Install and First Run
Install InnerWarden on a Linux server with one command and verify it comes up in a safe observe-only, dry-run posture.
Install and First Run
For: a new user who wants InnerWarden running on a Linux server, safely, in the next ten minutes.
InnerWarden installs with one command. It comes up in observe-only, dry-run mode: it watches the machine, explains what it sees, and blocks nothing until you decide it should. You can read this page top to bottom and have a working, healthy install before you ever touch a config file.
curl -fsSL https://innerwarden.com/install | sudo bash
That is the whole install. Linux gets the full feature set (eBPF needs a reasonably recent kernel and root or CAP_BPF); macOS gets a lighter build. No toolchain, no cloud account, no control plane to sign up for. Your data and your audit trail stay on the box.
What the installer does
It is a normal shell script and you can read it before you run it (it is the install.sh published at https://innerwarden.com/install, also in the public releases repo). In order, it:
- Downloads the pre-built binaries for your architecture (x86_64 or aarch64), with the eBPF programs embedded, and verifies their SHA-256 before installing them to
/usr/local/bin. There is nothing to compile on the box. - Creates a dedicated
innerwardenservice user (unprivileged) and the data directory at/var/lib/innerwarden. - Writes the config to
/etc/innerwarden/(config.tomlfor the sensor,agent.tomlfor the agent). - Installs and starts the two services:
innerwarden-sensorandinnerwarden-agent(systemd on Linux, launchd on macOS). The agent hosts the dashboard, triage, and notifications. - Provisions the on-device Local Warden model (a ~91 MB classifier) so you get AI triage with no API key and no per-call cost. Opt out with
INNERWARDEN_NO_WARDEN=1if the box has no internet egress. - Drops a copy of the agent guide on-box at
/etc/innerwarden/AGENTS.mdso a coding agent can read it and help you configure things. See Connect Your Agent.
It deliberately leaves InnerWarden in a safe posture: detection and logging are on, response skills are off, and dry_run = true. Nothing gets blocked, killed, or suspended until you arm it.
Install variants
- Unattended / scripted: the installer takes flags. See them with
curl -fsSL https://innerwarden.com/install | sudo bash -s -- --help. - Try the flow without touching the system:
bash install.sh --simulateruns the whole thing as a dry run (no install, no service changes). - Build from source: available only to customers with a source-access licence; standard installs use the signed pre-built binaries.
- Remove it later:
innerwarden uninstall(add--purgeto also drop config and data). The exact command and its flags live in CLI Reference.
Verify it came up clean
Three commands tell you everything:
innerwarden get status # are both services healthy, what is each one doing
innerwarden get sensors # which collectors and eBPF programs are live
innerwarden system doctor # health checks plus a concrete fix hint for anything wrong
innerwarden --version # confirm the version you installed
innerwarden get status should show the sensor and the agent both running, and report the day's counts. innerwarden system doctor is the one to trust when something looks off: it does not just say "broken", it tells you the fix. Read its output and act on the hints before you start editing config by hand. (Every command and its flags are documented once, in CLI Reference; this page just points you at the few you need on day one.)
The two services are innerwarden-sensor and innerwarden-agent. The sensor only collects (it never calls AI or the network outbound); the agent is the part that triages, decides, and notifies. How the supervisor keeps them alive, the systemd units, and the permissions they need are all covered in Everyday Operations.
Your safe default posture
A fresh install is in observe-only / dry-run. In plain terms:
- It is watching the host from firmware up through userspace and recording everything it finds.
- It is explaining each thing it sees in plain language, with the MITRE technique attached.
- It is not blocking, killing, or suspending anything. Responses are computed and logged as "this is what I would have done", but never executed.
This is on purpose. You want InnerWarden to learn what normal looks like on this particular machine before it is allowed to act, and you want to look at a few days of its decisions before you trust them. Confirm you are in dry-run any time with innerwarden config responder --dry-run.
Do not rush to arm it. The single most common mistake is to "allowlist everything that is running so it stops flagging", which hands an attacker a permanent free pass, because malware already on the box is also "currently running". The safe way to teach InnerWarden what is normal, and only then arm enforcement, has its own page: Safe Observe and Allowlist. Read it before you turn responses on.
The first things to look at
Once status is green, spend a few minutes here:
- See what it is finding.
innerwarden get incidents --days 1shows recent incidents in the terminal. Each one carries a plain-language "what happened and why it matters". If the box is internet-facing, you will probably see scanners and password-guessers within the hour. That is normal background noise. - See what it would do.
innerwarden get decisions --days 1shows the agent's decisions. In dry-run these are the actions it would take. This is the log you read over the next few days to decide whether you trust it. - Open the dashboard. It binds to localhost only (the secure default). Run
innerwarden dashboardand it prints the URL plus a ready-to-paste SSH-tunnel command for reaching it from your laptop. The dashboard gives you the same incidents and decisions with charts, timelines, and attacker profiles. - Tune it to this machine (optional, when you are ready).
innerwarden system scanaudits the host,innerwarden system hardenapplies safe hardening, andinnerwarden system calibratetunes detector thresholds to this host's normal. Walk through these with Everyday Operations.
Where to go next
- Run it day to day (status, services, tuning, the supervisor): Everyday Operations
- Put a guardrail around an AI agent on this box (the thing that makes InnerWarden different): AI Agent Guardrail
- Teach it what is normal and then arm it, safely: Safe Observe and Allowlist
- Understand how it actually works under the hood: Architecture and What It Detects
- Configure providers, notifications, and the TOML: Configuration