█████╗ ███████╗ ██████╗ ██╗███████╗ ██████╗ ██╗ ██╗ █████╗ ██████╗ ██████╗
██╔══██╗██╔════╝██╔════╝ ██║██╔════╝ ██╔════╝ ██║ ██║██╔══██╗██╔══██╗██╔══██╗
███████║█████╗ ██║ ███╗██║███████╗ ██║ ███╗██║ ██║███████║██████╔╝██║ ██║
██╔══██║██╔══╝ ██║ ██║██║╚════██║ ██║ ██║██║ ██║██╔══██║██╔══██╗██║ ██║
██║ ██║███████╗╚██████╔╝██║███████║ ╚██████╔╝╚██████╔╝██║ ██║██║ ██║██████╔╝
╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝
Linux Endpoint Security Suite — Full Stack
by Vladimir Unknown
bash installers/install-linux.shDetects your distro (with a manual override menu: Debian/Ubuntu, Fedora/RHEL, Arch, openSUSE, Alpine), installs the right system packages, builds everything, and installs it system-wide:
aegis-process-engine+aegis-network-observeras systemd services/run/aegissocket directory made persistent across reboots viasystemd-tmpfiles- A desktop icon — "Aegis-Guard" — that starts both engines and the dashboard together with one click, and stops the engines again when you close the window
- A narrowly-scoped passwordless sudo rule limited to starting/stopping exactly those two services (nothing else)
To uninstall everything: bash installers/uninstall-linux.sh
bash aegis.shRuns everything from the project folder without installing binaries or services system-wide — good for testing before committing to a full install.
Behavioral endpoint security for Linux: process lineage, execution paths, command-line patterns, environment manipulation, network anomalies, threat intelligence correlation, and active response — all in one dashboard.
No kernel modules. No eBPF. Distro-agnostic (kernel ≥ 4.9).
Process (PAR) — suspicious parentage: browser→shell, sshd→shell→net-tool, maldoc→interpreter, orphans, PID reuse Path (PATH) — execution from /tmp, memfd_create, path traversal Arguments (ARG) — base64/eval obfuscation, long inline scripts, argv masquerading Environment (ENV) — LD_PRELOAD injection, PATH hijacking Network (NET) — C2 ports, port scans, SSRF, protocol tunnelling Behavioral (BEH) — Z-score deviation from per-process resource baseline Threat Intel (IOC) — IP/domain/hash correlation against CTI feeds Canary — data exfiltration detection via embedded tokens
Kill (SIGTERM→grace→SIGKILL) · Quarantine (network isolation) · Whitelist —
all require a typed challenge token and are BLAKE3-chain audit-logged.
Hard safety limits: never targets PID < 100, kernel threads, or systemd/init/aegis-*.
sudo bash install/setup.sh # installs systemd services
sudo systemctl start aegis-process-engine
sudo systemctl start aegis-network-observer
cd tauri-app && AEGIS_NET=1 cargo tauri devaegis-guard/
├── aegis.sh # ← one-button launcher (start here)
├── crates/ # 10 Rust crates — engine, IPC, journal, entropy,
│ # updater, active-defense, threat-intel,
│ # behavioral, deception, self-protect
├── network-observer/ # Go: /proc/net monitor + NET rules
├── tauri-app/ # Rust backend + React 18 dashboard
├── installer/ # optional interactive TUI wizard
└── install/setup.sh # systemd service installer
Aegis-Guard by Vladimir Unknown — Defensive security for your own machine.