# EzyShield

> Open-source, AI-assisted fail2ban alternative for Linux. EzyShield watches your logs, detects attacking IPs, and bans them with escalating, strike-based bans — locally via nftables and, optionally, at the Cloudflare edge. A deterministic rule engine runs fully offline; AI is consulted only for ambiguous traffic. AGPL-3.0, self-hosted.

EzyShield is built for people who run Linux servers without a dedicated security
team: solo sysadmins, small-business IT, and lean SOC teams who want lightweight
host-level protection that's simple to run and easy to trust.

- Status: pre-alpha
- License: AGPL-3.0
- Self-hosted, no account required
- Deterministic rules first; AI only for the ambiguous cases
- Dry-run by default — observe before you block

## Install

    curl -sfL https://get.ezyshield.com | sudo sh

## How it works

- Watches server logs for attack signatures (e.g. SSH brute force, SQLi probes,
  path traversal, credential stuffing, aggressive scrapers).
- Bans escalate by strike count: warn -> short hold -> longer bans.
- Enforcement happens locally in nftables and, optionally, at the Cloudflare edge.
- The deterministic rule engine runs fully offline; the AI judge is consulted
  only for traffic the rules can't classify on their own.

## Links

- Website: https://ezyshield.com/
- Source code: https://github.com/evertramos/ezy-shield
- Documentation: https://github.com/evertramos/ezy-shield#readme
- Install script: https://get.ezyshield.com
- License (AGPL-3.0): https://github.com/evertramos/ezy-shield/blob/main/LICENSE
- Issues: https://github.com/evertramos/ezy-shield/issues