Cerberix Linux — Hardened Arch, ready to use
v0.1.2 — Styx
A hardened Arch,
ready the moment it boots.
Cerberix is a security-focused Linux distribution built on Arch.<br>Firewall, intrusion detection, VPN tooling, and a polished XFCE<br>desktop — configured correctly on first boot, not your tenth.
Download ISO
Quick install
x86_64 · UEFI + BIOS
GPG-signed releases
Rolling release
yodabytz@cerberix ~
$ fastfetch<br>-` yodabytz@cerberix<br>.o+` ─────────────────<br>`ooo/ OS Cerberix 0.1.2 Styx<br>`+oooo: Kernel Linux 6.13.x<br>`+oooooo: Shell fish 3.7<br>-+oooooo+: DE XFCE 4.20<br>`/:-:++oooo+: Theme Tokyo Night Moon<br>`/++++/+++++++: Shield ● active<br>`/++++++++++++++: Firewall ● nftables<br>`/+++ooooooooooooo/` VPN wireguard ready<br>./ooosssso++osssssso+`<br>$ sudo cerberix-harden --status<br>✓ nftables active<br>✓ fail2ban active, 4 jails<br>✓ aide baseline current<br>✓ unattended opt-in (off)<br>✓ kernel hardening 23/23 sysctl keys<br>$ ▌
Three heads. One system.
Every Cerberix install ships with the trio preconfigured and tested.
Hardened by default
nftables firewall, fail2ban with sane jails, AIDE file integrity,<br>WireGuard tooling, and a curated set of kernel sysctl tweaks.<br>No hunting down guides — it boots ready.
Desktop, actually.
XFCE 4.20 with Tokyo Night Moon theming, Plank dock, and a tuned<br>font stack. Plus Firefox, Thunar, and the everyday tools that<br>other security distros treat as an afterthought.
Built-in tools
Cerberix Shield watches your system tray and<br>flags anomalies. Cerberix Connect pairs with<br>the firewall appliance for dashboard visibility. Both written<br>for this distro, not bolted on.
See it in motion
A polished XFCE desktop, Cerberix Shield in the tray, everything green.
What's inside
A curated stack — not a pile of features.
BaseArch Linux (rolling)
Kernellinux + hardened sysctl
DesktopXFCE 4.20
DisplayLightDM greeter
Shellfish (zsh available)
Firewallnftables + ufw
IDSAIDE + rkhunter
Intrusionfail2ban
VPNWireGuard
Sandboxfirejail
Reposcore + extra + chaotic-aur
Archx86_64 (UEFI + BIOS)
Download
Burn it to USB, boot it, try it. Installer takes about six minutes.
cerberix-linux-0.1.2-x86_64.iso<br>latest
~3.1 GB · Released 2026-04-23 · x86_64 · via SourceForge mirror network
Download
SHA256SUMS<br>GPG signature<br>Signing key<br>Release notes
Browse all files:<br>SourceForge
Verify your download<br># 1. Import the signing key<br>curl https://cerberix.org/gpg.asc | gpg --import
# 2. Verify the signature<br>gpg --verify cerberix-linux-0.1.2-x86_64.iso.sig \<br>cerberix-linux-0.1.2-x86_64.iso
# 3. Check the hash<br>sha256sum -c cerberix-linux-0.1.2-x86_64.iso.sha256
Install in six minutes
Boot the ISO, log in, and run one command.
$ sudo cerberix-install
Cerberix Linux Installer
Available Disks:<br>sda 256G Samsung SSD 860<br>nvme0 1.0T Samsung 980 PRO
Install to disk: nvme0<br>Username: you<br>Password: ••••••••
✓ Partitioning (GPT, UEFI)<br>✓ Base system (pacstrap)<br>✓ XFCE + LightDM + autologin<br>✓ Security stack (nftables, fail2ban, AIDE)<br>✓ Bootloader (GRUB)
Cerberix Linux installed. Remove ISO and reboot.
That's it. No DE choice screen, no 20-step wizard, no surprise<br>telemetry. The installer is a single Bash script — open it<br>first if you want to see exactly what happens.
Why another distro?
Because "security-focused" usually means one of two things:<br>a pentester's toolkit you wouldn't daily-drive, or a hardened<br>server spin with no desktop in sight.
Cerberix is for everyone in between: developers, sysadmins,<br>and curious users who want sensible defaults — firewall<br>on, logs rotating, file integrity checks running —<br>without giving up a normal desktop.
It's Arch underneath, so pacman works, the wiki<br>applies, and the AUR is one yay away. The<br>difference is the first boot, not the fork.
Known caveats
Rolling release — expect package churn
Desktop only (server variant TBD)
English locale out of the box
0.1.x is young — file issues generously