Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Any self-hosted VM security dashboards?

WyvernCoWyvernCo Member
in Help

With all these security patches coming out, it would be nice to have one self hosted dashboard I could go to see all my VMs in one place and if they're running any vulnerable packages / kernels. (Bonus points if it can alert for other important things like nearly full disk, etc.)

Do you have any programs like this? Open source / free / self-hosted only, please

Comments

  • OhJohnOhJohn Member
    edited May 15

    https://wazuh.com/ (or you may want to enter here https://github.com/wazuh/wazuh instead)

    Thanked by 9WyvernCo tentor oloke eliphas PuDLeZ buggedout ebietsy webcraft iriska
  • JohnFilch123JohnFilch123 Member

    https://github.com/TheDuffman85/linux-update-dashboard this is interesting

    Thanked by 4WyvernCo t0m buggedout nghialele
  • NekoparaNekopara Member

    https://github.com/PatchMon/PatchMon :)

    Thanked by 7t0m WyvernCo buggedout nghialele CloudHopper zed Falzo
  • JohnFilch123JohnFilch123 Member

    @Nekopara said:
    https://github.com/PatchMon/PatchMon :)

    It cannot install updates, sadly. Otherwise, great app.

    Thanked by 1nghialele
  • NekoparaNekopara Member

    @JohnFilch123 said:

    @Nekopara said:
    https://github.com/PatchMon/PatchMon :)

    It cannot install updates, sadly. Otherwise, great app.

    i just used this yesterday to update all my vps over the patchmon dashboard with one-click?

    Thanked by 3JohnFilch123 Falzo dodheimsgard
  • HayzeeHayzee Member

    For hardware monitoring and notifs you could use beszel unfortunately it doesn’t provide any security info to my knowledge

    Thanked by 1WyvernCo
  • JohnFilch123JohnFilch123 Member

    @Nekopara said: i just used this yesterday to update all my vps over the patchmon dashboard with one-click?

    Oh, this is a new feature, it was not there before v.2.0. Thanks for pointing out.

  • WyvernCoWyvernCo Member

    Thank you for the suggestions, I have been reading up on each

    One drawback about them is that each gives root to the central management node. This seems like a bit of a security risk to me in case the central management node is compromised or has a vulnerability itself. For a reporting-only use case it seems like it would be more secure if the central node only had read-only access to the vulnerability status of each endpoint rather than having full SSH/software push abilities.

  • JohnFilch123JohnFilch123 Member

    Everything is not 100% secure but there are ways to mitigate it.

    Thanked by 3tentor Nekopara WyvernCo
  • plumbergplumberg Veteran, Megathread Squad

    Any recommendations for windows? I liked patchmon but its only Linux

  • JohnFilch123JohnFilch123 Member

    Yes. format c; /q

    Thanked by 3tentor plumberg WyvernCo
  • NekoparaNekopara Member
    edited May 16

    @plumberg said:
    Any recommendations for windows? I liked patchmon but its only Linux

    you can monitor windows with patchmon

    Thanked by 1plumberg
  • plumbergplumberg Veteran, Megathread Squad

    @Nekopara said:

    @plumberg said:
    Any recommendations for windows? I liked patchmon but its only Linux

    you can monitor windows with patchmon

    Oh is it? I thought their homepage says

    "PatchMon deploys updates and tracks history across your Linux and FreeBSD estate. No SSH marathons, no one-off scripts, no spreadsheets"

    Oo so its just monitoring or even patch deployment?

  • plumbergplumberg Veteran, Megathread Squad

    @JohnFilch123 said:
    Yes. format c; /q

    I like this.
    Same for rm -fr / --no-preserve-root

  • nikionikio Member

    @JohnFilch123 said:
    Everything is not 100% secure but there are ways to mitigate it.

    You can say this, but there is no reason to deliberately take steps to be less secure. If you really want to automate updates just create an ansible playbook you run from your home PC. Don't tie everything together to a single pwnable "dashboard" that was vibecoded before AI existed (and therefore includes mistakes even the AI wouldn't make).

    Thanked by 1WyvernCo
  • TrikeLikeTrikeLike Member

    @WyvernCo said:
    With all these security patches coming out, it would be nice to have one self hosted dashboard I could go to see all my VMs in one place and if they're running any vulnerable packages / kernels. (Bonus points if it can alert for other important things like nearly full disk, etc.)

    Why not just sign up for the RSS feed(s) of whatever security feed your distribution uses, and remember to update when you see a package in there you might be using? Much lower-tech, far harder to hack, and simpler to run as well. Anything that lets you update all your systems from one place in the event of an attack is itself a juicy attack target.

    Thanked by 1MannDude
  • beanman109beanman109 Member, Host Rep, Megathread Squad

    @JohnFilch123 said:

    @Nekopara said: i just used this yesterday to update all my vps over the patchmon dashboard with one-click?

    Oh, this is a new feature, it was not there before v.2.0. Thanks for pointing out.

    I started using it earlier in the week, it's pretty solid.
    Can be a bit hit and miss with some custom distros like Proxmox Backup Server
    No option to issue a reboot command after a successful update kills me though

    Thanked by 1JohnFilch123
  • AlteredParadoxAlteredParadox Member
    edited May 17

    @nikio said:

    @JohnFilch123 said:
    Everything is not 100% secure but there are ways to mitigate it.

    You can say this, but there is no reason to deliberately take steps to be less secure. If you really want to automate updates just create an ansible playbook you run from your home PC. Don't tie everything together to a single pwnable "dashboard" that was vibecoded before AI existed (and therefore includes mistakes even the AI wouldn't make).

    Don't worry, I had claude write my ansible playbook, then vibe-code a frontend ui webpage to connect to my ansible box and run it :)

    Thanked by 2nikio t0m
  • plumbergplumberg Veteran, Megathread Squad

    @beanman109 said:

    @JohnFilch123 said:

    @Nekopara said: i just used this yesterday to update all my vps over the patchmon dashboard with one-click?

    Oh, this is a new feature, it was not there before v.2.0. Thanks for pointing out.

    I started using it earlier in the week, it's pretty solid.
    Can be a bit hit and miss with some custom distros like Proxmox Backup Server
    No option to issue a reboot command after a successful update kills me though

    You could vibe code patchmonv2 with reboot switch as well

    That would be true goated use of Ai

    Thanked by 1beanman109
  • JohnFilch123JohnFilch123 Member

    @beanman109 said: No option to issue a reboot command after a successful update kills me though

    Oh, this is not good. But I feel like it can be mitigated by unattended-upgrades and Unattended-Upgrade::Automatic-Reboot "true" option.

    Thanked by 2beanman109 WyvernCo
  • JohnFilch123JohnFilch123 Member

    @nikio said: but there is no reason to deliberately take steps to be less secure

    Oh, absolutely, I did not mean that. There are various ways you can use patchmon securely. Ansible never worked for me reliably, I tried it with semaphore (I love nice UI) but one day it works, another day it freezes with some servers, so I have to constantly manage and change settings, which is not nice. Perhaps, pure ansible will work better, which is also a good option, if you are paranoid about security.

  • eva2000eva2000 Veteran

    @WyvernCo said:
    With all these security patches coming out, it would be nice to have one self hosted dashboard I could go to see all my VMs in one place and if they're running any vulnerable packages / kernels. (Bonus points if it can alert for other important things like nearly full disk, etc.)

    Do you have any programs like this? Open source / free / self-hosted only, please

    Probably need to create your own. It's basically what I am doing for my Centmin Mod LEMP stack users with my cmsec security framework for detection and alert notifications for CVEs - right now specifically focused on Linux Kernel CVEs. Centmin Mod users will get notifications on initial SSH login and there is optional mobile push notification support.

    * cmsec: running 5 kernel CVE check(s), please wait...
 * CVE-2026-31431 (almalinux kernel): PATCHED
 * CVE-2026-43284 (almalinux kernel): PATCHED
 * CVE-2026-43500 (almalinux kernel): NOT AFFECTED
 * CVE-2026-46300 (almalinux kernel): VULNERABLE — run "cmsec check cve-2026-46300" for details
 * CVE-2026-46333 (almalinux kernel): VULNERABLE — run "cmsec check cve-2026-46333" for details

    * cmsec: running 5 kernel CVE check(s), please wait...
 * CVE-2026-31431 (almalinux kernel): PATCHED
 * CVE-2026-43284 (almalinux kernel): PATCHED
 * CVE-2026-43500 (almalinux kernel): NOT AFFECTED
 * CVE-2026-46300 (almalinux kernel): PATCHED
 * CVE-2026-46333 (almalinux kernel): PATCHED

    Dashboards are nice to have, but you don't want it to be another vector for security issues too.

    Thanked by 3Frameworks buggedout WyvernCo
Sign In or Register to comment.