# Root Lock by HeartSuite Documentation > Complete guide for installing and configuring Root Lock by HeartSuite security suite. --- LLMS index: [llms.txt](/llms.txt) --- --- *Root Lock by HeartSuite | Zero Day Secure-by-design* --- **Overview**: Every attack does three things: run a program, access files, make a network connection. Root Lock by HeartSuite enforces default-deny on all three at the kernel level — per program, not per user. In Lockdown, anything not on the allowlist — including malware running as root — is blocked before it can act. The immutable seal refuses any change to the allowlist while running, including by root. Undoing Lockdown requires a reboot with physical access. See [Mode Switching and Lockdown](mode-switching/) for the mechanism. The Dashboard guides you through a 7-phase setup journey, from system verification to Lockdown activation. Root Lock by HeartSuite supports two paths: **Cloud** (pre-installed on AWS, Google Cloud, Azure, DigitalOcean, Linode, and other providers — the Dashboard appears on first login) and **Local** (manual installation with a guided setup across several reboots). Both paths converge at the Dashboard after Phase 1 (System Verification). Root Lock by HeartSuite is a strong fit for production servers, regulated workstations, build and CI infrastructure, AI agent sandboxes, and container hosts. Hosts where eBPF-based tooling must run locally require a non-HS kernel. ## Introduction and concepts - [Introduction and Overview](introduction/) — Overview, setup process, Dashboard guidance, and requirements. - [Deployment Scenarios](introduction/deployment-scenarios/) — Where Root Lock by HeartSuite fits best, and where it doesn't. - [How Root Lock by HeartSuite Compares](introduction/how-it-compares/) — What Root Lock by HeartSuite replaces (Falco, AppArmor, gVisor, EDR on the enforcement dimension), what it complements (SIEM, NDR, VA), and how it can be circumvented. - [Allowlisting Programs](allowlisting/) — How to approve programs and their file and network permissions using the review queues. - [Mode Switching and Lockdown](mode-switching/) — Setup Mode and Lockdown. ## Get started Start with [Quick Start](getting-started/) — it covers both paths (Cloud and Local) and links each step in order: prerequisites, download, install, verify, and allowlist. The pages below are the individual steps, linked from Quick Start: - [Obtaining and Installing Root Lock by HeartSuite](installation/) — Download and setup steps (Local Path). - [Verifying Installation](verification/) — Confirm Phase 1 is complete in the Dashboard. ## Use and manage - [Network and Remote Access](network/) — Configure network permissions. - [Script Launchers](script-launchers/) — Secure interpreted script execution. - [Alert Settings](alerts/) — Set up push notifications for blocks and state changes (Phase 6, required for Lockdown). - [Maintenance](maintenance/) — Protecting during maintenance, file backup and versioning, and cache adjustment. ## Troubleshoot and reference - [Troubleshooting and Logs](troubleshooting/) — Common issues and solutions. - [FAQs](faqs/) — Answers to frequent questions. - [Kernel Security Transparency](security/) — CVE status and Not Affected rationale for the Root Lock by HeartSuite kernel. - [Appendices](appendices/) — List of included tools. ## Subscription and support - [Subscription](licensing/) — Activate your subscription for Lockdown. - For updates or help, visit [heartsecsuite.com](https://heartsecsuite.com). ## Ready to get started? **Already have a subscription?** Follow the [Quick Start](getting-started/) — the Dashboard guides you from there. **Evaluating?** Cloud instances and the Local Path package are available at [heartsecsuite.com](https://heartsecsuite.com). ## Also in this documentation - [HeartSuite Joint File System (HJFS)](../hjfs/) — Prototype filesystem-based security layer. Enforces path-level access control on standard kernels where the HS kernel is not available. --- *About this Documentation*: Covers Root Lock by HeartSuite v1.6.4. --- Section pages: - [Introduction and Overview](/docs/introduction/): Overview of Root Lock by HeartSuite, setup process, and system requirements. - [Getting Started](/docs/getting-started/): Choose your setup path and begin installation. - [Obtaining and Installing Root Lock by HeartSuite](/docs/installation/): Download and installation steps for Root Lock by HeartSuite. - [Verifying Installation and Basic Setup](/docs/verification/): Checking Root Lock by HeartSuite activation and initial configuration. - [Allowlisting Programs](/docs/allowlisting/): Adding programs to the allowlist for secure execution. - [Script Launchers and Python Setup](/docs/script-launchers/): Setting up secure launchers for scripts like Python, Perl, and PHP. - [Network and Remote Access](/docs/network/): Reviewing and approving internet destinations for each program. - [Alert Settings](/docs/alerts/): Configuring push alert channels for blocks and state changes in Lockdown. - [Mode Switching and Lockdown](/docs/mode-switching/): How to activate Lockdown, and manage the trust boundary through maintenance. - [Licensing and Subscription](/docs/licensing/): Activating subscriptions for Lockdown. - [Advanced Configuration and Maintenance](/docs/maintenance/): How to perform maintenance safely on a Root Lock by HeartSuite system, from Setup Mode transitions to Lockdown recovery. - [Troubleshooting and Logs](/docs/troubleshooting/): Diagnosing blocked programs, the system being in the wrong mode or kernel, and recovering from kernel issues. - [FAQs](/docs/faqs/): Common questions and answers for Root Lock by HeartSuite. - [Kernel Security Transparency](/docs/security/): CVE status for the Root Lock by HeartSuite kernel — precise status and technical rationale for each relevant vulnerability, including Not Affected entries where the vulnerable code path is absent by design. - [Kernel Hardening](/docs/kernel-hardening/): Objective, measurement-backed analysis of Root Lock by HeartSuite's kernel hardening posture — design rationale, comparison against industry references, and reproducible evidence. - [Roadmap 2016 — present](/docs/roadmap/): See where Root Lock by HeartSuite is headed—kernel-level enforcement that root cannot bypass. - [Appendices](/docs/appendices/): List of included Root Lock by HeartSuite tools. - [Compliance Quick Reference](/docs/compliance-quick-reference/): One-page answers to the most common compliance questions about Root Lock by HeartSuite — for auditors, sales conversations, and internal briefings. - [Compliance Reference: NIST CSF & ISO 27001](/docs/heartsuite-compliance-nist-iso27001/): How Root Lock by HeartSuite maps to NIST Cybersecurity Framework and ISO 27001:2022 Annex A controls. - [SOC 2 Control Mapping](/docs/soc2/): Root Lock by HeartSuite mapped to AICPA Trust Services Criteria (TSC) for SOC 2 Type I and Type II audits.