AfterDark DarkD
Enterprise security daemon
Enterprise-grade security daemon with modular architecture, gRPC plugin system, and deep integration with the AfterDark security ecosystem. Built in Go for performance and reliability.
Components
afterdark-darkdDaemonCore security daemon that runs as a system service
afterdark-darkdadmAdmin CLIAdministrative CLI for fleet management and configuration
darkapiUser CLIEnd-user CLI for status checks and manual operations
darkd-configConfig ToolConfiguration utility for setup and registration
Plugin System
DarkD uses Hashicorp's go-plugin framework with gRPC for process-isolated, language-agnostic plugins. Plugin crashes don't affect the core daemon.
| Plugin | Platforms | Description | Status |
|---|---|---|---|
| Firewall Plugin | LinuxmacOSWindows | Platform-native firewall rule management with threat-based blocking | stable |
| ClamAV Plugin | LinuxmacOS | Real-time antivirus scanning with automatic signature updates | stable |
| Rootkit Scanner | Linux | Detection of rootkits, kernel modules, and Linux-specific malware | stable |
| File Integrity | All | Monitor critical system files for unauthorized changes | beta |
Plugin Development
Create custom plugins using our SDK. Five plugin types are supported:
// Example: Custom Service Plugin (Go)
package main
import (
"github.com/afterdark/darkd/pkg/pluginsdk"
)
type MyPlugin struct {
pluginsdk.UnimplementedServicePlugin
}
func (p *MyPlugin) Name() string {
return "my-custom-plugin"
}
func (p *MyPlugin) Start(ctx context.Context) error {
// Plugin initialization
return nil
}
func (p *MyPlugin) Execute(ctx context.Context) (*pluginsdk.Result, error) {
// Plugin logic
return &pluginsdk.Result{Status: "ok"}, nil
}
func main() {
pluginsdk.Serve(&MyPlugin{})
}Supported Platforms
Installation
Package Managers
# macOS (Homebrew)
brew tap afterdark/tools
brew install afterdark-darkd
# Debian/Ubuntu
curl -fsSL https://releases.darkapi.io/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/afterdark.gpg
echo "deb [signed-by=/etc/apt/keyrings/afterdark.gpg] https://apt.darkapi.io stable main" | sudo tee /etc/apt/sources.list.d/afterdark.list
sudo apt update && sudo apt install afterdark-darkd
# RHEL/Rocky
sudo dnf config-manager --add-repo https://rpm.darkapi.io/afterdark.repo
sudo dnf install afterdark-darkd
# Windows (winget)
winget install AfterDark.DarkDAnsible Deployment
# playbook.yml
- hosts: endpoints
roles:
- role: afterdark.darkd
vars:
darkd_api_key: "{{ vault_darkapi_key }}"
darkd_enable_clamav: true
darkd_enable_rootkit_scanner: trueAPI Integrations
DarkAPI.io
Threat intelligence queries and IOC lookups
https://api.darkapi.ioDNSScience.io
DNS caching and security enforcement
https://api.dnsscience.ioconfig.darkapi.io
Central configuration and agent management
https://config.darkapi.ioVeribits
Identity verification and compliance
https://api.veribits.comEnterprise Deployment
Deploy DarkD across your infrastructure with centralized management, real-time monitoring, and automated threat response.