Host security visibility

Security monitoring for exposed Linux servers.

Vexyl Guard helps VPS owners, self-hosters, and small infrastructure teams make sense of repeated hostile activity without starting with a large security platform.

What Vexyl Guard watches

The agent reads supported local log formats that already describe pressure against your server. It classifies and scores repeated activity by source while keeping the evidence path on the host.

  • SSH and authentication failures.
  • Web reconnaissance, secret-file probes, exploit-like requests, and scanner identities.
  • Postfix, kernel firewall, VPN, database, object-storage, and edge/CDN security events when those logs are readable.
  • Fast movement across different probe categories that can indicate automated adaptation.
  • Selected prompt-injection probes aimed at AI-backed web applications.

What it does not replace

Vexyl Guard is one layer. Keep operating-system updates, least-privilege access, SSH key hygiene, backups, firewall policy, application security, and provider controls.

No “unhackable” claims.

Security software reduces uncertainty and response time. It does not guarantee that a server cannot be compromised.

Monitor-first by design

New security agents should earn trust before they change network policy. Vexyl Guard begins in monitor mode, records local decisions, and provides a configuration preflight before enforcement.

  1. Install on one non-critical host.
  2. Review normal activity and noisy sources.
  3. Add only narrow, trusted addresses or CIDR ranges to the allowlist.
  4. Enable local firewall enforcement only when the policy matches the host.

Small deployment surface

The host agent is a Bash service with a Python-based local defensive intelligence CLI. Packages install the agent, systemd unit, monitor-mode configuration, and public verification keys. A hosted console is optional rather than required for local observation.

Made for servers people actually operate

  • Public VPS instances.
  • Reverse proxies and web servers.
  • Self-hosted applications and small SaaS hosts.
  • Mail, VPN, database, and object-storage servers with supported logs.
  • Linux hosts serving applications connected to language models or agent tools.