hexd Daemon
hexd is a service designed to run continuously, capturing essential data such as audit logs, metrics, etc.
Once collected, the data is securely transmitted to HexDroid for analysis and monitoring.
Features
SELinux Monitoring
hexd daemon provides real-time monitoring of SELinux violations, helping you detect and respond to security events
quickly.
When violations occur, hexd automatically captures the details and transmits them to the HexDroid for in-depth
analysis and reporting.
Enable SELinux monitoring with --selinux=1 parameter when starting the daemon.
For a complete feature overview on SELinux visit the SELinux Monitoring Overview.
Metrics
hexd daemon offers system metric collection.
By enabling metrics collection with the --metrics=1 parameter, you can capture range of system indicators, such as:
- CPU usage and load averages
- Memory consumption and swap utilization
- Network interface traffic and performance metrics
Refer to Built-in Metrics for an overview what metrics are captured.
For a complete metrics feature overview (including visualizations) refer to the Metrics Overview
Setup
Prebuild (Linux & Android) Package
Prebuild hexd binary is available for Linux and Android,
You can download the HexDroid CLI packaged binary from: https://github.com/HexDroidApp/hexd/releases
If provided prebuild package does not meet your specific environment or requirements, please contact our support team
for assistance.
support@hexdroid.com
Run it
Basic usage
./hexd --edgeKey=AABBCC --metrics=1 --selinux=1
On Android to run a native binary (for testing purposes) from adb shell:
adb push PATH_TO_DOWNLOADED_HEXD /data/local/tmp/adb shell- (Optional)
su(if running a userdebug build) chmod +x /data/local/tmp/hexd/data/local/tmp/hexd --edgeKey=AABBCC --metrics=1 --selinux=1
Authentication
The hexd daemon needs to communicate with the HexDroid service to upload metrics, events, and other data. To do so,
authentication is required.
Authentication is performed with Edge API Keys.
You can issue new edge keys or view current ones under: Project -> Project Settings -> Edge API Keys
Example: ./hexd --edgeKey=AABBCC
Alternatively, pass the Edge Key as an environment variable: HEX_edgeKey=AABBCC ./hexd
Configuration
Pass parameters as env
All parameters can be passed as environment variables by adding the prefix HEX_.
For example, to enable metrics collection using an environment variable: HEX_metrics=1.
Production Deployment
Linux
On Linux systems hexd can be run with systemd service.
To do so, create a new systemd service:
sudoedit /etc/systemd/system/hexd.service
with the following content:
[Unit]
Description=HexDroid Monitoring Daemon
After=network.target
[Service]
Type=simple
Restart=always
RestartSec=5
Environment="HEX_edgeKey=AABBCC"
ExecStart=/etc/hexd/hexd --selinux=1 --metrics=1
[Install]
WantedBy=multi-user.target
In this example, hexd binary is expected to be at /etc/hexd/hexd path.
Feel free to change the binary path based on your requirements.
Save the file, then start the service with:
sudo systemctl start hexd
To make sure service runs after reboot, run:
sudo systemctl enable hexd
You can check the status of the service with:
sudo systemctl status hexd
And service's logs with:
journalctl -u hexd -f
Android
service hexd /apex/com.example.app/bin/hexd
class main
user root
group system
setenv EXTERNAL_STORAGE /data/misc/apexdata/com.example.app