Dosu Logo
Home
Documents
Installation
Installation
Type
External
Status
Published
Created
Apr 18, 2026
Updated
Apr 18, 2026
Updated by
Dosu Bot
Source
View

DaemonEye Installation Guide#

This guide provides comprehensive installation instructions for
DaemonEye across different platforms and deployment scenarios.

Table of Contents#

[TOC]

System Requirements#

Minimum Requirements#

Operating System:

  • Linux: Ubuntu 20.04+ LTS, RHEL/CentOS 8+, Debian 11+
  • macOS: 14.0+ (Sonoma or later)
  • Windows: Windows 10+, Server 2019+
    Hardware:
  • CPU: x86_64 or ARM64 processor
  • RAM: 512MB available memory
  • Disk: 1GB free space
  • Network: Internet access for initial setup (optional)
    Privileges:
  • Linux: CAP_SYS_PTRACE capability or root access
  • Windows: SeDebugPrivilege or Administrator access
  • macOS: Appropriate entitlements or root access

Operating System:

  • Linux: Kernel 4.15+ (Ubuntu 18.04+, RHEL 8+, Debian 10+)
  • macOS: 11+ (Big Sur or later)
  • Windows: Windows 11+ or Windows Server 2019+
    Hardware:
  • CPU: 2+ cores
  • RAM: 2GB+ available memory
  • Disk: 10GB+ free space
  • Network: Stable internet connection

Installation Methods#

Method 1: Pre-built#

Binaries (Recommended)
Download Latest Release:
# Linux x86_64wget https://github.com/EvilBit-Labs/DaemonEye/releases/latest/download/daemoneye-linux-x86_64.tar.gztar-xzf daemoneye-linux-x86_64.tar.gz# Linux ARM64wget https://github.com/EvilBit-Labs/DaemonEye/releases/latest/download/daemoneye-linux-aarch64.tar.gztar-xzf daemoneye-linux-aarch64.tar.gz# macOS x86_64curl-L https://github.com/EvilBit-Labs/DaemonEye/releases/latest/download/daemoneye-macos-x86_64.tar.gz |tar-xz# macOS ARM64 (Apple Silicon)curl-L https://github.com/EvilBit-Labs/DaemonEye/releases/latest/download/daemoneye-macos-aarch64.tar.gz |tar-xz# Windows x86_64# Download from GitHub releases and extract
Install to System Directories:
# Linux/macOSsudo cp procmond daemoneye-agent daemoneye-cli /usr/local/bin/sudo chmod +x /usr/local/bin/procmond /usr/local/bin/daemoneye-agent /usr/local/bin/daemoneye-cli# Create system directoriessudo mkdir -p /etc/daemoneyesudo mkdir -p /var/lib/daemoneyesudo mkdir -p /var/log/daemoneye# Set ownershipsudo chown -R$USER:$USER /etc/daemoneyesudo chown -R$USER:$USER /var/lib/daemoneyesudo chown -R$USER:$USER /var/log/daemoneye# Windows# Copy to C:\Program Files\DaemonEye\# Add to PATH environment variable

Method 2: Package Managers#

(Planned)

Status: Not yet available. Package manager support
(Homebrew, APT, YUM/DNF, Chocolatey) is under development and will be
available in a future release.
For now, use one of the following installation methods:

  • Pre-built Binaries (Method 1) - Recommended for
    most users
  • Build from Source (Method 3) - For developers and
    advanced users

Method 3: Build from Source#

Install Rust (1.91+):
curl--proto'=https'--tlsv1.2-sSf https://sh.rustup.rs |shsource ~/.cargo/envrustup update
Clone and Build:
# Clone repositorygit clone https://github.com/EvilBit-Labs/DaemonEye.gitcd DaemonEye# Build in release modecargo build --release# Install built binariessudo cp target/release/procmond target/release/daemoneye-agent target/release/daemoneye-cli /usr/local/bin/sudo chmod +x /usr/local/bin/procmond /usr/local/bin/daemoneye-agent /usr/local/bin/daemoneye-cli
Cross-Platform Building:
# Install cross-compilation toolchainrustup target add x86_64-unknown-linux-gnurustup target add aarch64-unknown-linux-gnurustup target add x86_64-apple-darwinrustup target add aarch64-apple-darwin# Build for different targetscargo build --release--target x86_64-unknown-linux-gnucargo build --release--target aarch64-unknown-linux-gnucargo build --release--target x86_64-apple-darwincargo build --release--target aarch64-apple-darwin

Method 4: Using#

GoReleaser (Release Tooling)
DaemonEye uses GoReleaser for
automated cross-platform building, packaging, and releasing. This is the
recommended method for developers and contributors who want to build
release-quality binaries.
Local build with GoReleaser:
# Validate configurationjust goreleaser-check# Build binaries locally (snapshot, no publish)just goreleaser-build# Run a full snapshot release (build + package, no publish)just goreleaser-snapshot
Release with cargo-release:
# Dry run to see what would be changedcargo release --dry-run# Prepare a new release (updates version, creates tag)cargo release --execute# Release with specific versioncargo release 1.0.0 --execute
GoReleaser Configuration:
The project includes platform-specific GoReleaser configs
(.goreleaser-linux.yaml,
.goreleaser-macos.yaml,
.goreleaser-windows.yaml) that define:

  • Supported platforms: Linux (x86_64, aarch64), macOS
    (x86_64, aarch64), Windows (x86_64, aarch64)
  • Package formats: .tar.gz for Unix,
    .zip for Windows
  • Binaries: procmond, daemoneye-agent,
    daemoneye-cli
  • Signing: Cosign keyless signing via GitHub Actions
    OIDC
    Release Workflow:
    # 1. Update version and create tagcargo release --execute# 2. Push tag to trigger CI releasegit push --tags# 3. GoReleaser builds, packages, signs, and publishes to GitHub Releases

For Contributors: Use
just goreleaser-build to create release-quality binaries
that match the official distribution format.

Platform-Specific#

Installation

Linux Installation#

Ubuntu/Debian - Build from Source:
# Update systemsudo apt update &&sudo apt upgrade -y# Install dependenciessudo apt install -y ca-certificates curl wget build-essential# Install Rustcurl--proto'=https'--tlsv1.2-sSf https://sh.rustup.rs |shsource ~/.cargo/env# Clone and buildgit clone https://github.com/EvilBit-Labs/DaemonEye.gitcd DaemonEyecargo build --release# Install binariessudo cp target/release/procmond target/release/daemoneye-agent target/release/daemoneye-cli /usr/local/bin/sudo chmod +x /usr/local/bin/procmond /usr/local/bin/daemoneye-agent /usr/local/bin/daemoneye-cli# Create system directoriessudo mkdir -p /etc/daemoneye /var/lib/daemoneye /var/log/daemoneyesudo chown -R$USER:$USER /etc/daemoneye /var/lib/daemoneye /var/log/daemoneye# Configure servicesudo systemctl enable daemoneyesudo systemctl start daemoneye
RHEL/CentOS - Build from Source:
# Update systemsudo yum update -y# Install dependenciessudo yum install -y ca-certificates curl wget gcc g++ make# Install Rustcurl--proto'=https'--tlsv1.2-sSf https://sh.rustup.rs |shsource ~/.cargo/env# Clone and buildgit clone https://github.com/EvilBit-Labs/DaemonEye.gitcd DaemonEyecargo build --release# Install binariessudo cp target/release/procmond target/release/daemoneye-agent target/release/daemoneye-cli /usr/local/bin/sudo chmod +x /usr/local/bin/procmond /usr/local/bin/daemoneye-agent /usr/local/bin/daemoneye-cli# Create system directoriessudo mkdir -p /etc/daemoneye /var/lib/daemoneye /var/log/daemoneyesudo chown -R$USER:$USER /etc/daemoneye /var/lib/daemoneye /var/log/daemoneye# Configure servicesudo systemctl enable daemoneyesudo systemctl start daemoneye
Arch Linux - Build from Source:
# Install dependenciessudo pacman -S--needed base-devel rust# Clone and buildgit clone https://github.com/EvilBit-Labs/DaemonEye.gitcd DaemonEyecargo build --release# Install binariessudo install -Dm755 target/release/procmond /usr/local/bin/procmondsudo install -Dm755 target/release/daemoneye-agent /usr/local/bin/daemoneye-agentsudo install -Dm755 target/release/daemoneye-cli /usr/local/bin/daemoneye-cli# Create system directoriessudo mkdir -p /etc/daemoneye /var/lib/daemoneye /var/log/daemoneye

macOS Installation#

Using Homebrew (Planned):
Homebrew package support for DaemonEye is coming soon. For now,
please use the build from source or manual installation methods
below.
Build from Source:
# Clone the repositorygit clone https://github.com/EvilBit-Labs/DaemonEye.gitcd DaemonEye# Install Rust if not already installedcurl--proto'=https'--tlsv1.2-sSf https://sh.rustup.rs |shsource"$HOME/.cargo/env"# Build DaemonEyecargo build --release# Install binaries (macOS-compatible: mkdir -p + install -m 755)sudo mkdir -p /usr/local/binsudo install -m 755 target/release/procmond /usr/local/bin/procmondsudo install -m 755 target/release/daemoneye-agent /usr/local/bin/daemoneye-agentsudo install -m 755 target/release/daemoneye-cli /usr/local/bin/daemoneye-cli# Create system directoriessudo mkdir -p /etc/daemoneye /var/lib/daemoneye /var/log/daemoneye
Manual Installation:
# Download and extractcurl-L https://github.com/EvilBit-Labs/DaemonEye/releases/latest/download/daemoneye-macos-x86_64.tar.gz |tar-xz# Install to system directoriessudo cp procmond daemoneye-agent daemoneye-cli /usr/local/bin/sudo chmod +x /usr/local/bin/procmond /usr/local/bin/daemoneye-agent /usr/local/bin/daemoneye-cli# Create directoriessudo mkdir -p /Library/Application\ Support/DaemonEyesudo mkdir -p /var/lib/daemoneyesudo mkdir -p /var/log/daemoneye# Set ownershipsudo chown -R$(whoami):staff /Library/Application\ Support/DaemonEyesudo chown -R$(whoami):staff /var/lib/daemoneyesudo chown -R$(whoami):staff /var/log/daemoneye

Windows Installation#

Using Chocolatey (Planned):
Chocolatey package support for DaemonEye is coming soon. For now,
please use the build from source or manual installation methods
below.
Build from Source:
# Install Rust (from https://rustup.rs/)# Download and run rustup-init.exe, or use:# iwr https://static.rust-lang.org/rustup/dist/x86_64-pc-windows-msvc/rustup-init.exe -OutFile rustup-init.exe# .\rustup-init.exe -y# Clone the repositorygit clone https://github.com/EvilBit-Labs/DaemonEye.gitcd DaemonEye# Build DaemonEyecargo build --release# Create installation directoryNew-Item-ItemType Directory -Path "C:\Program Files\DaemonEye"-Force# Install binariesCopy-Item"target\release\procmond.exe""C:\Program Files\DaemonEye\"Copy-Item"target\release\daemoneye-agent.exe""C:\Program Files\DaemonEye\"Copy-Item"target\release\daemoneye-cli.exe""C:\Program Files\DaemonEye\"# Add to PATH (run as Administrator)[Environment]::SetEnvironmentVariable("PATH","$env:PATH;C:\Program Files\DaemonEye",[EnvironmentVariableTarget]::Machine)# Create data directoriesNew-Item-ItemType Directory -Path "C:\ProgramData\DaemonEye"-ForceNew-Item-ItemType Directory -Path "C:\ProgramData\DaemonEye\data"-ForceNew-Item-ItemType Directory -Path "C:\ProgramData\DaemonEye\logs"-Force
Manual Installation:
# Download from GitHub releases# https://github.com/EvilBit-Labs/DaemonEye/releases# Extract to C:\Program Files\DaemonEye\# Add to PATH (run as Administrator)[Environment]::SetEnvironmentVariable("PATH","$env:PATH;C:\Program Files\DaemonEye",[EnvironmentVariableTarget]::Machine)# Create data directoriesNew-Item-ItemType Directory -Path "C:\ProgramData\DaemonEye"-ForceNew-Item-ItemType Directory -Path "C:\ProgramData\DaemonEye\data"-ForceNew-Item-ItemType Directory -Path "C:\ProgramData\DaemonEye\logs"-Force

Service Configuration#

Linux (systemd)#

Create Service File:
sudo tee /etc/systemd/system/daemoneye.service << 'EOF'[Unit]Description=DaemonEye Security Monitoring AgentDocumentation=https://docs.daemoneye.comAfter=network.targetWants=network.target[Service]Type=notifyUser=daemoneyeGroup=daemoneyeExecStart=/usr/local/bin/daemoneye-agent --config /etc/daemoneye/config.yamlExecReload=/bin/kill -HUP $MAINPIDKillMode=mixedKillSignal=SIGTERMTimeoutStopSec=30Restart=on-failureRestartSec=5StandardOutput=journalStandardError=journalSyslogIdentifier=daemoneye# Security settingsNoNewPrivileges=truePrivateTmp=trueProtectSystem=strictProtectHome=trueReadWritePaths=/var/lib/daemoneye /var/log/daemoneyeCapabilityBoundingSet=CAP_SYS_PTRACEAmbientCapabilities=CAP_SYS_PTRACE[Install]WantedBy=multi-user.targetEOF
Create User and Directories:
# Create daemoneye usersudo useradd -r-s /bin/false -d /var/lib/daemoneye daemoneye# Set ownershipsudo chown -R daemoneye:daemoneye /var/lib/daemoneyesudo chown -R daemoneye:daemoneye /var/log/daemoneyesudo chown -R daemoneye:daemoneye /etc/daemoneye# Reload systemd and start servicesudo systemctl daemon-reloadsudo systemctl enable daemoneyesudo systemctl start daemoneye

macOS (launchd)#

Create LaunchDaemon:
sudo tee /Library/LaunchDaemons/com.daemoneye.agent.plist << 'EOF'<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict> <key>Label</key> <string>com.daemoneye.agent</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/daemoneye-agent</string> <string>--config</string> <string>/Library/Application Support/DaemonEye/config.yaml</string> </array> <key>RunAtLoad</key> <true/> <key>KeepAlive</key> <true/> <key>StandardOutPath</key> <string>/var/log/daemoneye/agent.log</string> <key>StandardErrorPath</key> <string>/var/log/daemoneye/agent.error.log</string> <key>UserName</key> <string>daemoneye</string> <key>GroupName</key> <string>staff</string></dict></plist>EOF
Load and Start Service:
# Load servicesudo launchctl load /Library/LaunchDaemons/com.daemoneye.agent.plist# Check statussudo launchctl list |grep daemoneye

Windows (Service)#

Create Service:
# Create serviceNew-Service-Name "DaemonEye Agent"-BinaryPathName "C:\Program Files\DaemonEye\daemoneye-agent.exe --config C:\ProgramData\DaemonEye\config.yaml"-DisplayName "DaemonEye Security Monitoring Agent"-StartupType Automatic# Start serviceStart-Service"DaemonEye Agent"# Check statusGet-Service"DaemonEye Agent"

Post-Installation Setup#

Generate Initial#

Configuration
# Generate default configurationdaemoneye-cli config init --output /etc/daemoneye/config.yaml# Or for user-specific configurationdaemoneye-cli config init --output ~/.config/daemoneye/config.yaml

Create Data Directories#

# Linux/macOSsudo mkdir -p /var/lib/daemoneyesudo mkdir -p /var/log/daemoneyesudo chown -R$USER:$USER /var/lib/daemoneyesudo chown -R$USER:$USER /var/log/daemoneye# Windowsmkdir"C:\ProgramData\DaemonEye\data"mkdir"C:\ProgramData\DaemonEye\logs"

Set Up Basic Rules#

# Create rules directorymkdir-p /etc/daemoneye/rules# Create a basic rulecat> /etc/daemoneye/rules/suspicious-processes.sql << 'EOF'-- Detect processes with suspicious namesSELECT pid, name, executable_path, command_line, collection_timeFROM processesWHERE name IN ('malware.exe', 'backdoor.exe', 'trojan.exe') OR name LIKE '%suspicious%' OR executable_path LIKE '%temp%'ORDER BY collection_time DESC;EOF# Validate the ruledaemoneye-cli rules validate /etc/daemoneye/rules/suspicious-processes.sql

Configure Alerting#

# Enable syslog alertsdaemoneye-cli config set alerting.sinks[0].enabled truedaemoneye-cli config set alerting.sinks[0].type syslogdaemoneye-cli config set alerting.sinks[0].facility daemon# Enable webhook alerts (if SIEM is available)daemoneye-cli config set alerting.sinks[1].enabled truedaemoneye-cli config set alerting.sinks[1].type webhookdaemoneye-cli config set alerting.sinks[1].url "https://your-siem.com/webhook"daemoneye-cli config set alerting.sinks[1].headers.Authorization "Bearer ${WEBHOOK_TOKEN}"

Verification#

Check Installation#

# Check binary versionsprocmond--versiondaemoneye-agent--versiondaemoneye-cli--version# Check service status# Linuxsudo systemctl status daemoneye# macOSsudo launchctl list |grep daemoneye# WindowsGet-Service"DaemonEye Agent"

Test Basic Functionality#

# Check system healthdaemoneye-cli health# List recent processesdaemoneye-cli query "SELECT pid, name, executable_path FROM processes LIMIT 10"# Check alertsdaemoneye-cli alerts list# Test rule executiondaemoneye-cli rules test suspicious-processes

Performance Verification#

# Check system metricsdaemoneye-cli metrics# Monitor process collectiondaemoneye-cli watch processes --filter"cpu_usage > 10.0"# Check database statusdaemoneye-cli database status

Troubleshooting#

Common Installation Issues#

Permission Denied:
# Check file permissionsls-la /usr/local/bin/procmondls-la /usr/local/bin/daemoneye-agentls-la /usr/local/bin/daemoneye-cli# Fix permissionssudo chmod +x /usr/local/bin/procmond /usr/local/bin/daemoneye-agent /usr/local/bin/daemoneye-cli
Service Won't Start:
# Check service logs# Linuxsudo journalctl -u daemoneye -f# macOSsudo log show --predicate'process == "daemoneye-agent"'--last 1h# WindowsGet-EventLog-LogName Application -Source"DaemonEye"-Newest 10
Configuration Errors:
# Validate configurationdaemoneye-cli config validate# Check configuration syntaxdaemoneye-cli config check# Show effective configurationdaemoneye-cli config show --include-defaults
Database Issues:
# Check database statusdaemoneye-cli database status# Check database integritydaemoneye-cli database integrity-check# Repair databasedaemoneye-cli database repair

Debug Mode#

# Enable debug loggingdaemoneye-cli config set app.log_level debug# Restart service# Linuxsudo systemctl restart daemoneye# macOSsudo launchctl unload /Library/LaunchDaemons/com.daemoneye.agent.plistsudo launchctl load /Library/LaunchDaemons/com.daemoneye.agent.plist# WindowsRestart-Service"DaemonEye Agent"# Monitor debug logsdaemoneye-cli logs --level debug --tail 100

Performance Issues#

High CPU Usage:
# Check process collection ratedaemoneye-cli metrics --metric collection_rate# Reduce scan intervaldaemoneye-cli config set app.scan_interval_ms 60000# Check for problematic rulesdaemoneye-cli rules list --performance
High Memory Usage:
# Check memory usagedaemoneye-cli metrics --metric memory_usage# Reduce batch sizedaemoneye-cli config set app.batch_size 500# Check database sizedaemoneye-cli database size
Slow Queries:
# Check query performancedaemoneye-cli database query-stats# Optimize databasedaemoneye-cli database optimize# Check for slow rulesdaemoneye-cli rules list --slow

Getting Help#

  • Documentation: Check the full documentation in
    docs/
  • Logs: Review logs with
    daemoneye-cli logs
  • Health Checks: Use
    daemoneye-cli health for system status
  • Community: Join discussions on GitHub or community
    forums
  • Support: Contact support for commercial
    assistance

This installation guide provides comprehensive instructions for
installing DaemonEye across different platforms. For additional help,
consult the troubleshooting section or contact support.

Source note: Populated from the public repo
(docs/src/deployment/installation.md) on 2026-04-18. This
page was previously empty; the content above mirrors the repo at the
time of sync.