🔰 Overview
The Sentinel Suite is EveryHost’ in-house AI-powered security and performance framework, built specifically for Magento 2 hosting environments. Unlike generic one-size-fits-all security suites, Sentinel operates at a stack-aware level — understanding Magento’s architecture, log patterns, cron structure, search queries, and Redis/OpenSearch behaviour.
It runs as a lightweight agent on each server, feeding JSON reports and metrics back to WHMCS dashboards, and coordinating defences through Sentinel Shield, the system’s central intelligence layer.
🧱 Sentinel Shield (Core Defence Layer)
💡 Function
Sentinel Shield is the central nervous system of the entire Sentinel stack. It continuously monitors server metrics, AI log signals, Redis activity, and PHP process data — then acts dynamically to prevent overload or abuse in real-time.
🔧 Features
- Real-time telemetry feed from loadwatch, redis-watch, and log-scan.
- Adaptive response engine with internal scoring model.
- Unified JSON status (shield-state.json) for WHMCS / Grafana.
- AI-assisted decision layer (GPT-4) to differentiate spikes from bots.
- Self-healing routines for Redis locks and PHP workers.
Response Levels
Evolution: From Abuse Guard to Shield
| Capability | Legacy | Shield |
|---|---|---|
| Process Scanning | ✅ | ✅ Real-time |
| AI Logic | ❌ | ✅ GPT-based |
| Auto-healing | ❌ | ✅ Built-in |
| Inter-module Sync | Isolated | ✅ Full Sync |
⚙️ Core Monitoring Modules
1. sentinel-log-scan.sh
AI-powered analysis of Magento, Apache, PHP, Redis, and OpenSearch logs. Uses GPT to detect malicious patterns (SQLi, exploits).
2. sentinel-cronwatch.sh
Tracks Magento cron processes. Detects if cron exceeds runtime (3600s), auto-unlocks stuck jobs, and reports to WHMCS.
3. sentinel-admin-audit.sh
Monitors Magento admin users. Detects new user creation, role modification, or password resets. Links to 2fa-watch.
4. sentinel-2fa-watch.sh
Protects backend from brute-force. Scans admin logs for disabled 2FA accounts or failed logins. Sends instant alerts.
5. sentinel-session-leak.sh
Scans var/session for abnormal growth. Detects bots holding persistent sessions. Correlates spikes with IPs.
6. sentinel-hackwatch.sh
File integrity checks. Detects code injection, webshells, or core modifications using regex and hash comparison.
7. sentinel-geo-report.sh
Parses logs with MaxMind GeoIP2. Identifies high-risk countries and ASNs. Feeds Shield with origin data for blocking.
8. sentinel-searchwatch.sh
Detects abusive search queries targeting OpenSearch. Blocks excessive query frequency and scraping bots automatically.
9. sentinel-ipflood.sh
Analyses recent access logs for flooding IPs. Uses improved timestamp parsing. Auto-blocks abusive IPs/CIDRs.
10. sentinel-loadwatch.sh
Continuously tracks load, CPU, RAM, I/O. Feeds metrics to Shield. Integrates with Prometheus/Grafana.
11. sentinel-redis-watch.sh
Monitors Redis for excessive memory or stuck BGSAVE. Kills heavy background saves. Adjusts persistence dynamically.
12. sentinel-config-audit.sh
Audits CSF, PHP INI, Redis, MySQL configs using GPT. Generates scored reports and improvement suggestions.
📈 Data, Integration, and Dashboards
🔒 Agent + Token Model
Every Sentinel module exposes a token-secured JSON API. Data is stored in /public_html/sentinel-agent/*.json and pulled securely by WHMCS modules.
🖥️ WHMCS Integration
Fully modular dashboard including IP Flood Monitor, Cron Watch, Geo Report, Search Abuse, Log Watch, and Shield Status. Supports auto-notifications.
📊 Grafana / Prometheus Compatibility
Sentinel exports JSON metrics compatible with Prometheus exporters. Visualize Shield state, load, and Redis usage in real-time.