RUST_POWERED

DragonKeep

Linux Security & Performance CLI

Eleven specialist engines guard your Linux system. Audit security, defend against malware, hunt threats, harden the kernel, tune performance, monitor resources in real-time, and lock down the network — all from a single Rust binary.

dragonkeep scan

╔══════════════════════════════╗

║ 🐉 D R A G O N K E E P ║

║ System Security Suite ║

╚══════════════════════════════╝

[engine] Running Sentinel...

✗ CRITICAL ASLR not fully enabled

✓ PASS SSH root login disabled

[engine] Running Bastion...

✓ PASS nftables active

⚠ WARNING Port 22 exposed

[engine] Running Citadel...

✓ PASS Secure Boot enabled

── scan complete: 3 critical, 7 warnings, 24 passed ──

// ELEVEN_ENGINES

Specialist Modules

Each engine focuses on one security domain. Run them individually or all at once.

Sentinel

Security Auditor

Kernel security parameters

SSH configuration audit

Rootkit indicator detection

SUID binary scan

File permission analysis

Open port enumeration

Forge

Performance Tuner

CPU governor optimization

I/O scheduler tuning

Memory & swap analysis

Transparent Hugepages

GPU detection & config

6 performance profiles

Warden

Live Monitor

Real-time TUI dashboard

Per-core CPU visualization

Memory & swap tracking

Process table view

Suspicious process alerts

Terminal-safe panic recovery

Bastion

Network Guardian

Firewall rule auditing

nftables & iptables support

Listening service analysis

DNS resolver verification

Network interface inventory

Exposed port detection

Citadel

System Hardener

Kernel hardening checks

Filesystem security audit

Service attack surface

Secure Boot verification

User account analysis

Automated sysctl hardening

Spectre

AI/ML Threat Scanner

AI model supply chain

Pickle deserialization risks

GPU memory exposure

ML framework CVEs

Jupyter security audit

CUDA driver checks

Aegis

Supply Chain Auditor

Package integrity verification

Dependency vulnerability scan

Repository trust validation

Binary provenance checks

GPG signature audit

Update policy review

Phantom

Anomaly Detector

Runtime behavior analysis

Process anomaly detection

File system change tracking

Network traffic profiling

Cron job monitoring

Hydra

Malware Defense

Known malware signatures

Rootkit detection engine

Suspicious binary analysis

Hidden process detection

Kernel module integrity

Shared library validation

Drake

Ransomware Defense

Canary file monitoring

Encryption behavior detection

Backup integrity checks

Mass file rename detection

Shadow copy protection

Recovery point validation

Talon

Threat Hunter

IOC scanning

MITRE ATT&CK mapping

Threat feed integration

Persistence mechanism scan

Lateral movement detection

Command & control detection

Full Scan

Run all eleven engines with a single command. Unified report with severity ratings.

dragonkeep scan

// COMMANDS

CLI Reference

$ dragonkeep scanFull security audit across all engines

$ dragonkeep scan --engine sentinelRun a single engine

$ dragonkeep harden --dry-runPreview hardening without changes

$ dragonkeep tune --profile gamingApply a performance profile

$ dragonkeep monitorLaunch live TUI dashboard

$ dragonkeep firewallAudit firewall rules & open ports

$ dragonkeep report --format jsonExport findings as JSON

$ dragonkeep statusSystem snapshot (CPU, RAM, uptime)

// PROFILES

Performance Tuning

The Forge engine ships with six profiles. Each adjusts CPU governor, I/O scheduler, memory, and GPU settings.

gaming

Maximum single-thread. Performance governor, deadline I/O, GPU power.

ai

GPU & throughput. BFQ scheduler, hugepages, compute-first.

creative

Balanced responsiveness. Low-latency audio/video workloads.

workstation

General productivity. Balanced CPU, conservative memory.

server

Stability & throughput. Conservative governor, mq-deadline I/O.

balanced

Safe defaults. Schedutil governor, auto I/O scheduler.

tip: Always preview with dragonkeep tune --profile gaming --dry-run before applying changes.

// DESIGN

Built Right

Dry-Run Safety

Preview every change before it touches your system. No surprises.

Zero Dependencies

Single Rust binary. No Python, no Node, no runtime. Just compile and run.

Flexible Output

Pretty, JSON, or Minimal formats. Pipe findings to any tool.

TOML Config

Fine-tune every engine with a single config file. Toggle checks on or off.

Severity Ratings

Critical, Warning, Info, Pass — prioritize what matters.

Report Archive

Save JSON reports for compliance audit trails and diffing.

// PRICING

Free & Pro

Open-source at the core, with a Pro tier for teams and enterprises.

Community

Free

Open source · MIT License

Full security scan (all eleven engines)

Performance profiling & tuning

Live TUI monitor

Firewall auditing

JSON & pretty-print reports

TOML configuration

Community support (GitHub Issues)

PRO

Pro

$9/mo

Per machine · Annual billing available

Everything in Community

Automated hardening (apply fixes)

Scheduled scans & cron integration

Historical report diffing

Compliance templates (CIS, STIG)

Team dashboard & multi-host view

Priority email support

Early access to new engines

Need a custom deployment or volume licensing? Talk to us.

// GET_STARTED

Install DragonKeep

# requires Rust 1.85+

$ git clone https://github.com/Ghosts-Protocol-Pvt-Ltd/DragonKeep.git

$ cd DragonKeep && cargo build --release

$ ./target/release/dragonkeep scan

Linux · Rust 1.85+ · Single binary · Community edition is MIT Licensed