InnerWarden

InnerWarden / innerwarden

Public

Self-defending security agent for Linux and macOS. 19 detectors, 6 eBPF kernel programs, XDP wire-speed firewall, collaborative defense mesh network. AI triage, honeypots, Telegram alerts. Open-source Rust.

innerwarden.com autonomous-defense firewall honeypot host-security incident-response
26
1
100% credibility
Found Mar 22, 2026 at 26 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

Inner Warden is a self-hosted security tool that watches Linux and macOS servers for attacks like brute-force logins and scans, sends alerts, and optionally blocks threats automatically.

How It Works

1
🔍 Discover Inner Warden

You find this free security helper for your server while looking for ways to stop hackers on GitHub.

2
🚀 Install in seconds

Run one simple command and it sets itself up safely, watching your server without changing anything yet.

3
📊 Watch for trouble

Open the dashboard to see real-time alerts about failed logins, scans, or suspicious activity.

4
🔔 Get phone alerts

Connect your phone or chat app so you get instant notifications when something bad happens.

5
🧪 Test safe actions

Turn on pretend mode to see what blocks or stops it would do, without actually doing them.

🛡️ Server protected

Switch to live mode and relax — your server now automatically fights off attacks while you sleep.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 26 to 26 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is innerwarden?

InnerWarden is an open-source Rust security agent for Linux and macOS that monitors host activity with 19 detectors and eBPF kernel programs, spotting threats like SSH brute-force, port scans, and privilege escalations. It sends real-time alerts via Telegram or Slack, uses optional AI triage for confidence-scored decisions, and auto-responds with XDP firewall blocks, honeypots, or process kills—starting safely in observe-only mode. Installs via one curl command, runs two lightweight daemons under 50MB RAM, no cloud required.

Why is it gaining traction?

It beats basic tools like Fail2Ban by layering eBPF tracing, collaborative mesh network defense across nodes, and AI-optional responses that sync with tools like Cloudflare or AbuseIPDB. Developers dig the CLI for enabling modules (e.g., `innerwarden enable block-ip`), local dashboard for investigations, and reversible actions with full audit trails. Zero dependencies and wire-speed XDP firewall deliver production-grade protection without overhead.

Who should use this?

DevOps engineers and sysadmins securing self-hosted Linux or macOS servers—think SSH-exposed web apps, Docker hosts, or nginx proxies under constant scans. Ideal for those ditching cloud EDR for on-prem control, especially with integrations like Suricata or osquery already running.

Verdict

Promising experimental agent with solid Rust foundation and thoughtful safe defaults, but 26 stars and 1.0% credibility score signal early-stage risks—test in staging first. Strong docs and CLI make it worth a spin for host defense needs.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.