Guardian Shield
Multi-Layered Linux Security Framework
Overview
Comprehensive Linux security system implementing defense-in-depth through three independent protection layers: user-space LD_PRELOAD interception (The Warden), kernel-level LSM BPF execution control (The Inquisitor), and filesystem immutability (The Vault). Battle-tested and operational with kernel-level veto authority.
Features
- User-space LD_PRELOAD interception blocking dangerous commands (rm, shred, dd)
- Kernel-level LSM BPF execution control with -EPERM veto authority
- Process-aware security policies with path-based protection rules
- Cannot be bypassed by systemd, cron, or direct syscalls
- Configurable blocking vs monitoring modes with real-time enforcement
- BPF CO-RE support for cross-kernel compatibility
Key Metrics
3-layer defense
Protection Layers
User-space + Kernel-space + Filesystem
Bypass Resistance
Systemd, cron, direct syscall proof
Response Time
Pre-execution blocking (nanoseconds)