hngopher.com

       [HN Gopher] Show HN: TheProtector - Linux Bash script for the pa...
       ___________________________________________________________________
        
       Show HN: TheProtector - Linux Bash script for the paranoid admin on
       a budget
        
       Hi HN,  I spent the past year building this in my spare time
       because I got tired of enterprise security tools that cost
       $50K/year and don't understand Linux.  TheProtector is a
       comprehensive security monitoring tool that actually runs on the
       systems we use (Linux) instead of being a Windows-first
       afterthought. Built it entirely on a $500 laptop because I believe
       good security shouldn't require unlimited budgets.  Features: -
       Real-time process, network, and file monitoring - YARA malware
       detection with custom rules - eBPF kernel monitoring (when
       available) - Behavioral baseline establishment and anomaly
       detection - Active threat response (blocks IPs, kills processes,
       quarantines files) - Anti-evasion detection for rootkits and
       advanced threats - Honeypots for attack detection - Web dashboard
       for monitoring - Single bash script, no complex installation  The
       tagline is "not perfect but better than most" because I'm tired of
       security vendors claiming their tools are flawless. This actually
       works, costs $0, and you can read every line of code.  I know bash
       isn't the sexy choice for security tools, but it runs everywhere,
       has zero dependencies, and most Linux admins can read/modify it.
       Sometimes boring technology that works is better than fancy
       technology that doesn't.  It's designed for the intersection of
       "paranoid about security" and "don't have enterprise budgets" -
       which describes most of us actually running Linux systems.  GitHub:
       https://github.com/IHATEGIVINGAUSERNAME/theProtector  Been running
       it on my own systems for months. Catches the stuff that matters and
       doesn't flood you with false positives. If you hate expensive
       security theater as much as I do, might be worth a look.  Open to
       feedback, especially from folks who know more about this stuff than
       I do.  Thanks, IHATEGIVINGAUSERNAME (yes, I really do hate giving
       usernames)
        
       Author : lotussmellsbad
       Score  : 45 points
       Date   : 2025-07-23 18:37 UTC (4 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | BLKNSLVR wrote:
       | I will check this out, I love the idea.
        
       | vanviegen wrote:
       | Congratulations on your release! That packs a lot of
       | functionality in a surprisingly small and readable (and thus
       | auditable) shell script. Great work!
       | 
       | One thing though: I can imagine you being rather anonymous (no
       | real name, new HN account, new GitHub account) might make people
       | a bit nervous around a security tool. You probably have good
       | reasons for that, but if not.. you might want to reconsider and
       | take credit?
        
       | _QrE wrote:
       | Neat, but isn't packing all this stuff into a bash script
       | overkill? You can pretty easily install and configure some good
       | tools (i.e. crowdsec, rkhunter, ssh tarpit or whatever) to cover
       | each of the categories rather than have a bunch of half-measures.
       | 
       | Also, you're calling this TheProtector, but internally it seems
       | to be called ghost sentinel?
       | 
       | > local
       | update_url="https://raw[dot]githubusercontent[dot]com/your-
       | repo/ghost-se..."
        
       | FergusArgyll wrote:
       | I would probably delete the self_update function[0] if I were to
       | use this, otherwise this is cool!
       | 
       | https://github.com/IHATEGIVINGAUSERNAME/theProtector/blob/ma...
        
       | monch1962 wrote:
       | I love this implementation approach.
       | 
       | At first glance I questioned your choice of bash over something
       | like Python, but you're right - bash is everywhere and every
       | competent Linux admin knows how to use it. There's a zillion
       | unprotected Linux servers out there where this would be very
       | handy.
       | 
       | In terms of next steps, it might be worth documenting more about
       | the notification framework and some simple examples of how we
       | might use it. I can see you've mentioned integrations with email,
       | Slack and webhooks in the tech paper, but I can't spot anything
       | about how to use them
       | 
       | Congratulations on a really worthy project
        
       | rfkjrjr wrote:
       | "Built by thelotus over a year of free time. Maintained by
       | thelotus. Given away free because expensive security theater is
       | stupid." Who / what is the lotus?
        
       ___________________________________________________________________
       (page generated 2025-07-23 23:00 UTC)