Open-source Linux server security
Vexyl Guard
See hostile pressure on your server before deciding what to block.
A small Linux agent watches supported local logs for login attacks, exploit probes, hostile automation, suspicious service activity, and threats aimed at AI-connected apps. It starts in monitor mode and keeps enforcement under operator control.
Free public preview. Apache-2.0 source. Signed APT and DNF packages.
One host, useful context
More than a failed-login counter. Less than a heavyweight security stack.
Internet-facing Linux hosts are hit from several directions at once. Vexyl Guard brings supported authentication, web, mail, firewall, VPN, database, storage, and edge-log signals into one local scoring path so repeated behavior is easier to judge.
Explore Linux server protectionHow it works
Install carefully. Learn the baseline. Enforce deliberately.
- 1Install
Use the signed package repositories or verify the public installer.
- 2Observe
Start in monitor mode and review what normal and hostile activity look like.
- 3Decide
Validate configuration, narrow trusted ranges, and enable local action only when ready.
AI changes attack speed
Built for traditional server pressure and AI-enabled threats.
Vexyl Guard looks for fast mutation across probe categories and includes a defensive runtime scorer for prompts, external content, agent plans, and tool calls. Public documentation explains the safety model without publishing a bypass guide.
Read the AI threat modelExample defensive decision
- Input trust
- external / untrusted
- Tool scope
- verify before action
- High impact
- human approval
- Stored detail
- redacted summary
Operator resources
Useful guidance, whether or not you install Vexyl Guard.
Review server exposure, verify Linux tooling, and compare the right control for the job.
Check access, updates, exposed services, logs, backups, and recovery before an incident.
GuideAI-Enabled Threats Against Linux ServersUnderstand what AI changes, what it does not change, and where defensive visibility helps.
ComparisonVexyl Guard and Fail2BanCompare scope, defaults, deployment, and response without pretending the tools are identical.
Questions before installing
What does Vexyl Guard monitor?
Supported local Linux logs for authentication pressure, exploit probes, hostile automation, exposed-service activity, and selected threats aimed at AI-connected applications.
Does it block traffic immediately?
No. Monitor mode is the default. Review local findings and run configuration preflight before deciding whether to enable nftables or iptables enforcement.
Does it replace my firewall or Fail2Ban?
No single tool replaces patching, hardening, and a firewall. Vexyl Guard has a different, broader local signal model and can be evaluated alongside existing controls.
Is it free and open source?
Yes. The public host agent is free to install under Apache-2.0. Sponsorship funds signed releases, repositories, testing, and continued defensive work.