v1.1 — Production Ready

Defence in Depth
for Linux Servers

One script. 10 security layers. Supports all major Linux distros and control panels. Hardens, monitors, scans, and auto-protects new users — out of the box.

$ quick install
curl -L https://lg.wondtech.com/lg.sh -o /tmp/lg.sh && mv /tmp/lg.sh /usr/local/bin/lg && chmod +x /usr/local/bin/lg && lg
$ quick install with sudo
curl -L https://lg.wondtech.com/lg.sh -o /tmp/lg.sh && sudo mv /tmp/lg.sh /usr/local/bin/lg && sudo chmod +x /usr/local/bin/lg && sudo lg
Download lg.sh GitHub Commands
Security layers
[1]
Binary Lockdown
nc, gcc, python, perl, curl, wget restricted to root
[2]
Kernel Hardening
Block dccp/sctp/rds + ASLR, SYN cookies, reverse path filter
[3]
System Files
Harden /etc/shadow, sshd_config, cron directories
[4]
Apache & MySQL / MariaDB
ServerTokens, ServerSignature, UseCanonicalName and Binds database to 127.0.0.1
[5]
PHP Hardening
60+ dangerous functions disabled + open_basedir + date.timezone
[6]
noexec
noexec/nosuid/nodev on /tmp, /var/tmp, and all site dirs
[7]
AppArmor / SELinux
MAC enforced + vmail/Dovecot contexts fixed automatically
[8]
Auditd
Real-time alerts — webshells, privesc, critical file changes
[A]
FTP + ClamAV
Scan uploads — infected files removed + email alert
[N]
Dirty Frag Protection
CVE-2022-0847, CVE-2026-43284, CVE-2026-43500 — Dirty Pipe variants & fragment exploits
[N]
Copy Fail 1/2/3 Protection
CVE-2024-1085, CVE-2024-1086, CVE-2024-26165, CVE-2026-31431, CVE-2026-28421 — kernel file overwrite protection
[N]
Heap/Slab Exploit Mitigation
Slub allocator hardening + unprivileged user namespaces disabled
Commands
--force
Re-apply all layers from scratch
--auto
No prompts — uses detected defaults
--dry-run
Preview every change — zero modifications
--undo
Rollback all changes from last run
--cron
Silent mode — logs only, detects new users
--watch
Monitor new sites and harden automatically
--fixmail
Fix Dovecot/vmail SELinux contexts + policy
--scan
Detect PHP/Perl/Python webshells
--auto-analyze
Background behavior monitoring daemon
--integrity
SHA-256 integrity check on critical files
--update
Download latest from lg.wondtech.com
--help
Show full help and all options
Supported control panels
CWP
cPanel / WHM
Plesk
DirectAdmin
CyberPanel
HestiaCP
VestaCP
ISPConfig
aaPanel
Webmin
InterWorx
Froxlor
RunCloud
CentminMod
Status dashboard — second run
root@server ~ $ sudo lg
Linux Guardian v1.1 — Security Status Dashboard
Last applied: 2026-05-16 03:30:15
[1] Binary Lockdown — active
[2] Kernel Hardening — active
[3] System Files — hardened
[4.1] Apache httpd.conf — hardened
[4.2] MySQL/MariaDB — bound to 127.0.0.1
[5] PHP disable_functions — active (820 chars)
i [5.1] PHP-FPM Pools — 4 pool(s) active
i [5.2] Panel php.ini — CWP (tz: Asia/Riyadh)
[6] noexec /tmp — active
[7] SELinux — enforcing
[8] Auditd — active (12 rules)
Dovecot — running
vmail context — mail_spool_t
dovecot_lg policy — loaded
Scan — no suspicious files found
Analyze — system behavior looks normal
Integrity — all critical files intact