Installation

PRX-SD supports six installation methods. Choose the one that best fits your workflow.

Recommended

The install script is the fastest way to get started. It detects your platform, downloads the correct binary, and places it in your PATH.

Prerequisites

Requirement	Minimum	Notes
Operating System	Linux (x86_64, aarch64), macOS (12+), Windows (WSL2)	Native Windows is not supported
Disk Space	200 MB	~50 MB binary + ~150 MB signature database
RAM	512 MB	2 GB+ recommended for large directory scans
Rust (source build only)	1.85.0	Not needed for script or Docker install
Git (source build only)	2.30+	For cloning the repository
Docker (Docker only)	20.10+	Or Podman 3.0+

Method 1: Install Script (Recommended)

The install script downloads the latest release binary for your platform and places it in your PATH.

curl -fsSL https://raw.githubusercontent.com/openprx/prx-sd/main/install.sh | bash

To install a specific version:

curl -fsSL https://raw.githubusercontent.com/openprx/prx-sd/main/install.sh | bash -s -- --version v0.2.3

The script supports the following environment variables:

Variable	Default	Description
PRX_SD_PREFIX	/usr/local or ~/.local	Installation prefix directory
PRX_SD_DATA_DIR	~/.prx-sd	Data directory for signatures and config
PRX_SD_VERSION	latest	Specific release version

The script also supports CLI flags: --prefix DIR, --data-dir DIR, --version VER, --uninstall

Method 2: Homebrew (macOS/Linux)

If you have Homebrew installed, you can install PRX-SD from the OpenPRX tap:

brew install openprx/tap/sd

Homebrew handles dependency resolution and places sd in your Homebrew prefix. Upgrades are managed with brew upgrade sd.

Method 3: Scoop (Windows)

On Windows, install via Scoop by adding the OpenPRX bucket first:

scoop bucket add openprx https://github.com/openprx/scoop-bucket
scoop install sd

Method 4: Cargo Install

If you have Rust installed, you can install directly from crates.io:

cargo install prx-sd

This compiles from source and places the sd binary in ~/.cargo/bin/.

Build Dependencies

Cargo install compiles native dependencies. On Debian/Ubuntu you may need:

sudo apt install -y build-essential pkg-config libssl-dev

On macOS, Xcode Command Line Tools are required:

xcode-select --install

Method 5: Build from Source

Clone the repository and build in release mode:

git clone https://github.com/openprx/prx-sd.git
cd prx-sd
cargo build --release

The binary is located at target/release/sd. Copy it to your PATH:

sudo cp target/release/sd /usr/local/bin/sd

Build Options

Feature Flag	Default	Description
yara	enabled	YARA-X rule engine
ml	disabled	ONNX ML inference engine
gui	disabled	Tauri + Vue 3 desktop GUI
virustotal	disabled	VirusTotal API integration

To build with ML inference support:

cargo build --release --features ml

To build the desktop GUI:

cargo build --release --features gui

Method 6: Docker

Pull the official Docker image:

docker pull ghcr.io/openprx/prx-sd:latest

Run a scan by mounting a target directory:

docker run --rm -v /path/to/scan:/scan ghcr.io/openprx/prx-sd:latest scan /scan --recursive

For real-time monitoring, run as a daemon:

docker run -d \
  --name prx-sd \
  --restart unless-stopped \
  -v /home:/watch/home:ro \
  -v /tmp:/watch/tmp:ro \
  ghcr.io/openprx/prx-sd:latest \
  monitor /watch/home /watch/tmp

Docker Compose

A docker-compose.yml is available in the repository root for production deployments with automatic signature updates.

Platform Notes

Linux

PRX-SD works on any modern Linux distribution. For real-time monitoring, the inotify subsystem is used. You may need to increase the watch limit for large directory trees:

echo "fs.inotify.max_user_watches=524288" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Rootkit detection and memory scanning require root privileges.

PRX-SD includes several Linux-exclusive features that require root privileges:

• Memory Scanning (sd scan-memory) — Scan running process memory via /proc/pid/mem
• Rootkit Detection (sd check-rootkit) — Hidden process detection, kernel module verification, LD_PRELOAD checks
• eBPF Monitoring — Kernel-level syscall tracing (requires --features ebpf build flag)
• fanotify Blocking — Pre-execution blocking of malicious binaries (via sd config set monitor.block_mode true)

macOS

PRX-SD uses FSEvents for real-time monitoring on macOS. Both Apple Silicon (aarch64) and Intel (x86_64) are supported. The install script automatically detects your architecture.

macOS Gatekeeper

If macOS blocks the binary, remove the quarantine attribute:

xattr -d com.apple.quarantine /usr/local/bin/sd

Windows (WSL2)

PRX-SD runs inside WSL2 using the Linux binary. Install WSL2 with a Linux distribution first, then follow the Linux installation steps. Native Windows support is planned for a future release.

Verify Installation

After installation, verify that sd is working:

sd --version

Expected output:

prx-sd 0.2.3

Check the full system status including signature database:

sd info

This displays the installed version, signature counts, YARA rule counts, and database paths.

Uninstalling

Via Install Script

# Via install script (interactive - asks about data directory)
curl -fsSL https://raw.githubusercontent.com/openprx/prx-sd/main/install.sh | bash -s -- --uninstall

Via Homebrew

brew uninstall sd

Via Scoop

scoop uninstall sd

Via Cargo Install

# Remove the binary
cargo uninstall prx-sd

# Remove signature database and configuration
rm -rf ~/.prx-sd

Docker

docker stop prx-sd && docker rm prx-sd
docker rmi ghcr.io/openprx/prx-sd:latest

Next Steps

• Quick Start -- Get scanning in 5 minutes
• File & Directory Scanning -- Full sd scan command reference
• Detection Engine Overview -- Understand the multi-layer pipeline