Open-source Linux server security

Vexyl Guard

See hostile pressure on your server before deciding what to block.

A small Linux agent watches supported local logs for login attacks, exploit probes, hostile automation, suspicious service activity, and threats aimed at AI-connected apps. It starts in monitor mode and keeps enforcement under operator control.

Free public preview. Apache-2.0 source. Signed APT and DNF packages.

Monitor firstObserve before changing host policy.
Local decisionsKeep firewall action on the server you operate.
Signed releasesVerify installers, packages, and upgrades.
Public sourceRead the agent and follow every release.

One host, useful context

More than a failed-login counter. Less than a heavyweight security stack.

Internet-facing Linux hosts are hit from several directions at once. Vexyl Guard brings supported authentication, web, mail, firewall, VPN, database, storage, and edge-log signals into one local scoring path so repeated behavior is easier to judge.

Explore Linux server protection
AuthenticationRepeated failures and credential pressure
Web exposureReconnaissance, exploit probes, and path guessing
Service activityMail, VPN, database, storage, and edge events
AI-connected appsPrompt probes and high-risk runtime checks

How it works

Install carefully. Learn the baseline. Enforce deliberately.

  1. 1
    Install

    Use the signed package repositories or verify the public installer.

  2. 2
    Observe

    Start in monitor mode and review what normal and hostile activity look like.

  3. 3
    Decide

    Validate configuration, narrow trusted ranges, and enable local action only when ready.

AI changes attack speed

Built for traditional server pressure and AI-enabled threats.

Vexyl Guard looks for fast mutation across probe categories and includes a defensive runtime scorer for prompts, external content, agent plans, and tool calls. Public documentation explains the safety model without publishing a bypass guide.

Read the AI threat model

Example defensive decision

Input trust
external / untrusted
Tool scope
verify before action
High impact
human approval
Stored detail
redacted summary

Operator resources

Useful guidance, whether or not you install Vexyl Guard.

Review server exposure, verify Linux tooling, and compare the right control for the job.

Browse all resources

Public preview

Start with one non-critical Linux host.

Install in monitor mode, validate the configuration, and tell us where the experience is unclear.

Questions before installing

What does Vexyl Guard monitor?

Supported local Linux logs for authentication pressure, exploit probes, hostile automation, exposed-service activity, and selected threats aimed at AI-connected applications.

Does it block traffic immediately?

No. Monitor mode is the default. Review local findings and run configuration preflight before deciding whether to enable nftables or iptables enforcement.

Does it replace my firewall or Fail2Ban?

No single tool replaces patching, hardening, and a firewall. Vexyl Guard has a different, broader local signal model and can be evaluated alongside existing controls.

Is it free and open source?

Yes. The public host agent is free to install under Apache-2.0. Sponsorship funds signed releases, repositories, testing, and continued defensive work.