Obliguard — Distributed threat detection & infrastructure-wide ban

How it works

Logs in, bans out — across every machine

Configure which services to watch on each machine. Agents tail the logs and stream events to the central server, which analyses and escalates threats automatically.

Log collection agents

Lightweight agents run on each machine and tail configured service logs — SSH, Nginx, Apache, MySQL and more. Zero inbound ports required; agents push to the central server.

SSHNginxApacheMySQLcustom

Central analysis engine

The central server parses events and assigns threat scores. Auth failures accumulate, bad patterns escalate — from potential threat to confirmed threat to banned.

Infrastructure-wide instant ban

When an IP is confirmed malicious, the ban is propagated to every agent simultaneously. The attacker is blocked everywhere — even on machines they haven't touched yet.

Real-time web star map

For web services, a live graphical view shows active IP connections and their behaviour. Each IP gets a threat score — spot attackers the moment they start probing, before thresholds are crossed.

Agent groups

Group machines by role or environment and apply a shared service profile to the entire group at once. A web cluster, a DB cluster, an edge tier — each gets exactly the services it needs.

web-tierdb-clusteredgecustom

Multi-tenant for MSPs

Deploy one Obliguard instance for your entire client base. Each tenant has isolated data, their own console and their own agent fleet — one platform, many customers.

Real-time flow analyser

Planned — deep packet-level traffic analysis. Pending kernel driver development. Will extend the star map with full flow visibility.

Dashboard

All threats, all machines, one view

The central console shows live threat events from every agent. See which IPs are escalating, which services are being targeted and trigger manual actions at any time.

Obliguard — Central dashboard

obliguard-dashboard.png Vue centrale · événements temps réel · IPs en escalade

14:32:01 185.220.101.47 SSH Failed password for root — attempt 3/5 potential

14:32:09 185.220.101.47 SSH Failed password for admin — attempt 5/5 threat

14:32:09 185.220.101.47 CENTRAL Ban propagated to 8 agents banned

14:33:44 91.108.4.15 Nginx GET /wp-admin/xmlrpc.php — 404 × 12 potential

14:35:11 203.0.113.55 MySQL Access denied for user 'root'@'...' — attempt 2/5 potential

14:35:22 10.0.2.14 Nginx GET /api/health — 200 clean

Web star map

See every connection, in real time

A live graphical map of web traffic — each active IP is a node, its behaviour defines its threat score. Spot crawlers, scanners and brute-forcers the instant they connect, before they cross ban thresholds.

▸ Live node graph — one dot per active IP
▸ Colour-coded threat score (green → orange → red)
▸ Click any IP to inspect its full request history
▸ Manual ban or whitelist directly from the map

Web star map

obliguard-starmap.png

Agent configuration

Configure services per machine or group

Declare which services to monitor on each agent — or group machines by role and apply a shared profile to the whole group at once. Agents discover log paths, apply the right parsers and start streaming automatically.

SSH / sshdNginxApache MySQL / MariaDBCustom services

▸ Assign agents to groups (web-tier, db-cluster, edge…)
▸ Push a service profile update to the whole group in one action
▸ Mix group defaults with per-agent overrides

Agent · service config

obliguard-agent-config.png

Quick deploy

Up in 60 seconds

One command for the central server. Then deploy agents on each machine with a single line — they auto-register to the central.

Central server

$curl -fsSL https://raw.githubusercontent.com/MeeJay/Obliguard/main/install.sh | bash

✓ Obliguard central running on http://localhost:8080

Agent — on each machine to protect

$curl -fsSL https://raw.githubusercontent.com/MeeJay/Obliguard/main/agent-install.sh | bash -s -- --central https://guard.example.com --token YOUR_TOKEN

✓ Agent registered · watching: ssh nginx mysql