[PR #725] [CLOSED] Add InnerWarden to Monitoring & Status Pages #5852

New Issue

GiteaMirror · 2026-05-02T17:15:45-05:00

GiteaMirror commented

2026-05-02 17:15:45 -05:00

📋 Pull Request Information

Original PR: https://github.com/awesome-foss/awesome-sysadmin/pull/725
Author: @maiconburn
Created: 3/29/2026
Status: ❌ Closed

Base: master ← Head: add-innerwarden

📝 Commits (1)

770b412 Add InnerWarden to Monitoring & Status Pages

📊 Changes

1 file changed (+1 additions, -0 deletions)

View changed files

📝 README.md (+1 -0)

📄 Description

Thank you for taking the time to work on a PR for Awesome-Sysadmin!

To ensure your PR is dealt with swiftly please check the following:

Your additions are Free software
Software you are submitting is not your own, unless you have a healthy ecosystem with a few contributors (which aren't your sock puppet accounts).
Submit one item per pull request. This eases reviewing and speeds up inclusion.
Format your submission as follows, where Demo and Clients are optional.
Do not add a duplicate Source code link if it is the same as the main link.
Keep the short description under 80 characters and use sentence case
for it, even if the project's webpage or readme uses another capitalisation.
Demo links should only be used for interactive demos, i.e. not video demonstrations.
Additions are inserted preserving alphabetical order.
Additions are not already listed at awesome-selfhosted
The Language tag is the main server-side requirement for the software. Don't include frameworks or specific dialects.
You have searched the repository for any relevant issues or PRs, including closed ones.
Any category you are creating has the minimum requirement of 3 items.
Any software project you are adding to the list is actively maintained.
The pull request title is informative, unlike "Update README.md".

Why is it awesome?

InnerWarden is an autonomous security agent that combines real-time eBPF-based kernel monitoring (38 hooks) with 48 threat detectors and automated incident response. It detects and responds to threats like rootkits, ransomware, reverse shells, and privilege escalation without manual intervention.

Have you used it? For how long?

Yes, I am the author and have been running it in production for over a year on Linux servers.

Is this in a personal or professional setup?

Both personal and professional environments.

How many devices/users/services/... do you manage with it?

Multiple Linux servers monitoring system security, network activity, and container workloads.

Biggest pros/cons compared to other solutions?

Pros: Written in Rust for memory safety and performance, deep kernel visibility via eBPF (38 hooks), autonomous response (blocks IPs, kills processes, suspends users), no external dependencies for detection. Cons: Linux-only for eBPF features, BUSL-1.1 license (converts to open source after change date).

Any other comments about your use case, things you've found excellent, limitations you've encountered... ?

The eBPF subsystem provides kernel-level visibility that most monitoring tools lack, covering syscalls, LSM hooks, and firmware-level operations. The sensor is fully deterministic with no AI/HTTP dependencies, making it reliable for security-critical environments.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/awesome-foss/awesome-sysadmin/pull/725 **Author:** [@maiconburn](https://github.com/maiconburn) **Created:** 3/29/2026 **Status:** ❌ Closed **Base:** `master` ← **Head:** `add-innerwarden` --- ### 📝 Commits (1) - [`770b412`](https://github.com/awesome-foss/awesome-sysadmin/commit/770b412eb30215f06d1fe23c9355c72cb2c308d8) Add InnerWarden to Monitoring & Status Pages ### 📊 Changes **1 file changed** (+1 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+1 -0) </details> ### 📄 Description Thank you for taking the time to work on a PR for Awesome-Sysadmin! To ensure your PR is dealt with swiftly please check the following: - [x] Your additions are [Free software](https://en.wikipedia.org/wiki/Free_software) - [x] Software you are submitting is not your own, unless you have a healthy ecosystem with a few contributors (which aren't your sock puppet accounts). - [x] Submit one item per pull request. This eases reviewing and speeds up inclusion. - [x] Format your submission as follows, where `Demo` and `Clients` are optional. Do not add a duplicate `Source code` link if it is the same as the main link. Keep the short description under 80 characters and use [sentence case](https://en.wikipedia.org/wiki/Letter_case#Sentence_case) for it, even if the project's webpage or readme uses another capitalisation. `Demo` links should only be used for interactive demos, i.e. not video demonstrations. - [x] Additions are inserted preserving alphabetical order. - [x] Additions are not already listed at [awesome-selfhosted](https://awesome-selfhosted.net) - [x] The `Language` tag is the main **server-side** requirement for the software. Don't include frameworks or specific dialects. - [x] You have searched the repository for any relevant [issues](https://github.com/awesome-foss/awesome-sysadmin/issues) or [PRs](https://github.com/awesome-foss/awesome-sysadmin/pulls), including closed ones. - [x] Any category you are creating has the minimum requirement of 3 items. - [x] Any software project you are adding to the list is actively maintained. - [x] The pull request title is informative, unlike "Update README.md". -------------- - **Why is it awesome?** InnerWarden is an autonomous security agent that combines real-time eBPF-based kernel monitoring (38 hooks) with 48 threat detectors and automated incident response. It detects and responds to threats like rootkits, ransomware, reverse shells, and privilege escalation without manual intervention. - **Have you used it? For how long?** Yes, I am the author and have been running it in production for over a year on Linux servers. - **Is this in a personal or professional setup?** Both personal and professional environments. - **How many devices/users/services/... do you manage with it?** Multiple Linux servers monitoring system security, network activity, and container workloads. - **Biggest pros/cons compared to other solutions?** Pros: Written in Rust for memory safety and performance, deep kernel visibility via eBPF (38 hooks), autonomous response (blocks IPs, kills processes, suspends users), no external dependencies for detection. Cons: Linux-only for eBPF features, BUSL-1.1 license (converts to open source after change date). - **Any other comments about your use case, things you've found excellent, limitations you've encountered... ?** The eBPF subsystem provides kernel-level visibility that most monitoring tools lack, covering syscalls, LSM hooks, and firmware-level operations. The sensor is fully deterministic with no AI/HTTP dependencies, making it reliable for security-critical environments. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-05-02 17:15:45 -05:00

GiteaMirror closed this issue

2026-05-02 17:15:46 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/awesome-sysadmin#5852