RUST_POWERED

DragonKeep

Linux Security & Performance CLI

Eleven specialist engines guard your Linux system. Audit security, defend against malware, hunt threats, harden the kernel, tune performance, monitor resources in real-time, and lock down the network — all from a single Rust binary.

dragonkeep scan

╔══════════════════════════════╗

║ 🐉 D R A G O N K E E P ║

║ System Security Suite ║

╚══════════════════════════════╝

[engine] Running Sentinel...

✗ CRITICAL ASLR not fully enabled

✓ PASS SSH root login disabled

[engine] Running Bastion...

✓ PASS nftables active

⚠ WARNING Port 22 exposed

[engine] Running Citadel...

✓ PASS Secure Boot enabled

── scan complete: 3 critical, 7 warnings, 24 passed ──

// ELEVEN_ENGINES

Specialist Modules

Each engine focuses on one security domain. Run them individually or all at once.

Sentinel

Security Auditor

Kernel security parameters
SSH configuration audit
Rootkit indicator detection
SUID binary scan
File permission analysis
Open port enumeration

Forge

Performance Tuner

CPU governor optimization
I/O scheduler tuning
Memory & swap analysis
Transparent Hugepages
GPU detection & config
6 performance profiles

Warden

Live Monitor

Real-time TUI dashboard
Per-core CPU visualization
Memory & swap tracking
Process table view
Suspicious process alerts
Terminal-safe panic recovery

Bastion

Network Guardian

Firewall rule auditing
nftables & iptables support
Listening service analysis
DNS resolver verification
Network interface inventory
Exposed port detection

Citadel

System Hardener

Kernel hardening checks
Filesystem security audit
Service attack surface
Secure Boot verification
User account analysis
Automated sysctl hardening

Spectre

AI/ML Threat Scanner

AI model supply chain
Pickle deserialization risks
GPU memory exposure
ML framework CVEs
Jupyter security audit
CUDA driver checks

Aegis

Supply Chain Auditor

Package integrity verification
Dependency vulnerability scan
Repository trust validation
Binary provenance checks
GPG signature audit
Update policy review

Phantom

Anomaly Detector

Runtime behavior analysis
Process anomaly detection
File system change tracking
Network traffic profiling
Cron job monitoring
Login pattern analysis

Hydra

Malware Defense

Known malware signatures
Rootkit detection engine
Suspicious binary analysis
Hidden process detection
Kernel module integrity
Shared library validation

Drake

Ransomware Defense

Canary file monitoring
Encryption behavior detection
Backup integrity checks
Mass file rename detection
Shadow copy protection
Recovery point validation

Talon

Threat Hunter

IOC scanning
MITRE ATT&CK mapping
Threat feed integration
Persistence mechanism scan
Lateral movement detection
Command & control detection

Full Scan

Run all eleven engines with a single command. Unified report with severity ratings.

dragonkeep scan
// COMMANDS

CLI Reference

$ dragonkeep scanFull security audit across all engines
$ dragonkeep scan --engine sentinelRun a single engine
$ dragonkeep harden --dry-runPreview hardening without changes
$ dragonkeep tune --profile gamingApply a performance profile
$ dragonkeep monitorLaunch live TUI dashboard
$ dragonkeep firewallAudit firewall rules & open ports
$ dragonkeep report --format jsonExport findings as JSON
$ dragonkeep statusSystem snapshot (CPU, RAM, uptime)
// PROFILES

Performance Tuning

The Forge engine ships with six profiles. Each adjusts CPU governor, I/O scheduler, memory, and GPU settings.

gaming

Maximum single-thread. Performance governor, deadline I/O, GPU power.

ai

GPU & throughput. BFQ scheduler, hugepages, compute-first.

creative

Balanced responsiveness. Low-latency audio/video workloads.

workstation

General productivity. Balanced CPU, conservative memory.

server

Stability & throughput. Conservative governor, mq-deadline I/O.

balanced

Safe defaults. Schedutil governor, auto I/O scheduler.

tip: Always preview with dragonkeep tune --profile gaming --dry-run before applying changes.

// DESIGN

Built Right

Dry-Run Safety

Preview every change before it touches your system. No surprises.

Zero Dependencies

Single Rust binary. No Python, no Node, no runtime. Just compile and run.

Flexible Output

Pretty, JSON, or Minimal formats. Pipe findings to any tool.

TOML Config

Fine-tune every engine with a single config file. Toggle checks on or off.

Severity Ratings

Critical, Warning, Info, Pass — prioritize what matters.

Report Archive

Save JSON reports for compliance audit trails and diffing.

// PRICING

Free & Pro

Open-source at the core, with a Pro tier for teams and enterprises.

Community

Free

Open source · MIT License

Full security scan (all eleven engines)
Performance profiling & tuning
Live TUI monitor
Firewall auditing
JSON & pretty-print reports
TOML configuration
Community support (GitHub Issues)
PRO

Pro

$9/mo

Per machine · Annual billing available

Everything in Community
Automated hardening (apply fixes)
Scheduled scans & cron integration
Historical report diffing
Compliance templates (CIS, STIG)
Team dashboard & multi-host view
Priority email support
Early access to new engines

Need a custom deployment or volume licensing? Talk to us.

// GET_STARTED

Install DragonKeep

# requires Rust 1.85+

$ git clone https://github.com/Ghosts-Protocol-Pvt-Ltd/DragonKeep.git

$ cd DragonKeep && cargo build --release

$ ./target/release/dragonkeep scan

Linux · Rust 1.85+ · Single binary · Community edition is MIT Licensed