PatchMon v2 has been released
Posted by broadband9@reddit | linuxadmin | View on Reddit | 26 comments
Some of you may know that last year I built PatchMon, a Linux patch monitoring tool.
Now it’s been expanded with the help of the community to also perform patching with alerts and notifications when things are out of date.
It’s open source, use it if you like 👍
We have around 4000+ live self-hosted installations at the moment and feedback has been good so far.
Github : https://github.com/PatchMon/PatchMon
Can install via docker or through proxmox community-scripts : https://community-scripts.org/scripts/patchmon
egrueda@reddit
Stopped using it because of the insane CPU load from the agents.
How is that fixed?
broadband9@reddit (OP)
We had this bug very early on in 1.3.x versions. We use GO binary agents now, and have tuned the efficiency pretty well since then, which includes much less ram usage and caching of data that doesn’t need to be sent again except for any changed deltas.
rxexgx@reddit
Is there a way to run the agent with an own user (not root)?
Sufficient_Job7779@reddit
You can try https://opsfabric.io . Has many more features.
Dry-Fruit-4112@reddit
Nice job
UninvestedCuriosity@reddit
It has been good. Convinced me that it's time to upgrade all my lxc's to Trixie.
pydood@reddit
Ahhh that basic claude UI/UX lol
TinyCollection@reddit
That’s much nicer than Claude usually comes up with.
pydood@reddit
I mean tomato tomato. We have about 10 of these exact same UIs floating around my company now lol. It’s not necessarily a bad UI, just when every app looks the same and feels the same it kinda sucks the fun out of things.
AlwaysLinux@reddit
hey, this looks pretty neato.... Ill have to install this and check it out.
Looks like you support the major Linux vendors, including Arch 😄. Is there AUR support as well?
ReportMuted3869@reddit
The install script was very broken on V1 hopefully this is fixed now
paulmataruso@reddit
I feel like I am being really stupid, but I cannot for the life of me see anywhere that says "Patch" or "Patch All". I see in the documentation that it won't show up if the module is disabled? I have the patching submenu in the bar so I assume its enabled.
If I select a host, there is no patch button in the header. I have looked everywhere. Same if I goto Host > HOSTNAME > Patching
Does the community edition not have patching for windows? Am I doing something wrong? This is a default install right from the install script
MFKDGAF@reddit
I am currently testing out the patching policies but they never seem to run. Are there logs somewhere that can help me pin point why the patchign policy schedules aren't running?
As you can see here I have created a fixed time patching policy to run at 8:25am CDT. I created this at about 7:50am CDT today.
broadband9@reddit (OP)
Hey - I can't see the image (imgur has some issues with UK which is where I'm from) However, I researched this last night and I have actually drafted a fix for this . It's a bug where Timezone isn't really honoured properly when the patch runs are based on fixed / scheduled time (as opposed to running it immediately or after N minutes)
The issue is on here - https://github.com/PatchMon/PatchMon/issues/699
And later today i'm going to validate the fix and release over the next few days.
Essentially, it will run but not at the timezone requested - but rather according to UTC
MFKDGAF@reddit
Thank you for the quick response.
The picture was of the policy so you could validate I wasn't incorrect but what you are telling me makes sense.
How does the Immediately policy work. Does it run immediately after I add a host to the policy? I'm testing this as well but it doesn't seem to start either.
broadband9@reddit (OP)
Just to let you know i've released the new version which addresses the Time Zone issues 😄
broadband9@reddit (OP)
Basically the policies at the moment are more treated like timing presets as opposed to automation of patch applying.
When patching is initiated via the wizard then one of the steps is to select when the patch is to run - at that point the step will inherit the policy that has been applied to that host like
Patch Immediately
Patch after N Minutes or
Patch at a certain time.
Patch initiations are done from either a package level where you update a package against whichever hosts you desire, or update a host with all of its packages which can be initiated from the hosts detail page.
tkiblin@reddit
Looks pretty good, will give this a test. Is there a comparison of features between paid and self hosted editions anywhere?
broadband9@reddit (OP)
Thank you :)
The self hosted version currently has all the features of the paid cloud version we offer. It’s just that with our hosted version there is value around support, maintenance, backups etc.
Paid is more aimed towards businesses who need training, support, best practices, priority features, priority bug fixes etc etc.
nevereatyellowsnow@reddit
This looks awesome. Will definitely be checking this out!
broadband9@reddit (OP)
Thank you ! And if you need anything at all just let me know :)
agingnerds@reddit
I will further read the github soon, but I am in the middle of a few things. Is this agent based?
broadband9@reddit (OP)
Thank you -
Yes it’s agent based. The agent creates an outbound connection to the central PatchMon server and a bi-directional communication websocket channel is created through SSL.
The agent has multiple arch compatibility and right now its for Linux, FreeBSD and Windows.
agingnerds@reddit
Awesome. I will test this at my homelab and see how it works. thank you!!
EchoNuke@reddit
Interesting, thank you for sharing.
broadband9@reddit (OP)
You’re welcome :)