esc(e.detector)} | `; + html += `${esc(e.severity)} | `; + html += `${esc(e.brain_action)} (${(e.brain_confidence*100).toFixed(0)}%) | `; + html += `${esc(e.ai_action)} (${(e.ai_confidence*100).toFixed(0)}%) | `; html += `${agreeIcon} | `; html += `${feedbackHtml} | `; html += `