Skip to main content

System Service Installation

Install Guard as a system service so it starts automatically on boot, restarts on failure, and runs continuously without manual intervention.

Quick Install

# Install as system service
panguard guard install

# Remove system service
panguard guard uninstall
The install command detects your operating system and creates the appropriate service configuration automatically.

Platform-Specific Details

Guard creates a LaunchDaemon plist file:
/Library/LaunchDaemons/ai.panguard.guard.plist
Behavior after installation:
  • Starts automatically on boot
  • Restarts automatically on abnormal exit
  • Logs written to /var/log/panguard-guard.log
Manual management:
# Check service status
sudo launchctl list | grep panguard

# Start manually
sudo launchctl load /Library/LaunchDaemons/ai.panguard.guard.plist

# Stop manually
sudo launchctl unload /Library/LaunchDaemons/ai.panguard.guard.plist

Manual systemd Setup (Advanced)

For full control over the service configuration, follow these steps:
1

Create a System User

sudo useradd --system --home-dir /opt/panguard --shell /usr/sbin/nologin panguard
2

Create Directories

sudo mkdir -p /opt/panguard /var/panguard-guard /etc/panguard
sudo chown -R panguard:panguard /opt/panguard /var/panguard-guard
3

Deploy the Application

sudo cp -r dist/ /opt/panguard/dist/
sudo cp -r node_modules/ /opt/panguard/node_modules/
4

Create Environment File

sudo tee /etc/panguard/guard.env << 'EOF'
PANGUARD_DATA_DIR=/var/panguard-guard
OLLAMA_ENDPOINT=http://localhost:11434
EOF

sudo chmod 600 /etc/panguard/guard.env
sudo chown panguard:panguard /etc/panguard/guard.env
Environment files contain secrets. Always set permissions to 600 and restrict ownership to the service user.
5

Enable and Start

sudo systemctl daemon-reload
sudo systemctl enable panguard-guard
sudo systemctl start panguard-guard
sudo systemctl status panguard-guard

Manager Service

The Manager can also be installed as a systemd service for distributed deployments: 
[Unit]
Description=Panguard Manager Server
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=panguard
Group=panguard
WorkingDirectory=/opt/panguard
ExecStart=/usr/bin/node /opt/panguard/dist/cli/index.js manager --port 8443
Restart=always
RestartSec=10

NoNewPrivileges=true
ProtectSystem=strict
ReadWritePaths=/var/panguard-manager
PrivateTmp=true

Environment=NODE_ENV=production
EnvironmentFile=-/etc/panguard/manager.env

[Install]
WantedBy=multi-user.target

Watchdog Health Monitoring

The system service includes a built-in watchdog mechanism:
  • Checks Guard process health every 60 seconds
  • Restarts on abnormal memory usage
  • Degrades on abnormal CPU usage
  • Stops and notifies if restart count exceeds threshold

Batch Deployment Script

Generate a one-line installation script for deploying across multiple machines: 
panguard guard install-script
The generated script will:
  1. Download Panguard AI
  2. Install dependencies
  3. Install as a system service
  4. Start Guard (user must complete panguard login separately)

Data Directory

PlatformDefault Path
macOS~/.panguard-guard/
Linux~/.panguard-guard/
Windows%APPDATA%\panguard-guard\
Override with --data-dir: 
panguard guard start --data-dir /opt/panguard/data
Contents:
  • guard.pid — PID file (prevents duplicate instances)
  • baseline/ — Behavioral baseline data
  • rules/ — Custom Sigma and YARA rules
  • logs/ — Event logs (JSONL with rotation)
  • config.json — Guard configuration

PID Management

Guard uses PID files to manage process state:
  • PID written on startup
  • PID file removed on clean shutdown
  • Prevents multiple instances from running simultaneously
  • Supports graceful shutdown via SIGTERM and SIGINT

Real-Time Protection

Configure Guard for continuous monitoring and response.

Docker Deployment

Run Guard in a containerized environment.

Multi-Endpoint Setup

Connect Guard agents to a centralized Manager.

Environment Variables

Complete environment variable reference.