Supported Systems

Defensia runs on all major Linux distributions. Auto-detects your distro, init system, auth log path, and architecture.

amd64 arm64
U

Ubuntu

Debian-based

24.04 Noble Numbat
LTS
22.04 Jammy Jellyfish
LTS
20.04 Focal Fossa
LTS
/var/log/auth.log
D

Debian

Debian-based

12 Bookworm
11 Bullseye
/var/log/auth.log
R

RHEL

Red Hat Enterprise Linux

RHEL 9
RHEL 8
/var/log/secure
C

CentOS Stream

RHEL-based

CentOS Stream 9
CentOS Stream 8
/var/log/secure
R

Rocky Linux

RHEL-based

Rocky Linux 9
Rocky Linux 8
/var/log/secure
A

AlmaLinux

RHEL-based

AlmaLinux 9
AlmaLinux 8
/var/log/secure
F

Fedora

RHEL-based

Fedora 41
Fedora 40
Fedora 39
Fedora 38
/var/log/secure
A

Amazon Linux

AWS

Amazon Linux 2023
Amazon Linux 2
/var/log/secure

Community Tested

Reported working by users, not officially tested

Arch Linux
Manjaro
openSUSE Leap
Oracle Linux 8/9
Kali Linux
Proxmox VE

These distributions should work but are not officially tested. The agent auto-detects your init system (systemd, Upstart, SysVinit) and package manager (apt, yum, dnf).

Container Platforms

Deploy as a container alongside your existing stack

Docker

Single container — privileged, host network

docker run -d --privileged --net=host -e DEFENSIA_TOKEN=<TOKEN> ghcr.io/defensia/agent:latest

Docker Swarm

Global service — 1 agent per node

docker stack deploy -c docker-compose.swarm.yml defensia

Kubernetes

Helm chart — DaemonSet on every node

helm install defensia-agent oci://ghcr.io/defensia/charts/defensia-agent --set token=<TOKEN>
v0.9.83+

Kubernetes Capabilities

Ingress WAF

Reads nginx-ingress and Traefik access logs — protects all cluster services automatically

Pod Monitoring

Detects CrashLoopBackOff, OOMKilled, and ImagePullFailed events in real time

NetworkPolicy Audit

Identifies namespaces without NetworkPolicies and flags them as security risks

Ingress Host Discovery

Auto-discovers exposed hostnames via the Kubernetes API

RBAC

Read-only ClusterRole — the agent never modifies Kubernetes resources

Pricing: Free tier includes 1 node and 1 domain. Pro at €9/node includes up to 10 domains per node.

Docker Hub GitHub Container Registry Artifact Hub (Helm)

Hosting Panels

Works with popular server management panels

cP

cPanel / WHM

Native cPHulk SQLite integration, per-domain WAF via Apache domlogs, Postfix/Dovecot/FTP protection. WHM sidebar addon for one-click management.

curl -fsSL https://defensia.cloud/whm-addon/install.sh | bash
CL

CloudLinux

Full support including journald fallback for EL8/EL9 systems. Works with CageFS, LVE, and all CloudLinux-specific environments.

curl -fsSL https://defensia.cloud/install.sh | sudo bash -s -- --token <TOKEN>
Pl

Plesk

Agent works on any Plesk server out of the box. Auto-detects Apache/Nginx logs and auth paths. Dedicated Plesk extension planned.

curl -fsSL https://defensia.cloud/install.sh | sudo bash -s -- --token <TOKEN>

The agent auto-detects your panel environment, web server logs, and auth paths. cPanel WHM addon provides native sidebar integration. Plesk extension is under development.

Requirements

Everything the agent needs to protect your server.

RequirementDetailsStatus
Linux kernel
4.x or newer
Required
Init system
systemd, Upstart, or SysVinit — auto-detected
Required
Root access
sudo or root shell
Required
curl
HTTP client for installer
Auto-installed
iptables
Firewall for IP banning
Auto-installed
Internet access
HTTPS to your Defensia panel
Required

Architectures

Native binaries for both major Linux architectures.

x86_64

amd64

Most cloud VPS, dedicated servers, and Intel/AMD hardware. AWS EC2, DigitalOcean, Hetzner, Linode, Vultr.

aarch64

arm64

AWS Graviton, Oracle Ampere, Hetzner CAX, Raspberry Pi 4/5, and Apple Silicon VMs.

Install in 30 seconds

One command. Works on all supported distributions. The installer auto-detects your OS, architecture, and auth log path.

curl -fsSL https://defensia.cloud/install.sh | sudo bash -s -- --token <TOKEN>
Get Your Install Token View Pricing