Anyways, as this is shared here on a developer oriented forum, it would be fitting to speak of the actual implementation too. Taking quick look at the source, it seems to have some security issues ranging from XSS to potential CE. These seem to arise from common bad practices.
I would advice going through the source code and making sure all values you echo as JSON are properly encoded and that you don't use anything as-is in a shell command.
You are absolutely on point. I am currently cleaning up the code base and trying to instill a better directory/file structure. Since the last post, it has added more widgets, changes to existing widgets, and been put up on a new domain. Seeking feedback to help it mature a bit.
I started this fork in part to port it to go and in part to create a set of packages for getting at linux system information(for use in monitoring agents, etc). I haven't visited it in a while but it's always in the back of my mind in case anyone would like to contribute :)
There are actually quite a few github users who have ported the project to Go, Ruby, Python, etc. I believe there already exists a popular java based alternative.
Node would be awesome for a project like this. Especially with Gulp. If someone hasn't already built it, I would love to.
php is ok for this type of work. Unsexy as it is, I think it's better than Java. For running a simple poller, gathering a metric, with the JVM you get one of two (poor) scenarios: either a slow starting short lived poller process, or a long lived memory hungry long lived process. Neither is acceptable for this use case.
Take a look at Amonone - https://github.com/martinrusev/amonone
It is a lightweight monitoring tool written in Python with charts for all system(cpu,disk,network,etc) and process metrics(cpu/memory). Plus it has alerting with email/sms notifications.
I find it rather crazy that "cockpit", an almost brand new project has its entire backend written in C. Not your typical backend language by any means...
Do you have plans to break apart the monitoring and reporting, so that one monitoring node could monitor the statistics of multiple servers? Something like www.scoutapp.com (proprietary) or Cacti (open source). That would be really cool. I'm growing a network of 100's of servers, and not about to pay scoutapp $10 per server... so something equivalently nice looking, but open source, would be awesome.
Absolutely. We recently created a multi-server branch for linux-dash. It just began but the goal is exactly what you stated: single, consolidated Linux-dash page for N servers with the same drop-in installation capability.
[+] [-] diwo|11 years ago|reply
Is there something particular you want to specifically mention that has happened since you last shared the app five months ago? - https://news.ycombinator.com/item?id=7125153
Anyways, as this is shared here on a developer oriented forum, it would be fitting to speak of the actual implementation too. Taking quick look at the source, it seems to have some security issues ranging from XSS to potential CE. These seem to arise from common bad practices.
I would advice going through the source code and making sure all values you echo as JSON are properly encoded and that you don't use anything as-is in a shell command.
Few examples:
- https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702... - https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702... - https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702...
[+] [-] afaqurk|11 years ago|reply
[+] [-] nemothekid|11 years ago|reply
IMO something self contained like a static (go) binary or another language that could host its own servers (node, java, etc) would be much better
[+] [-] Rapzid|11 years ago|reply
I started this fork in part to port it to go and in part to create a set of packages for getting at linux system information(for use in monitoring agents, etc). I haven't visited it in a while but it's always in the back of my mind in case anyone would like to contribute :)
[+] [-] k3oni|11 years ago|reply
[+] [-] afaqurk|11 years ago|reply
Node would be awesome for a project like this. Especially with Gulp. If someone hasn't already built it, I would love to.
[+] [-] sergiosgc|11 years ago|reply
[+] [-] encoderer|11 years ago|reply
[+] [-] josegonzalez|11 years ago|reply
[+] [-] ajaxaddicted|11 years ago|reply
[+] [-] SEJeff|11 years ago|reply
[1] http://cockpit-project.org/ [2] http://www.projectatomic.io/
[+] [-] IanChiles|11 years ago|reply
[+] [-] marcoms|11 years ago|reply
[0] http://cockpit-project.org
[+] [-] c3ntr1n0|11 years ago|reply
I tried yours, but i was to buggy when i tried it, also insecure. I saw some exec($COOKIE).
Hope you improved it. I will give a second try!
[+] [-] chatmasta|11 years ago|reply
[+] [-] afaqurk|11 years ago|reply
[+] [-] lugg|11 years ago|reply
The design isn't exactly setup for mobile so you may as well make it work like a real webpage.
[+] [-] afaqurk|11 years ago|reply
Will address it soon.
[+] [-] moloch|11 years ago|reply
[+] [-] lucb1e|11 years ago|reply
[+] [-] unkoman|11 years ago|reply
[+] [-] pagekicker|11 years ago|reply
[+] [-] jvoorhis|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]