📘 Developer Docs

AI App Security Shield

A one-command security scan + hardening tool for Linux servers. Built for apps shipped with AI coding tools. This page covers installation and usage.

Quick start

After purchase you receive a license key (WSEC-…) by email. Then:

# 1) Download
curl -fsSL https://weristo.com/weri-secure.sh -o weri-secure.sh
chmod +x weri-secure.sh

# 2) Run with your key (root / sudo)
sudo ./weri-secure.sh --key WSEC-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX

That’s it. You get a full report, the common holes are flagged with fixes, and a continuous watchdog is installed.

Requirements

OS: Linux (Ubuntu / Debian / most distros)
Privileges: root or sudo (needed to inspect + harden the system)
Shell: bash · Tools: curl (standard on most servers)
Network: outbound HTTPS once, to validate the license

CLI options

Option	Description
`--key <KEY>`	Your license key. Alternatively place it in `/etc/weri-secure/license.key` or env `WERI_LICENSE_KEY`.

What it protects against

High-level coverage areas (the tool does the detection for you):

🗄️ Exposed data stores — databases / caches reachable from the internet
🐳 Firewall bypass — container ports that skip your firewall
👤 Privilege issues — services running with more rights than they need
🦠 Malware persistence — hidden re-installers / miners
🔑 Remote-access hardening — SSH configuration weaknesses
🛡️ Continuous monitoring — a lightweight watchdog that keeps checking

🔍 The exact detection logic is intentionally not published — it’s the product. You get the results and fixes, kept up to date.

Licensing

1 key = 1 server. The key activates on the first server it runs on.
Trying the same key on a second server will not activate — and the tool removes its own files there. Your server and data are never touched.
Need more servers? Buy additional licenses.

FAQ

Does it modify or delete my data?

No. It inspects configuration + installs a small watchdog. The only thing it ever removes is its own files (on an invalid/duplicate license) or known malware it detects.

Does it work offline?

It needs one outbound HTTPS call to validate the license. After that, the local watchdog runs without network.

Is it safe to run on production?

Yes — the scan is read-only by default and reports what it finds. You stay in control of the fixes.

Refunds / support?

Questions and support: security@weristo.com.

← Back to product · Weristo · EU-based