HeartSuite Core Secure Documentation on HeartSuite Core Secure

Verifying Installation and Basic Setup

Mon, 01 Jan 0001 00:00:00 +0000

Overview: Phase 1 (System Verification) confirms that HeartSuite Core Secure is active and the system is ready for allowlisting. On most paths, this phase completes automatically.

What Phase 1 Checks

System Verification validates the following conditions:

The HeartSuite Core Secure kernel is loaded and active
The system is in Setup Mode (logging only, nothing blocked)
Core HeartSuite Core Secure services are running
The allowlist database is accessible

These checks confirm that the system is ready. No user action is required — Phase 1 completes automatically when all conditions are met.

Network and Remote Access

Mon, 01 Jan 0001 00:00:00 +0000

Overview: HeartSuite Core Secure blocks all outbound network connections by default. No program can connect to any destination unless you have explicitly approved it. The Dashboard’s Internet Access queue ([i]) guides you through reviewing and approving destinations for each program as part of Phase 5.

How Network Allowlisting Works

In Setup Mode, HeartSuite Core Secure logs every outbound connection attempt without blocking it. These events appear in the Dashboard’s Internet Access queue. In Secure Mode, any connection to a destination not on the allowlist is blocked and an alert is generated.

Alert Configuration

Mon, 01 Jan 0001 00:00:00 +0000

Overview: Phase 6 requires at least one push alert channel to be configured before Secure Mode can be activated. Alerts notify you of security-relevant events when no one is connected to the Dashboard. On a stable system in Secure Mode, expect roughly 1–5 email alerts per week — alert volume is intentionally low.

How Alerts Work

Alerts are a push channel for events that warrant immediate attention. They are not a secondary log stream and not a replacement for the Dashboard.

Licensing and Subscription

Mon, 01 Jan 0001 00:00:00 +0000

Overview: A subscription is required to activate Secure Mode (Phase 7). The Dashboard shows your current subscription status alongside phase progress and alerts.

Subscription

A subscription is required before you can switch from Setup Mode to Secure Mode. Phase 7 (Secure Mode) is locked until phases 2-6 are complete and a valid subscription is activated.

The subscription is a simple text file. One subscription can cover up to 9999 servers – at the time of purchase, you specify how many servers the subscription covers. You can purchase additional subscriptions if needed.

Mode Switching and Lockdown

Mon, 01 Jan 0001 00:00:00 +0000

Overview: HeartSuite Core Secure guides you through mode switching via the Dashboard. The system state depends on which kernel is booted and whether Lockdown is applied — the Dashboard shows you the current state and suggests the appropriate next action.

System States

HeartSuite Core Secure has two modes: Setup Mode and Secure Mode. Both run on the HeartSuite Core Secure kernel. Lockdown is a separate decision you make after activating Secure Mode — it seals the configuration with filesystem immutability. Both running Secure Mode without Lockdown and running Secure Mode with Lockdown are valid configurations depending on your threat model. Lockdown can only be applied within Secure Mode; it is not a separate mode. Booting the original non-HS kernel is not a HeartSuite Core Secure mode at all; it is the system running without HeartSuite Core Secure.

Troubleshooting and Logs

Mon, 01 Jan 0001 00:00:00 +0000

Overview: If issues arise, start with the Dashboard — the Safety Banner shows the current system state, and the Suggested Next Step tells you what to do. The kernel log is available for advanced diagnostics when needed.

graph TD;
 A[System issue occurs] --> B{System fails to boot?};
 B -->|Yes| C[Boot into recovery mode or Non-HS kernel];
 C --> D["Dashboard resumes — follow Maintenance wizard steps"];
 D --> E[Boot HeartSuite Core Secure kernel — Dashboard shows pending events];
 B -->|No| F[Check the Dashboard];
 F --> G{Safety Banner shows wrong mode or Non-HS kernel?};
 G -->|Yes| H[Check System Info Strip for mode, kernel, lockdown];
 H --> I[Follow the Suggested Next Step];
 G -->|No| J{Review queues show pending or denied events?};
 J -->|Yes| K[Approve missing items from the review queues];
 J -->|No| L["Check dmesg | grep HEARTSUITE for raw kernel events"];
 E --> K;
 K --> M[Test operation];
 I --> M;
 L --> M;

Dashboard-First Diagnostics

The Dashboard is the primary diagnostic tool. Before checking log files, review:

FAQs

Mon, 01 Jan 0001 00:00:00 +0000

Quick answers to common setup, usage, and troubleshooting questions. For detailed guides, see the full documentation.

General

How is HeartSuite Core Secure different from other anti-malware solutions?

A: HeartSuite Core Secure enforces security at the kernel level — not through signatures, behavior prediction, or eBPF filters that attackers routinely bypass. The HeartSuite Core Secure kernel blocks any program execution, file access, or network connection that has not been explicitly approved through the Dashboard’s review process. Because enforcement happens inside the kernel itself, it cannot be circumvented by any program or user, including root.

Appendices

Mon, 01 Jan 0001 00:00:00 +0000

Overview: HeartSuite Core Secure includes a set of tools for system management, allowlisting, and security enforcement. The Dashboard is the primary interface for most users; the tools listed below are available for advanced use or specific cases.

With exception of the Secure Script Launchers, all tools are located in the /.hs/sys directory. The HeartSuite Core Secure installation routine does NOT add this directory to the PATH environment variable. The Secure Script Launchers are located in /usr/bin because it is in the default PATH. Programs and scripts that write data to HeartSuite Core Secure databases must be run as root.