from Hacker News

Linux Dash – Simple web-based server monitoring

by afaqurk on 6/22/14, 8:35 PM with 35 comments

  • by diwo on 6/22/14, 11:09 PM

    It looks like a cool project and the interface pretty well done too. Good job.

    Is there something particular you want to specifically mention that has happened since you last shared the app five months ago? - https://news.ycombinator.com/item?id=7125153

    Anyways, as this is shared here on a developer oriented forum, it would be fitting to speak of the actual implementation too. Taking quick look at the source, it seems to have some security issues ranging from XSS to potential CE. These seem to arise from common bad practices.

    I would advice going through the source code and making sure all values you echo as JSON are properly encoded and that you don't use anything as-is in a shell command.

    Few examples:

    - https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702... - https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702... - https://github.com/afaqurk/linux-dash/blob/7bd5dcb637f815702...

  • by nemothekid on 6/22/14, 11:16 PM

    This has really come a long way since I last used it however I wish it didn't have the php dependency (not so much php, but php+apache/nginx).

    IMO something self contained like a static (go) binary or another language that could host its own servers (node, java, etc) would be much better

  • by ajaxaddicted on 6/23/14, 6:22 AM

    Take a look at Amonone - https://github.com/martinrusev/amonone It is a lightweight monitoring tool written in Python with charts for all system(cpu,disk,network,etc) and process metrics(cpu/memory). Plus it has alerting with email/sms notifications.

  • by SEJeff on 6/22/14, 11:55 PM

    Redhat is pushing their new "cockpit"[1] project very hard for their new "Project Atomic"[2] initiative.

    [1] http://cockpit-project.org/ [2] http://www.projectatomic.io/

  • by marcoms on 6/23/14, 10:59 AM

    Also check out Cockpit [0] for a similar, pre-dating project.

    [0] http://cockpit-project.org

  • by c3ntr1n0 on 6/23/14, 3:26 AM

    I been using this one -> https://github.com/abimaelmartell/system_monitor

    I tried yours, but i was to buggy when i tried it, also insecure. I saw some exec($COOKIE).

    Hope you improved it. I will give a second try!

  • by chatmasta on 6/23/14, 6:43 AM

    Do you have plans to break apart the monitoring and reporting, so that one monitoring node could monitor the statistics of multiple servers? Something like www.scoutapp.com (proprietary) or Cacti (open source). That would be really cool. I'm growing a network of 100's of servers, and not about to pay scoutapp $10 per server... so something equivalently nice looking, but open source, would be awesome.

  • by lugg on 6/23/14, 6:46 AM

    Awesome. Can you make it work on a mobile? I can only assume its the viewport meta tag with user-scalable=no.

    The design isn't exactly setup for mobile so you may as well make it work like a real webpage.

  • by moloch on 6/23/14, 4:41 AM

    Not a great idea to just leave your phpinfo() out there in the open.

  • by lucb1e on 6/22/14, 11:35 PM

    It reports 300KB/s upload and 5.9MB/s download speed for my server, but I'm pretty sure it's symmetrical...

  • by unkoman on 6/23/14, 7:58 AM

    Is it possible to use this to send metrics to Graphite for example?

  • by pagekicker on 6/23/14, 3:49 AM

    what does this offer that command line tools and status line indicators do not?