Any self-hosted VM security dashboards?

WyvernCo

With all these security patches coming out, it would be nice to have one self hosted dashboard I could go to see all my VMs in one place and if they're running any vulnerable packages / kernels. (Bonus points if it can alert for other important things like nearly full disk, etc.)

Do you have any programs like this? Open source / free / self-hosted only, please

OhJohn

https://wazuh.com/ (or you may want to enter here https://github.com/wazuh/wazuh instead)

JohnFilch123

https://github.com/TheDuffman85/linux-update-dashboard this is interesting

Nekopara

https://github.com/PatchMon/PatchMon

JohnFilch123

@Nekopara said:
https://github.com/PatchMon/PatchMon

It cannot install updates, sadly. Otherwise, great app.

Nekopara

@JohnFilch123 said:

@Nekopara said:
https://github.com/PatchMon/PatchMon

It cannot install updates, sadly. Otherwise, great app.

i just used this yesterday to update all my vps over the patchmon dashboard with one-click?

Hayzee

For hardware monitoring and notifs you could use beszel unfortunately it doesn’t provide any security info to my knowledge

JohnFilch123

@Nekopara said: i just used this yesterday to update all my vps over the patchmon dashboard with one-click?

Oh, this is a new feature, it was not there before v.2.0. Thanks for pointing out.

WyvernCo

Thank you for the suggestions, I have been reading up on each

One drawback about them is that each gives root to the central management node. This seems like a bit of a security risk to me in case the central management node is compromised or has a vulnerability itself. For a reporting-only use case it seems like it would be more secure if the central node only had read-only access to the vulnerability status of each endpoint rather than having full SSH/software push abilities.

JohnFilch123

Everything is not 100% secure but there are ways to mitigate it.

plumberg

Any recommendations for windows? I liked patchmon but its only Linux

JohnFilch123

Yes. format c; /q

Nekopara

@plumberg said:
Any recommendations for windows? I liked patchmon but its only Linux

you can monitor windows with patchmon

plumberg

@Nekopara said:

@plumberg said:
Any recommendations for windows? I liked patchmon but its only Linux

you can monitor windows with patchmon

Oh is it? I thought their homepage says

"PatchMon deploys updates and tracks history across your Linux and FreeBSD estate. No SSH marathons, no one-off scripts, no spreadsheets"

Oo so its just monitoring or even patch deployment?

plumberg

@JohnFilch123 said:
Yes. format c; /q

I like this.
Same for rm -fr / --no-preserve-root

nikio

@JohnFilch123 said:
Everything is not 100% secure but there are ways to mitigate it.

You can say this, but there is no reason to deliberately take steps to be less secure. If you really want to automate updates just create an ansible playbook you run from your home PC. Don't tie everything together to a single pwnable "dashboard" that was vibecoded before AI existed (and therefore includes mistakes even the AI wouldn't make).

TrikeLike

@WyvernCo said:
With all these security patches coming out, it would be nice to have one self hosted dashboard I could go to see all my VMs in one place and if they're running any vulnerable packages / kernels. (Bonus points if it can alert for other important things like nearly full disk, etc.)

Why not just sign up for the RSS feed(s) of whatever security feed your distribution uses, and remember to update when you see a package in there you might be using? Much lower-tech, far harder to hack, and simpler to run as well. Anything that lets you update all your systems from one place in the event of an attack is itself a juicy attack target.

beanman109

@JohnFilch123 said:

@Nekopara said: i just used this yesterday to update all my vps over the patchmon dashboard with one-click?

Oh, this is a new feature, it was not there before v.2.0. Thanks for pointing out.

I started using it earlier in the week, it's pretty solid.
Can be a bit hit and miss with some custom distros like Proxmox Backup Server
No option to issue a reboot command after a successful update kills me though

AlteredParadox

@nikio said:

@JohnFilch123 said:
Everything is not 100% secure but there are ways to mitigate it.

You can say this, but there is no reason to deliberately take steps to be less secure. If you really want to automate updates just create an ansible playbook you run from your home PC. Don't tie everything together to a single pwnable "dashboard" that was vibecoded before AI existed (and therefore includes mistakes even the AI wouldn't make).

Don't worry, I had claude write my ansible playbook, then vibe-code a frontend ui webpage to connect to my ansible box and run it

plumberg

@beanman109 said:

@JohnFilch123 said:

@Nekopara said: i just used this yesterday to update all my vps over the patchmon dashboard with one-click?

Oh, this is a new feature, it was not there before v.2.0. Thanks for pointing out.

I started using it earlier in the week, it's pretty solid.
Can be a bit hit and miss with some custom distros like Proxmox Backup Server
No option to issue a reboot command after a successful update kills me though

You could vibe code patchmonv2 with reboot switch as well

That would be true goated use of Ai

JohnFilch123

@beanman109 said: No option to issue a reboot command after a successful update kills me though

Oh, this is not good. But I feel like it can be mitigated by unattended-upgrades and Unattended-Upgrade::Automatic-Reboot "true" option.

JohnFilch123

@nikio said: but there is no reason to deliberately take steps to be less secure

Oh, absolutely, I did not mean that. There are various ways you can use patchmon securely. Ansible never worked for me reliably, I tried it with semaphore (I love nice UI) but one day it works, another day it freezes with some servers, so I have to constantly manage and change settings, which is not nice. Perhaps, pure ansible will work better, which is also a good option, if you are paranoid about security.

eva2000

@WyvernCo said:
With all these security patches coming out, it would be nice to have one self hosted dashboard I could go to see all my VMs in one place and if they're running any vulnerable packages / kernels. (Bonus points if it can alert for other important things like nearly full disk, etc.)

Do you have any programs like this? Open source / free / self-hosted only, please

Probably need to create your own. It's basically what I am doing for my Centmin Mod LEMP stack users with my cmsec security framework for detection and alert notifications for CVEs - right now specifically focused on Linux Kernel CVEs. Centmin Mod users will get notifications on initial SSH login and there is optional mobile push notification support.

* cmsec: running 5 kernel CVE check(s), please wait...
 * CVE-2026-31431 (almalinux kernel): PATCHED
 * CVE-2026-43284 (almalinux kernel): PATCHED
 * CVE-2026-43500 (almalinux kernel): NOT AFFECTED
 * CVE-2026-46300 (almalinux kernel): VULNERABLE — run "cmsec check cve-2026-46300" for details
 * CVE-2026-46333 (almalinux kernel): VULNERABLE — run "cmsec check cve-2026-46333" for details

* cmsec: running 5 kernel CVE check(s), please wait...
 * CVE-2026-31431 (almalinux kernel): PATCHED
 * CVE-2026-43284 (almalinux kernel): PATCHED
 * CVE-2026-43500 (almalinux kernel): NOT AFFECTED
 * CVE-2026-46300 (almalinux kernel): PATCHED
 * CVE-2026-46333 (almalinux kernel): PATCHED

Dashboards are nice to have, but you don't want it to be another vector for security issues too.