Before you install
- Use a supported systemd-based Linux host with Bash and Python 3.
- Keep an active SSH session and provider console access during evaluation.
- Confirm your firewall and current trusted management addresses.
- Review the public source and signed release path if this is a production-adjacent host.
Installation does not immediately turn every finding into a firewall block.
Ubuntu and Debian with APT
Add the Vexyl signing key and source definition, refresh package metadata, then install the agent.
sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL https://vexyl.dev/repo/vexyl-packages.asc \
| sudo tee /etc/apt/keyrings/vexyl-packages.asc >/dev/null
curl -fsSL https://vexyl.dev/repo/vexyl.sources \
| sudo tee /etc/apt/sources.list.d/vexyl.sources >/dev/null
sudo apt update
sudo apt install vexyl-guard
Fedora, RHEL, Rocky Linux, and AlmaLinux with DNF
Add the signed Vexyl repository definition, then install through DNF.
sudo curl -fsSL https://vexyl.dev/repo/vexyl.repo \
-o /etc/yum.repos.d/vexyl.repo
sudo dnf install vexyl-guard
Direct verified installer
The public installer verifies Vexyl release metadata, signatures, and checksums before installing files. Read it first if you prefer not to pipe a remote script directly into a shell.
curl -fsSLo vexyl-install.sh https://vexyl.dev/install.sh
less vexyl-install.sh
sudo sh vexyl-install.sh
Start and check the agent
sudo systemctl start vexyl-guard
sudo systemctl status vexyl-guard --no-pager
sudo vexyl-guard status
sudo vexyl-guard validate-config
Warnings identify optional or degraded capabilities. Resolve configuration errors before enabling enforcement.
Share useful feedback without sharing your server
Generate a redacted report and attach only the output you have reviewed.
sudo vexyl-guard support-report