Local Guard Security Setup Guide

Learn how to configure and manage Local Guard, a self-security enhancement module operating within individual servers.

📋 Overview

Local Guard is a security-specialized sub-module of the GIIP agent that monitors abnormal signs occurring within the server itself, independent of network security. It functions as a Host-based Intrusion Prevention System (HIPS).

🛠️ Key Security Features

1. Login Auditing

• Records all SSH and local login attempts.
• Specifically tracks direct logins to the

  root

  account or repeated attempts at short intervals in real-time.

2. Critical File Protection

• Originally blocks or immediately sends warnings for modification attempts on core system files such as

  /etc/shadow

  or

  C:\Windows\System32\config

  .

3. Local Firewall Policy Integration

• Immediately reflects security policies set in the GIIP console to the corresponding server's

  iptables

  or Windows Firewall to block access from unauthorized IPs.

🔍 Configuration & Operation

• Activation Status: You can toggle the operation status of Local Guard On/Off in the [Server Detail] > [Security Settings] tab.
• Exception Handling: Register actions of backup programs or antivirus software modifying files in the 'Whitelist' to prevent false positives.

⚠️ Emergency Response

When an intrusion attempt is detected by Local Guard, the following actions are possible:

• Force Session Termination: Immediately disconnect the terminal session being used by the attacker.
• Permanent IP Block: Register the attacker's source IP in a blacklist to prevent access from all servers belonging to the project.

💡 Important Notes

• Enabling the Local Guard feature may consume a small amount of additional system resources (less than 1% CPU).

Version: 1.0 Last Updated: 2026-03-19 Source:

giipv3/public/help/local-guard.en.md