Skip to content
/ hermes_runtime Public

A policy-driven binary mediation runtime that intercepts and controls program behavior at the syscall boundary without source code access.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Quantum-Fiend/hermes_runtime

BranchesTags

Repository files navigation

HERMES: Policy-Driven Binary Runtime

HERMES Logo

Build Status License: MIT Rust n8n Ready

A policy-driven execution monitor for intercepting and reshaping binary behavior without source code access.

Features β€’ Installation β€’ Architecture β€’ n8n Automation β€’ Contributing

πŸš€ Overview

HMERES is a semantic mediation layer that operates between the user-space program and the Linux kernel. By leveraging ptrace and seccomp, it lifts raw system calls into a safe Rust environment where Lua policies determine the fate of every action.

Why? Modern Ops requires control over opaque binaries (legacy, third-party, untrusted). HERMES gives you a programmable firewall for execution.

✨ Key Features

  • πŸ›‘οΈ Safety First: Core logic run in Rust to guarantee memory safety during mediation.
  • ⚑ Zero-Compromise Interception: Efficient seccomp filtering minimizes overhead.
  • πŸ“œ Dynamic Policies: Hot-reload Lua scripts to change rules on the fly (No restarts).
  • πŸ”§ Advanced Mediation:
    • Block: Prevent syscalls (execve, connect).
    • Modify: Rewrite arguments (e.g., redirect /etc/shadow to /tmp/fake).
  • πŸ€– Automation Ready: Integrated support for n8n webhooks for security alerts.

πŸ— Architecture

graph TD
    subgraph "Hostile Binary"
        Target[Target Process]
    end

    subgraph "HERMES Runtime"
        Interceptor[C/Seccomp Interceptor]
        Core[Rust Mediation Core]
        Lua[Lua Policy Engine]
    end

    subgraph "Automation"
        n8n[n8n Workflow]
    end

    Target -- Syscall --> Interceptor
    Interceptor -- Context --> Core
    Core -- Event --> Lua
    Lua -- Decision --> Core
    Core -- Webhook (Alert) --> n8n
    Core -- Result --> Interceptor
    Interceptor -- Resume/Block --> Target
Loading

πŸ“¦ Installation

Prerequisites

  • Linux (x86_64) or Windows (Simulator Mode)
  • Rust 1.75+
  • libseccomp-dev (Linux only)

Build

git clone https://github.com/Quantum-Fiend/hermes-runtime.git
cd hermes-runtime

# Linux (Full Production Build)
make all

# Cross-Platform (Partial Simulator)
cargo build --release --bin hermes

πŸ’» Usage

1. Running a Policy

HERMES wraps your binary execution.

# General Syntax
./hermes run --policy <POLICY_FILE> --target <BINARY>

# Example: Block all network connections
./hermes run --policy policies/firewall.lua --target ./nginx

2. Simulator (Windows/Mac)

If you are developing policies on a non-Linux machine:

run_simulation.bat

πŸ€– n8n Security Automation

HERMES is designed to integrate with n8n for realtime security operations (SecOps).

Setup

  1. Import integrations/n8n/hermes-security-alert.json into your n8n instance.
  2. Configure your HERMES policy to emit JSON events on violations (coming in v1.1).
  3. Receive Slack alerts whenever a binary attempts unauthorized access.

πŸ“ Repository Structure

Path Description
core/rust The Brain: Safe mediation logic & Policy Engine.
intercept/c The Hands: Low-level ptrace hooks.
scripting/lua The Rules: Example policies.
demo/ The Test: Opaque binary for verification.
integrations/ The Automations: n8n workflows.

🀝 Contributing

Contributions are welcome! Please read CONTRIBUTING.md for architectural guidelines.

Built with ❀️ by Tushar

About

A policy-driven binary mediation runtime that intercepts and controls program behavior at the syscall boundary without source code access.

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages