{"id":44228402,"url":"https://github.com/duggytuxy/syswarden","last_synced_at":"2026-07-12T10:00:56.700Z","repository":{"id":337453069,"uuid":"1153695079","full_name":"duggytuxy/syswarden","owner":"duggytuxy","description":"Active Defense and HIDS/HIPS Orchestration for Critical Linux Infrastructure","archived":false,"fork":false,"pushed_at":"2026-07-05T18:32:28.000Z","size":37930,"stargazers_count":287,"open_issues_count":0,"forks_count":24,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-07-05T19:22:09.896Z","etag":null,"topics":["abuseipdb-integration","blocklists","cybersecurity-tools","docker-security","firewall","firewall-configuration","firewall-rules","firewalld","ipset-lists","iptables","ipv4-address","linux","malicious-ips","nftables","security-tools","syswarden","ufw","waf","wazuh","wireguard"],"latest_commit_sha":null,"homepage":"https://syswarden.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/duggytuxy.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":"laurentmduggytuxy","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null}},"created_at":"2026-02-09T15:37:52.000Z","updated_at":"2026-07-05T18:27:03.000Z","dependencies_parsed_at":"2026-04-02T11:02:39.896Z","dependency_job_id":null,"html_url":"https://github.com/duggytuxy/syswarden","commit_stats":null,"previous_names":["duggytuxy/syswarden"],"tags_count":51,"template":false,"template_full_name":null,"purl":"pkg:github/duggytuxy/syswarden","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2Fsyswarden","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2Fsyswarden/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2Fsyswarden/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2Fsyswarden/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/duggytuxy","download_url":"https://codeload.github.com/duggytuxy/syswarden/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2Fsyswarden/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35388904,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-12T02:00:06.386Z","response_time":87,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abuseipdb-integration","blocklists","cybersecurity-tools","docker-security","firewall","firewall-configuration","firewall-rules","firewalld","ipset-lists","iptables","ipv4-address","linux","malicious-ips","nftables","security-tools","syswarden","ufw","waf","wazuh","wireguard"],"created_at":"2026-02-10T06:02:31.391Z","updated_at":"2026-07-12T10:00:56.675Z","avatar_url":"https://github.com/duggytuxy.png","language":"Go","funding_links":["https://ko-fi.com/laurentmduggytuxy"],"categories":["linux"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/syswarden_hero.svg\" alt=\"SysWarden\"\u003e\n  \u003cbr\u003e\u003cbr\u003e\n  \u003ca href=\"https://github.com/duggytuxy/syswarden/actions/workflows/package.yml\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/duggytuxy/syswarden/package.yml?style=flat\u0026logo=githubactions\u0026logoColor=white\" alt=\"SysWarden Builder and Packager\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/duggytuxy/syswarden/blob/main/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/duggytuxy/syswarden?style=flat\u0026logo=opensourceinitiative\u0026logoColor=white\" alt=\"GitHub License\"\u003e\n  \u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Platform-Linux_Universal-0052cc?style=flat\u0026logo=linux\u0026logoColor=white\" alt=\"Linux Universal\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Platform-FreeBSD_14.4+-ab2b28?style=flat\u0026logo=freebsd\u0026logoColor=white\" alt=\"FreeBSD 14.4+\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Platform-Alpine_Linux_3.21+-0D597F?style=flat\u0026logo=alpinelinux\u0026logoColor=white\" alt=\"Alpine Linux 3.21+\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Language-100%25_Go_Native-00ADD8?style=flat\u0026logo=go\u0026logoColor=white\" alt=\"100% Go Native\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Compliance-EU_CRA_Ready-003399?style=flat\u0026logo=shield\u0026logoColor=white\" alt=\"EU CRA Ready\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Compliance-ISO27001_Ready-003399?style=flat\u0026logo=shield\u0026logoColor=white\" alt=\"ISO27001 Ready\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Compliance-NIS2_Ready-3DD407?style=flat\u0026logo=shield\u0026logoColor=white\" alt=\"NIS2 Ready\"\u003e\n\n  \u003cbr\u003e\n  \u003cbr\u003e\n\n  \u003ca href=\"https://github.com/duggytuxy/syswarden/actions/workflows/scorecard.yml\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/duggytuxy/syswarden/scorecard.yml?style=flat\u0026logo=githubactions\u0026logoColor=white\u0026label=OSSF%20Scorecard%20Supply%20Chain%20Security\" alt=\"OSSF Scorecard Supply Chain Security\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/duggytuxy/syswarden/actions/workflows/security-audit.yml\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/duggytuxy/syswarden/security-audit.yml?style=flat\u0026logo=githubactions\u0026logoColor=white\u0026label=SysWarden%20Security%20Audit\" alt=\"SysWarden Security Audit\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/duggytuxy/syswarden/actions/workflows/dependabot/dependabot-updates\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Dependabot-Active-025e8c?style=flat\u0026logo=dependabot\u0026logoColor=white\" alt=\"Dependabot Updates\"\u003e\n  \u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Status-Production_Ready-blue?style=flat\u0026logo=status\u0026logoColor=white\" alt=\"Production Ready\"\u003e\n\u003c/p\u003e\n\n# SysWarden v3 🌟\n\n\u003ca href=\"https://score.getplumber.io/github.com/duggytuxy/syswarden\"\u003e\n    \u003cimg src=\"https://score.getplumber.io/github.com/duggytuxy/syswarden.svg\" alt=\"Plumber Score\"\u003e\n  \u003c/a\u003e\n\n**SysWarden** is an Enterprise-grade Hardened Host Intrusion Detection \u0026 Prevention System (HIDS - HIPS) engineered in **100% Native Golang**. Designed for critical Linux infrastructures, it enforces automated CIS Level 2 hardening, integrates global Threat Intelligence, and orchestrates dynamic network defense with absolute zero-trust execution.\n\nIt acts as a ruthless first line of defense. By fusing dynamic firewall orchestration (`nftables`/`iptables`/`pf`), global Threat Intelligence ([Data-Shield IPv4/IPv6](https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist), GeoIP, ASN), a high-speed memory-safe WAF daemon (`syswarden-core`), and SIEM alert routing natively via Go, SysWarden neutralizes threats at the network (L2/L3/L4) and application (L7) levels without exposing your kernel to shell injection risks.\n\n\u003e [!IMPORTANT]\n\u003e **Zero CWE Mitigation:** Re-architected entirely in Go, SysWarden v2 strongly mitigates risks of OS Command Injection (CWE-78), Memory Corruption (CWE-119), and Resource Exhaustion (CWE-400), seamlessly accelerating your **ISO 27001, NIS2, and CIS Benchmark** compliance.\n\n## Architectural Capabilities (CNAPP / HIDS-HIPS)\n\n**1. A \"Next-Gen HIPS\" (Host Intrusion Prevention System)**\nAt its core, SysWarden is a formidable HIPS. Unlike a traditional IDS (Intrusion Detection System) that merely alerts, SysWarden actively prevents attacks across multiple concrete OSI layers:\n* **Layer 2 (Data Link)**: ARP Request Rate-Limiting to instantly kill ARP Flooding/Spoofing attacks without breaking VRRP HA setups.\n* **Layer 3 \u0026 4 (Network \u0026 Transport)**: Stateful IP, CIDR, ASN, and GeoIP filtering via the `inet` family with explicit TCP Flag anomaly detection (e.g. killing invalid SYN/FIN/RST combinations). Includes a **Zero-Trust Strict ALLOW Mode** natively dropping any IP worldwide that isn't explicitly whitelisted via GeoIP or ASN.\n* **Layer 7 (Application)**: Advanced WAAP (Web Application Firewall) inspecting payloads via Zero-Overhead Substring Matching for zero-day exploits (SQLi, XSS, LFI, RCE) and HTTP 401/403/404 Brute-Force tracking via the native Go `WAAPEngine`.\n\n**2. A CWPP (Cloud Workload Protection Platform)**\nBy natively integrating Docker protection (Layer 3 via the `docker_protect` chain and Layer 7 via the Aho-Corasick WAF), SysWarden secures modern workloads. Whether the server hosts a Traefik cluster, databases, or containerized APIs, SysWarden wraps the containers in a shield without ever breaking their internal routing. This perfectly mirrors the behavior of enterprise agents like CrowdStrike or Palo Alto Prisma Cloud on Linux servers.\n\n**3. An Embedded WAAP (Web Application and API Protection)**\nThe legacy term \"WAF\" is increasingly replaced by \"WAAP\" as attacks aggressively target APIs. By specifically targeting Docker API abuse, authentication endpoints (Nextcloud, Proxmox, Gitlab), and application payloads (SQLi, RCE, LFI) via its `syswarden-core` Go engine, SysWarden acts as an embedded WAAP. It guarantees \"Zero-Trust\" even if the traffic is encrypted, by reading the access logs decrypted by your reverse proxy.\n\n**4. A Mini-SOAR (Security Orchestration, Automation, and Response)**\nSysWarden doesn't just block. It manages its own Threat Intelligence (ingesting Data-Shield, ASN, GeoIP feeds), synchronizes bans across different enterprise servers via its HA (High Availability) clustering module, and natively forwards telemetry. It autonomously orchestrates the entire incident response lifecycle.\n\n## Enterprise-Grade Features\n\n**100% Go Native Orchestration (Zero-Shell Execution)**\n* **Absolute Security:** Deprecated all legacy Bash scripts. Firewall generation, Systemd provisioning, \nand Telemetry operations are executed entirely in Go memory, utilizing native `os/exec` wrappers to eliminate `bash \n-c` vulnerabilities.\n* **Strict CIDR Validation:** Threat feeds are parsed mathematically using `net.ParseCIDR()`, instantly \ndestroying malformed payloads or metadata injections (CWE-20 mitigation).\n* **Asynchronous Telemetry Worker:** Replaced brittle system crons with native Go `sync.WaitGroup` \ngoroutines. Telemetry and HA syncing run flawlessly in the background with strict memory leak prevention.\n\n**Insider Threat Detection \u0026 Honeyports (Zero-Trust)**\n* **Shadow Mode:** Prevents legitimate administrative lockouts. When malicious Web Application attacks (e.g. PrivEsc, RCE attempts) originate from whitelisted administrative IPs, SysWarden silently tags the event as a `SHADOW-ALERT`. Legitimate admins are not banned, preventing disruption of service, while the SOC receives immediate notifications.\n* **Native L3 Honeyports:** Trap internal network scanners using `SYSWARDEN_HONEYPORTS`. Expose decoy ports (e.g. `6379`, `3306`) seamlessly integrated into the kernel firewall. Whitelisted IPs attempting access trigger shadow alerts, while external malicious IPs are instantly banned.\n* **Adaptive Hybrid Telemetry Engine:** Natively bridges L7 WAF Logs using high-speed `rsyslog` UDS sockets (Ubuntu/Debian) or seamlessly falls back to a native `systemd-journald` + Direct File Tailing hybrid engine (Fedora/RHEL) ensuring zero blind spots across disparate enterprise OS architectures.\n* **Layer 3/4 Catch-All Auditing:** Enforces total visibility by securely logging any packet hitting the hardware drop threshold before execution, populating the real-time observability console (`syswarden alerts`) with granular \"Catch-All\" traffic analytics.\n\n**Core Network Defense (Hardware \u0026 Layer 2/3)**\n* **OSI Layer 2 (ARP)**: An isolated `arp` table limits ARP requests to strictly mitigate network saturation floods natively.\n* **OSI Layer 3 (IP/Routing)**: Native Go `net/http` clients securely download and sync hostile countries (GeoIP), cybercrime hosters, and rogue ASNs.\n\n**Stateful \u0026 Protocol Optimization (Layer 3/4)**\n* Implements UFW-grade stateful enforcement by silently destroying late `FIN-ACK`/`RST` packets on expired `conntrack` sessions, and strictly blocking `NEW` connections lacking the `SYN` flag.\n* Modern web protocols natively supported. As a Zero-Trust Overlay, SysWarden guarantees HTTP/3 QUIC survival without stateful interference on UDP traffic.\n\n**Application Security \u0026 Active Response (Layer 7)**\n* Protects 56+ vital services (Docker, Nginx, Databases) using the ultra-fast `syswarden-core` WAF daemon.\n* **Multi-Tenant Docker WAF Bridge:** Transparently streams access logs from Traefik and isolated ModSecurity containers directly into the native Go engine using an asynchronous `rsyslog` (`imfile`/`omuxsock`) bridge.\n* **Native WAAP (L7) Engine:** Replaces Fail2ban entirely. Asynchronously parses raw access logs (Traefik, Nginx, Apache) in real-time. Detects advanced signatures (SQLi, XSS, LFI, RCE, Scanners) via Zero-Overhead Substring Matching for immediate blocking, and enforces native Nftables bans on abusive HTTP 401/403/404 attempts using memory-safe sliding-window tracking.\n* Native SIEM integration (`syswarden-cli` injects directly to `rsyslog` over TLS/UDP).\n* Sends critical bans securely to Discord/Teams webhooks natively, protected by `context.WithTimeout` against SSRF and deadlocks.\n\n**Observability \u0026 Lifecycle Management**\n* Monitor active threats via the Go-compiled **SysWarden TUI** (`syswarden-tui`), a localized, high-speed interface requiring zero open web ports.\n* Manage your infrastructure via the unified `syswarden-cli` orchestrator (e.g., `syswarden install`, `syswarden update`, `syswarden uninstall`).\n\n\u003e [!NOTE]\n\u003e **For CISOs and CIOs (Strategic Impact):** By offloading volumetric mitigation to the network edge and forwarding only high-fidelity behavioral data natively through Go, SysWarden drastically reduces SIEM ingestion costs and guarantees unbreachable operational continuity.\n\n## Supported Operating Systems \u0026 Firewall Backends\n\nSysWarden dynamically adapts to the native firewall orchestration engines of modern enterprise Linux distributions. The architecture relies on deep `systemd` integration:\n\n| Operating System | Native Firewall Engine(s) Supported | Status |\n| :--- | :--- | :--- |\n| **Debian 13 / 12** | `nftables`, `iptables` | Enterprise Ready |\n| **Ubuntu 24.04+** | `ufw`, `nftables`, `iptables` | Enterprise Ready |\n| **RHEL 9+** | `firewalld`, `nftables`, `iptables` | Enterprise Ready |\n| **Rocky Linux / AlmaLinux 9+** | `firewalld`, `nftables`, `iptables` | Enterprise Ready |\n| **Oracle Linux 10+** | `firewalld`, `nftables`, `iptables` | Enterprise Ready |\n| **Fedora 40+** | `firewalld`, `nftables`, `iptables` | Production Ready |\n| **Alpine Linux 3.21+** | `nftables` | Enterprise Ready |\n| **FreeBSD 14+** | `pf` (Packet Filter) | Enterprise Ready |\n\n## Installation Guide (v2.0 Native Deployment)\n\nSysWarden is exclusively distributed via standard package managers (`.deb` / `.rpm`).\n\n### 1. Enterprise Installation via Packages (.deb \u0026 .rpm)\n\nThe Go CLI and dependencies are automatically placed in `/opt/syswarden/bin/`, securely embedding the default configuration.\n\n```bash\n# 1. Fetch the latest release version automatically\nVERSION=$(curl -s https://api.github.com/repos/duggytuxy/syswarden/releases/latest | grep '\"tag_name\":' | cut -d '\"' -f 4)\nV_NUM=${VERSION#v}\n\n# 2. Download the appropriate package and its checksum\n# For Debian/Ubuntu (amd64 \u0026 arm64)\nwget https://github.com/duggytuxy/syswarden/releases/download/${VERSION}/syswarden_${V_NUM}_amd64.deb\nwget https://github.com/duggytuxy/syswarden/releases/download/${VERSION}/syswarden_${V_NUM}_arm64.deb\n# For RHEL/AlmaLinux/Rocky (x86_64 \u0026 aarch64)\nwget https://github.com/duggytuxy/syswarden/releases/download/${VERSION}/syswarden-${V_NUM}-1.x86_64.rpm\nwget https://github.com/duggytuxy/syswarden/releases/download/${VERSION}/syswarden-${V_NUM}-1.aarch64.rpm\n# For Alpine Linux (x86_64 \u0026 aarch64)\nwget https://github.com/duggytuxy/syswarden/releases/download/${VERSION}/syswarden_${V_NUM}_x86_64.apk\nwget https://github.com/duggytuxy/syswarden/releases/download/${VERSION}/syswarden_${V_NUM}_aarch64.apk\n# For FreeBSD 14+ (amd64)\nwget https://github.com/duggytuxy/syswarden/releases/download/${VERSION}/syswarden-${V_NUM}.txz\n\n# Also download the checksums\nwget https://github.com/duggytuxy/syswarden/releases/download/${VERSION}/SHA256SUMS.txt\n\n# 3. Verify Integrity\nsha256sum -c SHA256SUMS.txt --ignore-missing\n\n# 4. Install the package\n# For Debian/Ubuntu\nsudo apt-get install -y ./syswarden_${V_NUM}_*.deb\n# For RHEL/AlmaLinux/Rocky\nsudo dnf install -y ./syswarden-${V_NUM}-1.*.rpm\n# For Alpine Linux\nsudo apk add --allow-untrusted ./syswarden_${V_NUM}_*.apk\n# For FreeBSD 14+\nsudo pkg add ./syswarden-${V_NUM}.txz\n\n# 4. Read the exhaustive SysAdmin manual to understand all Data-Shield lists and configuration parameters\nsudo syswarden manual\n\n# 5. Review and tailor the embedded configuration to your infrastructure\nsudo syswarden config\n\n# The interactive wizard (or syswarden-auto.conf) allows configuring advanced parameters, for example:\n# - SYSWARDEN_ENABLE_L2=\"y\" (Enable OSI Layer 2 ARP Spoofing Prevention)\n# - SYSWARDEN_ARP_PROTECT=\"y\" (Enable 10req/sec ARP Flood limits)\n# - SYSWARDEN_LAN_MODE=\"y\" (Enable Local LAN Mode to save RAM by skipping global OSINT downloads)\n# - SYSWARDEN_BRUTEFORCE_LOGS=\"/var/log/traefik/access.log\" (Enable L7 WAF log parsing)\n\n# 5. Execute the Go Orchestrator to apply policies instantly\nsudo syswarden install\n```\n\n### 2. Updating Configurations (Zero-Downtime)\n\nIf you modify the configuration later using `syswarden config` (e.g., to enable a SIEM, add a GeoIP block, or modify whitelists), apply the changes instantly without interrupting production traffic:\n\n```bash\nsudo syswarden reload\n```\n\n### 3. Real-Time Observability \u0026 Alerts\n\nSysWarden provides comprehensive monitoring modes tailored for immediate action and long-term analysis. Both dashboards natively isolate and track **ALLOWED** (legitimate traffic) connections dynamically in bright green, making authorized services (e.g., successful SSH logins, Nginx/Apache 2xx requests) visually distinct from blocked threats.\n\n**A. Live Threat Streaming (Real-Time)**\nTo watch every single connection attempt (L2/L3/L4 structural drops, L7 WAF bans, and validated ALLOWED services) in real-time directly from the kernel and engine logs:\n```bash\nsudo syswarden alerts\n```\n\n**B. Telemetry Dashboard (TUI)**\nTo monitor global system health, metrics, top blocked ASNs, and observe real-time legitimate service activity, launch the integrated Terminal User Interface:\n```bash\nsudo syswarden tui\n```\n\n### 4. Upgrading SysWarden\n\nTo check for the latest Enterprise updates and perform an automated in-place upgrade (via GitHub Releases or APT):\n\n```bash\nsudo syswarden update\n```\n\n### 5. Quick Uninstall\n\nSafely reverse all OS hardening and kernel routing injected by SysWarden, reverting the machine to its native state in milliseconds:\n\n```bash\nsudo syswarden uninstall\n```\n\n### 6. Native Enterprise Management \u0026 Auditing\n\nSysWarden v2 includes a comprehensive, native Golang CLI to orchestrate all firewalls and system checks directly without bash scripts.\n\n**DevSecOps Full Audit:**\nRun a complete system compliance and integration check (Rsyslog bridges, Docker routing, WAF telemetry, Cron health):\n```bash\nsudo syswarden audit\n```\n\n### 7. Dynamic Management\nSysWarden provides an instantaneous, zero-delay CLI for incident response.\n\n```bash\n# Block or unblock an IP or CIDR Subnet instantly (e.g. 10.0.0.0/24)\nsudo syswarden block \u003cIP/CIDR\u003e\nsudo syswarden unblock \u003cIP/CIDR\u003e\n\n# Whitelist an IP or CIDR globally (optional PORT)\nsudo syswarden whitelist \u003cIP/CIDR\u003e [PORT]\nsudo syswarden unwhitelist \u003cIP/CIDR\u003e\n\n# Grant or revoke SSH-exclusive access\nsudo syswarden allow-ssh \u003cIP\u003e [PORT]\nsudo syswarden revoke-ssh \u003cIP\u003e\n\n# Auto-detect and whitelist critical infrastructure (DNS, Gateway)\nsudo syswarden whitelist-infra\n```\n\n**Diagnostics:**\n```bash\n# Check if an IP is blocked, whitelisted, or active in memory\nsudo syswarden check \u003cIP\u003e\n\n# List all active custom rules\nsudo syswarden list\n```\n\n### 8. High Availability (HA) Cluster Setup\n\nSysWarden natively supports High Availability (HA) clustering. When an attacker is blocked on one node (L3 or L7), the ban is instantly and securely replicated to all registered peers.\n\nStarting with v3.51.0, the HA synchronization uses a **\"Zero-Touch\" TLS P2P API**, abandoning the legacy SSH-based sync. The `syswarden-core` daemon dynamically generates self-signed certificates and enforces strict Zero-Trust TCP IP validation.\n\n**Prerequisites:**\n1. Both servers must have SysWarden installed and running.\n2. They must be able to communicate securely via a dedicated TCP port of your choice (default: `62026`).\n\n\u003e [!TIP]\n\u003e **Zero-Touch Auto-Whitelist**: The HA clustering engine natively and autonomously whitelists all configured `SYSWARDEN_HA_PEER_IP` nodes upon installation or reload. This eliminates the need for manual firewall interventions to allow the TLS P2P API traffic.\n\n**Configuration on each node:**\n1. Edit your enterprise configuration via the secure CLI:\n```bash\nsudo syswarden config\n```\n2. Enable HA and add your peer IP(s) (comma-separated) and the custom TLS port:\n```conf\nSYSWARDEN_HA_ENABLE=\"true\"\nSYSWARDEN_HA_PEERS=\"172.x.x.x,10.x.x.x\"\nSYSWARDEN_HA_PORT=\"62026\"\n```\n3. Reload the configuration instantly:\n```bash\nsudo syswarden reload\n```\n\n**Manual Synchronization:**\nWhile the `syswarden-core` daemon synchronizes in the background, you can also manually trigger a full blocklist push to all your peers at any time:\n```bash\nsudo syswarden ha-sync\n```\n\n## Documentation\n\nTo learn everything about the SysWarden ecosystem, explore detailed configurations, and read advanced usage guides, visit our [official documentation page](https://github.com/duggytuxy/syswarden/wiki/Deployment-Tutorial)\n\n## Target and support\n\n\u003e Goal: 38.5% reached/year (Goal) to fund continuous DevSecOps improvements and infrastructure.\n\nDeveloping **SysWarden** and maintaining the zero-false-positive **Data-Shield IPv4 blocklists** requires dedicated server infrastructure and non-stop threat monitoring.\n\nReaching this annual goal guarantees my 100% independence, funding a continuous development cycle without corporate constraints. Your support directly pays for the servers and keeps these enterprise-grade cybersecurity tools free, updated, and accessible to everyone.\n\nLet's build a safer internet together!\n\n[![Support on Ko-Fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/laurentmduggytuxy)\n\n## License\n\nSysWarden is free and open-source software distributed under the **GNU General Public License v3.0 (GPLv3)**.\n\nYou are free to use, modify, and distribute this software in compliance with the license terms. [LICENSE](/LICENSE) file for more details.\n\n*Developed and maintained by DuggyTuxy (Laurent M.).*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduggytuxy%2Fsyswarden","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fduggytuxy%2Fsyswarden","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduggytuxy%2Fsyswarden/lists"}