Linux installation

Install Vexyl Guard on your Linux server.

Use the signed package repository for routine hosts. Start on one non-critical server, leave monitor mode enabled, and review local output before changing policy.

Current public preview: v0.2.11. Commands require root or sudo access on a host you are authorized to operate.

Before you install

  • Use a supported systemd-based Linux host with Bash and Python 3.
  • Keep an active SSH session and provider console access during evaluation.
  • Confirm your firewall and current trusted management addresses.
  • Review the public source and signed release path if this is a production-adjacent host.
Monitor mode is the default.

Installation does not immediately turn every finding into a firewall block.

Ubuntu and Debian with APT

Add the Vexyl signing key and source definition, refresh package metadata, then install the agent.

sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL https://vexyl.dev/repo/vexyl-packages.asc \
  | sudo tee /etc/apt/keyrings/vexyl-packages.asc >/dev/null
curl -fsSL https://vexyl.dev/repo/vexyl.sources \
  | sudo tee /etc/apt/sources.list.d/vexyl.sources >/dev/null
sudo apt update
sudo apt install vexyl-guard

Fedora, RHEL, Rocky Linux, and AlmaLinux with DNF

Add the signed Vexyl repository definition, then install through DNF.

sudo curl -fsSL https://vexyl.dev/repo/vexyl.repo \
  -o /etc/yum.repos.d/vexyl.repo
sudo dnf install vexyl-guard

Direct verified installer

The public installer verifies Vexyl release metadata, signatures, and checksums before installing files. Read it first if you prefer not to pipe a remote script directly into a shell.

Inspect, then run
curl -fsSLo vexyl-install.sh https://vexyl.dev/install.sh
less vexyl-install.sh
sudo sh vexyl-install.sh

Read the verification guide

Start and check the agent

sudo systemctl start vexyl-guard
sudo systemctl status vexyl-guard --no-pager
sudo vexyl-guard status
sudo vexyl-guard validate-config

Warnings identify optional or degraded capabilities. Resolve configuration errors before enabling enforcement.

Share useful feedback without sharing your server

Generate a redacted report and attach only the output you have reviewed.

sudo vexyl-guard support-report