security daemon + tray app for linux (specifically KDE Plasma). wraps ClamAV for scanning and nftables for firewall stuff. the goal is something that just works and doesn't get in your way.
- antivirus scanning via ClamAV (quick scan, full scan)
- firewall management via nftables
- system tray icon that shows protection status
- desktop notifications when stuff happens
- all the usual settings you'd expect
two binaries:
defensed- the daemon, runs as root, does the actual workdefense-ui- tray app + dashboard, runs as your user
they talk over a unix socket (/run/oreon/defense.sock) using a simple JSON protocol.
| thing | what we're using |
|---|---|
| language | Go 1.21+ |
| gui | therecipe/qt (Qt6) |
| antivirus | ClamAV via go-clamd |
| firewall | google/nftables |
| service | systemd |
| config | TOML |
| local db | SQLite |
make buildbinaries end up in bin/.
cmd/defensed/ daemon entry point
cmd/defense-ui/ tray/gui entry point
internal/daemon/ daemon internals (state machine, etc)
pkg/config/ config loading/saving
pkg/ipc/ IPC protocol definitions
if you're working on this with me:
- firewall stuff: check
pkg/ipc/protocol.gofor the firewall commands (CmdFirewallStatus,CmdFirewallEnable, etc) - tray/ui stuff: check
internal/daemon/state.gofor the state machine andpkg/ipc/protocol.gofor response types - config lives at
/etc/oreon/defense.toml(system) or~/.config/oreon/defense.toml(user override) - need something to work on? just ask me
early days, actively being built.
GPL-3.0 - see LICENSE