{"id":13821394,"url":"https://github.com/furlongm/patchman","last_synced_at":"2026-03-05T07:05:09.222Z","repository":{"id":6681799,"uuid":"7926818","full_name":"furlongm/patchman","owner":"furlongm","description":"Patchman is a Linux Patch Status Monitoring System","archived":false,"fork":false,"pushed_at":"2025-03-22T21:14:54.000Z","size":3512,"stargazers_count":377,"open_issues_count":40,"forks_count":86,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-04-06T17:04:02.961Z","etag":null,"topics":["centos","debian","django","django-application","errata","kernel","linux","mirror","monitoring","package","package-management","package-manager-tool","patch","patch-management","patchman","patchman-client","patchman-server","repository"],"latest_commit_sha":null,"homepage":"http://patchman.openbytes.ie","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/furlongm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"furlongm","patreon":"furlongm"}},"created_at":"2013-01-31T00:07:03.000Z","updated_at":"2025-03-22T21:14:57.000Z","dependencies_parsed_at":"2023-10-25T03:25:49.598Z","dependency_job_id":"7578178e-b85f-42b6-b894-7a9be02fa6c9","html_url":"https://github.com/furlongm/patchman","commit_stats":{"total_commits":1242,"total_committers":20,"mean_commits":62.1,"dds":"0.29871175523349436","last_synced_commit":"fdc4c5ad0c251bc4886022e4694a85721781f80a"},"previous_names":[],"tags_count":87,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/furlongm%2Fpatchman","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/furlongm%2Fpatchman/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/furlongm%2Fpatchman/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/furlongm%2Fpatchman/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/furlongm","download_url":"https://codeload.github.com/furlongm/patchman/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248767097,"owners_count":21158382,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["centos","debian","django","django-application","errata","kernel","linux","mirror","monitoring","package","package-management","package-manager-tool","patch","patch-management","patchman","patchman-client","patchman-server","repository"],"created_at":"2024-08-04T08:01:21.185Z","updated_at":"2026-02-03T05:12:03.806Z","avatar_url":"https://github.com/furlongm.png","language":"Python","readme":"# Patchman\n\n\n## Summary\n\nPatchman is a Django-based patch status monitoring tool for linux systems.\nPatchman provides a web interface for monitoring the package updates available\nfor linux hosts.\n\n[![](https://raw.githubusercontent.com/furlongm/patchman/gh-pages/screenshots/dashboard.png)](https://github.com/furlongm/patchman/tree/gh-pages/screenshots)\n\n\n## How does Patchman work?\n\nPatchman clients send a list of installed packages and enabled repositories to\nthe Patchman server. The Patchman server updates its package list for each\nrepository and determines which hosts require updates, and whether those updates\nare normal or security updates. The web interface also gives information on\npotential issues, such as installed packages that are not from any repository.\n\nHosts, packages, repositories and operating systems can all be filtered. For\nexample, it is possible to find out which hosts have a certain version of a\npackage installed, and which repository it comes from.\n\nPatchman does not install update packages on hosts, it determines and displays\nwhat updates are available for each host.\n\n`yum`, `apt` and `zypper` plugins can send reports to the Patchman server every\ntime packages are installed or removed on a host.\n\n\n## Installation\n\nSee [the installation guide](https://github.com/furlongm/patchman/blob/main/INSTALL.md)\nfor installation options.\n\n\n## Usage\n\nThe web interface contains a dashboard with items that need attention, and\nvarious pages to manipulate and view hosts, repositories and mirrors, packages,\noperating system releases and variants, reports, errata and CVEs.\n\nTo populate the database, simply run the client on some hosts:\n\n```shell\n$ patchman-client -s http://patchman.example.com\n```\n\nThis should provide some initial data to work with.\n\nOn the server, the `patchman` command line utility can be used to run certain\nmaintenance tasks, e.g. processing the reports sent from hosts, downloading\nrepository update information from the web. Run `patchman -h` for a rundown of\nthe usage:\n\n```shell\n$ sbin/patchman -h\nusage: patchman [-h] [-f] [-q] [-r] [-R REPO] [-lr] [-lh] [-dh] [-u] [-A] [-shro | -uhro] [-sdns | -udns] [-H HOST] [-p] [-c] [-d] [-rd] [-n] [-a] [-D hostA hostB] [-e] [-E ERRATUM_TYPE] [-v] [--cve CVE] [--fetch-nist-data]\n\nPatchman CLI tool\n\noptions:\n  -h, --help            show this help message and exit\n  -f, --force           Ignore stored checksums and force-refresh all Mirrors\n  -q, --quiet           Quiet mode (e.g. for cronjobs)\n  -r, --refresh-repos   Refresh Repositories\n  -R REPO, --repo REPO  Only perform action on a specific Repository (repo_id)\n  -lr, --list-repos     List all Repositories\n  -lh, --list-hosts     List all Hosts\n  -dh, --delete-hosts   Delete hosts, requires -H, matches substring patterns\n  -u, --host-updates    Find Host updates\n  -A, --host-updates-alt\n                        Find Host updates (alternative algorithm that may be faster when there are many homogeneous hosts)\n  -shro, --set-host-repos-only\n                        Set host_repos_only, requires -H, matches substring patterns\n  -uhro, --unset-host-repos-only\n                        Unset host_repos_only, requires -H, matches substring patterns\n  -sdns, --set-check-dns\n                        Set check_dns, requires -H, matches substring patterns\n  -udns, --unset-check-dns\n                        Unset check_dns, requires -H, matches substring patterns\n  -H HOST, --host HOST  Only perform action on a specific Host (fqdn)\n  -p, --process-reports\n                        Process pending Reports\n  -c, --clean-reports   Remove all but the last three Reports\n  -d, --dbcheck         Perform some sanity checks and clean unused db entries\n  -rd, --remove-duplicates\n                        Remove duplicates during dbcheck - this may take some time\n  -n, --dns-checks      Perform reverse DNS checks if enabled for that Host\n  -a, --all             Convenience flag for -r -A -p -c -d -n -e\n  -D hostA hostB, --diff hostA hostB\n                        Show differences between two Hosts in diff-like output\n  -e, --update-errata   Update Errata\n  -E ERRATUM_TYPE, --erratum-type ERRATUM_TYPE\n                        Only update the specified Erratum type (e.g. `yum`, `ubuntu`, `arch`)\n  -v, --update-cves     Update CVEs from https://cve.org\n  --cve CVE             Only update the specified CVE (e.g. CVE-2024-1234)\n  --fetch-nist-data, -nd\n                        Fetch NIST CVE data in addition to MITRE data (rate-limited to 1 API call every 6 seconds)\n```\n\n### Client dependencies\n\nThe client dependencies are kept to a minimum. `rpm` and `dpkg` are\nrequired to report packages, `yum`, `dnf`, `zypper` and/or `apt` are required\nto report repositories. These packages are normally installed by default on\nmost systems. `which`, `mktemp`, `flock` and `curl` are also required.\n\nFor Protocol 2 (JSON-based reports), `jq` is required. If `jq` is not available,\nthe client will automatically fall back to Protocol 1 (text-based reports).\n\ndeb-based OS's do not always change the kernel version when a kernel update is\ninstalled, so the `update-notifier-common` package can optionally be installed\nto enable this functionality. rpm-based OS's can tell if a reboot is required\nto install a new kernel by looking at `uname -r` and comparing it to the\nhighest installed kernel version, so no extra packages are required on those\nOS's.\n\n\n## Concepts\n\nThe default settings will be fine for most people but depending on your setup,\nthere may be some initial work required to logically organise the data sent in\nthe host reports. The following explanations may help in this case.\n\nThere are a number of basic objects: Hosts, Repositories and Mirrors, Packages,\nOperating Systems Releases and Variants, Reports and Errata.\n\n### Host\nA Host is a single host, e.g. test-host-01.example.com.\n\n### Operating System Releases and Variants\nA Host runs an Operating System Release, e.g. Rocky 10, Debian 13,\nUbuntu 24.04. The particular version running is called a Operating System\nVariant. e.g. Debian 13.1, Ubuntu 24.04.4 and Variants are linked to a\nRelease. For some OS's like Arch Linux, there are no Variants.\n\n### Package\nA Package is a package that is either installed on a Host, or is available to\ndownload from a Repository mirror, e.g. `strace-4.8-11.el10.x86_64`,\n`grub2-tools-2.02-0.34.el10.rocky.x86_64`, etc.\n\n### Mirror\nA Mirror is a collection of Packages available on the web, e.g. a `yum` or\n`apt` repo.\n\n### Repository\nA Repository is a collection of Mirrors. Typically all the Mirrors will contain\nthe same Packages. For Red Hat-based Hosts, Repositories automatically link\ntheir Mirrors together. For Debian-based hosts, you may need to link all\nMirrors that form a Repository using the web interface. This may reduce the\ntime required to find updates. Repositories can be marked as being security or\nnon-security. This makes most sense with Debian and Ubuntu repositories where\nsecurity updates are delivered via security repositories. For rpm security\nupdates, see the Erratum section below.\n\nRepositories can be associated with an OS Release, or with the Host itself. If\nthe `use_host_repos` variable is set to True for a Host, then updates are found\nby looking only at the Repositories that belong to that Host. This is the\ndefault behaviour.\n\nIf `use_host_repos` is set to False, the update-finding process looks at the\nOS Release that the Hosts Operating System Variant is associated with, and\nuses that Releases Repositories to determine the applicable updates. This is\nuseful in environments where many hosts are homogeneous.\n\n### Report\nHosts create Reports using `patchman-client`. This Report is sent to the\nPatchman server. The Report contains the Hosts running kernel, Operating System,\ninstalled Packages and enabled Repositories. The Patchman server processes the\nReport records the information contained therein.\n\n### Erratum\nErrata for many OS's can downloaded by the patchman server. These Errata are\nparsed and stored in the database. If a PackageUpdate contains a package that\nis a security update in an Erratum, then that update is marked as being a\nsecurity update. CVE and CVSS data is used to complement this information.\n","funding_links":["https://github.com/sponsors/furlongm","https://patreon.com/furlongm"],"categories":["monitoring"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffurlongm%2Fpatchman","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffurlongm%2Fpatchman","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffurlongm%2Fpatchman/lists"}