Apache-2.0 · Linux · Rust

The security agent that fights back.

Name: Inner Warden
Author: Inner Warden

Most security tools warn you when something's wrong. Inner Warden runs its own AI deep inside your server, decides what's a real threat, and stops it. No team to react, no cloud needed. Open-source, you decide where your data goes.

Protect your server Star on GitHub

stars112|Live threat feed|Blocks attacks in 4s · One-command install · Self-hosted

Zero to protected

Install

curl -fsSL https://www.innerwarden.com/install | sudo bash

setup: automatic
mitre: 65 techniques
default: dry-run

How it works

Five jobs. One agent inside your server.

Why you need this

A guard. Inside your server.

It lives where the action is.

Not a tool watching from outside. Not an alert in someone else's dashboard. Inner Warden runs inside your server, watches what every program does, and decides what to do. All without leaving the box.

You can just ask it.

What happened on this server today? Did anyone try to log in? Is that process supposed to be running? Ask in plain English, get an answer in plain English. No grep, no log files, no SIEM query.

The attacker presses Enter. Nothing happens.

When a malicious command runs on your server, Inner Warden sees it before the kernel does. Suspicious shell, blocked. Privilege escalation, killed. The attacker types, but nothing executes.

See it in action

It's 2 AM. Someone brute-forces your SSH. You're asleep.

Here's what Inner Warden does while you don't notice.

Threat contained. 4 seconds.

8 failed SSH logins in 300 seconds from 203.0.113.42. Inner Warden catches the pattern, the local AI confirms brute-force with 0.90 confidence. No cloud call, no data leaving the server. Firewall deny rule added via ufw. Logged for the morning summary. Your phone stays quiet.

AI decision

ModelLocal Warden (in-process)

Verdict

Multiple failed SSH login attempts from same external IP

Confidence

0.90

Action

block-ip-ufw

Blocked 203.0.113.42 via ufw in 4 seconds

They came back. Inner Warden remembered.

Same attacker, different IP. Behavioral fingerprinting recognizes them: same commands, same targets, same timing window. The new IP is treated as a known threat from the start. Then they hit the honeypot. Fake SSH session, real capture. Every command logged.

Honeypot session

Attacker

203.0.113.55

DNA match: same actor as 203.0.113.42 (0.87 confidence)

Auth attempts

Commands

$ tyty

$ ls

Session ended. IP blocked. Full transcript logged.

When you wake up, one notification: 12 threats handled overnight. None reached your applications.

Phone only buzzes for the things you'd actually want to be woken up for. Blocked IPs are reported to AbuseIPDB and pushed to Cloudflare WAF. Your defense protects others, theirs protects you.

How it protects you

Start safe. Scale up when ready.

Every feature is off by default. Enable what you need, when you need it.

Basic Protection

Start here

SSH brute-force detection
Credential stuffing detection
Real-time monitoring
Full audit trail
Multi-channel notifications
Dry-run mode by default

Automated Defense

Enable when ready

Auto-block malicious IPs
AI-powered confidence scoring
Actions require your approval
Cloudflare WAF integration
AbuseIPDB reporting
nginx rate limiting

Advanced

Optional power-ups

Cross-IP attacker tracking (DNA)
Neural anomaly detection (daily retrain)
47 cross-layer correlation rules
SSH honeypot trap
AI command validation for agents
DDoS shield with adaptive rate limiting

Not sure what to enable? One command figures it out.

innerwarden system scan

Scans your server, detects what's running (SSH, Docker, nginx, Suricata, osquery...), and tells you exactly what to enable.

Built for trust

What if it makes a mistake?

Dry-run by default

Nothing changes until you explicitly enable live mode.

Rust controls execution

The AI can analyze, but never execute. A compromised model cannot harm your server.

Hash-chained audit trail

Every decision and action is logged in a tamper-proof chain. You can always review what happened and why. GDPR export and erase built in.

Policy-gated actions

You decide what gets blocked and what gets flagged. Set your own thresholds and rules.

Manual approval

High-risk actions can require manual approve or deny from your preferred channel.

Compliance

Designed for regulated environments.

Inner Warden ships with the controls auditors look for. Hash-chained audit trails, admin action logging, session management, configurable retention, and GDPR data subject commands. Everything included, Apache-2.0 licensed. Built in from day one.

SHA-256 hash-chained audit trail

Every decision and admin action recorded in a tamper-evident SQLite audit trail with SHA-256 hash chain. Every decision queryable via standard SQL. Modify one entry and the chain breaks.

Admin action logging

Every capability enable, config change, IP block, and login recorded with operator identity, timestamp, and parameters.

GDPR export and erase

innerwarden gdpr export and innerwarden gdpr erase. Search by IP or username across all data files. Hash chains recomputed after erasure.

Configurable retention

Events: 7 days. Incidents: 30 days. Audit trail: 90 days. All configurable per your compliance requirements.

Session-based authentication

Dashboard auth with session tokens, configurable timeout, max concurrent sessions, and automatic expiry. Login and logout audited.

Forensic evidence capture

Automatic process state snapshots for high-severity incidents: open files, network connections, memory maps. Credentials redacted.

Designed to meet ISO 27001 Annex A controls (A.9, A.10, A.12, A.16, A.18). Read the full privacy and data protection documentation.

Safe to install

Yes, it's `curl | bash`. Here's what it does.

curl -fsSL https://www.innerwarden.com/install | sudo bash

Downloads a single SHA-256 verified binary (~7 MB) to /usr/local/bin
Creates a dedicated service user with minimal permissions
Starts sensor + agent via systemd (Linux) or launchd (macOS)
Begins in dry-run mode. No firewall changes until you say so.

Want to read the script first? innerwarden.com/install

Your phone is the dashboard

Talk to your server. In plain English.

Daily summary in the morning, urgent alerts only when something actually needs you, and a conversational AI that answers questions about your server's security. Telegram, Slack, webhook, syslog. Your choice of channel.

Inner Wardenbot

online

Target eliminated · my-vps-01

Blocked 203.0.113.42

AbuseIPDB: 100/100

United States · Example Hosting

Possible SSH brute force from 203.0.113.42

Confidence: 99% | Clean kill. Zero doubt.

09:48

How is everything today?

11:25

Operationally, it's a busy day but under control.

You've had 10 intrusion attempts today and the guard rails are doing their job. Two likely SSH brute-force sources and one credential-stuffing pattern from 198.51.100.17 hitting multiple usernames.

Net assessment: low-to-moderate risk right now, not an active compromise. No signs of lateral movement, persistence, or exfil.

If you want the hardening posture tightened:

- keep SSH rate limiting active

- ensure password auth is off if you can

- consider blocking the two offending IPs

11:25

Message

Ask anything, or use a shortcut

Plain English works. Slash commands too.

Guardian status: mode, AI, threat intel

/status

Recent intrusion attempts

/threats

Actions I've taken

/decisions

Threat actors currently contained

/blocked

Full health check with fix hints

/doctor

Activate auto-defend mode

/guard

Switch to passive monitor mode

/watch

Ask me anything, I know my config

/ask

Pick your channel

innerwarden config alerts

Interactive wizard. Telegram, Slack, webhook, or syslog. Pick one or stack them.

Collaborative defense

Attack one node. Protect them all.

Inner Warden nodes form a mesh network. When one detects a threat, all others block the attacker automatically. Like birds that fly when one hears danger.

Ed25519 signed

Every threat signal is cryptographically signed. Tampered signals are rejected instantly.

Game-theory trust

Tit-for-tat reputation. New peers start skeptical. Trust grows with confirmed signals, drops with false ones. 3:1 asymmetry.

Staged with TTL

No signal causes permanent action. Everything is scored and staged. Blocks auto-revert if not confirmed locally.

Sybil resistant

New nodes start at trust 0.1. Rate-limited to 50 signals/hour. Malicious nodes get quarantined automatically.

Enable in seconds

innerwarden config mesh enable

innerwarden config mesh add-peer https://peer-server:8790

That's it. Identity generated automatically. Peers discovered via ping. Trust builds over time as signals get confirmed.

Ready?

Your server should defend itself. Let it.

40 kernel hooks. 49 detectors. 65 MITRE techniques covered. Local AI on your hardware. Behavioral DNA tracking attackers across IPs. Dry-run by default.