I spent the past year building this in my spare time because I got tired of enterprise security tools that cost $50K/year and don't understand Linux.
TheProtector is a comprehensive security monitoring tool that actually runs on the systems we use (Linux) instead of being a Windows-first afterthought. Built it entirely on a $500 laptop because I believe good security shouldn't require unlimited budgets.
Features: - Real-time process, network, and file monitoring - YARA malware detection with custom rules - eBPF kernel monitoring (when available) - Behavioral baseline establishment and anomaly detection - Active threat response (blocks IPs, kills processes, quarantines files) - Anti-evasion detection for rootkits and advanced threats - Honeypots for attack detection - Web dashboard for monitoring - Single bash script, no complex installation
The tagline is "not perfect but better than most" because I'm tired of security vendors claiming their tools are flawless. This actually works, costs $0, and you can read every line of code.
I know bash isn't the sexy choice for security tools, but it runs everywhere, has zero dependencies, and most Linux admins can read/modify it. Sometimes boring technology that works is better than fancy technology that doesn't.
It's designed for the intersection of "paranoid about security" and "don't have enterprise budgets" - which describes most of us actually running Linux systems.
GitHub: https://github.com/IHATEGIVINGAUSERNAME/theProtector
Been running it on my own systems for months. Catches the stuff that matters and doesn't flood you with false positives. If you hate expensive security theater as much as I do, might be worth a look.
Open to feedback, especially from folks who know more about this stuff than I do.
Thanks, IHATEGIVINGAUSERNAME (yes, I really do hate giving usernames)
BLKNSLVR•6mo ago
lotussmellsbad•6mo ago