Hex Group Digital Solutions

Software Solutions

Real-world software for Linux infrastructure that needs to work.

Built from operational reality, not inflated requirements. We focus on lightweight, dependable tooling that gives smaller operators and private fleets the same confidence without the enterprise burden.

"

We focus on providing solutions that work, not solutions that assume enterprise budgets, enterprise staffing, or enterprise complexity.

Flagship Platform

Reduit

Reduit is the lead product in development: a Linux server daemon built for practical threat response, local control, and private fleet intelligence.

Unreleased Flagship

Security tooling that starts locally and scales when you need it to.

Reduit watches active service logs, applies bans through dedicated firewall chains, keeps local state in SQLite, and can share promoted intelligence across private fleets through MySQL. It is designed to be useful on one Linux host and still make sense when that host becomes part of something larger.

Service-aware protection

Discovers services running on the host and focuses protection where it matters, including SSH, web, mail, database, and custom service patterns.

Local-first enforcement

Keeps local state in SQLite and enforces through dedicated iptables chains backed by ipset rather than assuming an external control plane from day one.

Shared intelligence when needed

Supports optional MySQL-backed observation sharing and promoted offender workflows so one server can improve protection across the rest of a private fleet.

Auditable packet visibility

Includes conservative baseline packet monitoring for scan visibility without broad, noisy packet heuristics pretending to be the main decision engine.

Comparison

Where Reduit differs

The goal is not to look busy. The goal is to give operators better protection, clearer state, and a cleaner path from single-host use to private-fleet coordination.

Capability Basic log-ban tooling Reduit
Service discovery Manual pattern setup Detects active host services and adapts to what is running
Local state model Scattered local config and ban state Structured SQLite-backed local state with explicit enforcement logic
Firewall handling Basic direct rule changes Dedicated iptables chains backed by ipset
Fleet intelligence Usually isolated per host Optional MySQL-backed shared observations and promoted offenders
Packet visibility Often absent or overly broad Conservative baseline scan visibility with audit-friendly logging
Whitelist handling Basic local exceptions Shared whitelist override path for private fleet workflows
Growth path Single host focus Useful on one host, sensible across a private Linux fleet
Control plane direction No natural management layer Designed to integrate with Reduit UI federation and event workflows

Software Family

Unreleased tools in development

Each product is being built around the same philosophy: strong operational value, lower overhead, and clearer behavior than software that assumes far more infrastructure than most teams actually have.

Unreleased

Reduit UI

Web control plane for Reduit instances across your infrastructure, with authentication, heartbeats, event visibility, and the foundations for broader fleet workflows.

  • Multi-instance monitoring
  • Heartbeat and event visibility
  • JWT, MFA, and API-key model
  • Fleet management direction
Unreleased

System Health Monitor

Lightweight Linux host monitoring with baseline-aware checks, journald verification, integrity monitoring, and queued SMTP delivery for dependable alerting.

  • Local JSON state
  • CPU, RAM, disk, and journald checks
  • Integrity and verify modes
  • Queued SMTP delivery model
Unreleased

bandwidth-monitor

vnStat-based bandwidth monitoring designed to stay lean by using vnStat as the source of truth rather than duplicating traffic data into another platform.

  • Daily, weekly, quota, and spike modes
  • File-backed alert state
  • Low-overhead cron deployment
  • SMTP and webhook reporting
Unreleased

ssh-accessctl

MySQL-backed SSH allowlist control for Linux servers, designed to keep access state explicit, time-bound, and recoverable without trampling unrelated firewall rules.

  • IPv4 and IPv6 support
  • TTL-based access control
  • Firewall sync and recovery flows
  • Private fleet allowlist model

Vision

From scripts to software that gives operators peace of mind.

Hex Group started from the same place many good infrastructure tools start: practical scripts solving real problems. The direction has stayed the same as the scope grew. We build software that respects system resources, makes its behavior understandable, and aims for a high standard without assuming enterprise infrastructure requirements.

Discuss Your Infrastructure