Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fossable/sandpolis

Ultimate virtual estate monitoring and management!
https://github.com/fossable/sandpolis

administration automation cloud-native cross-platform devops free-software monitoring remote rmm

Last synced: 6 days ago
JSON representation

Ultimate virtual estate monitoring and management!

Host: GitHub
URL: https://github.com/fossable/sandpolis
Owner: fossable
License: agpl-3.0
Created: 2017-08-11T20:55:30.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2025-01-13T04:41:44.000Z (13 days ago)
Last Synced: 2025-01-13T05:27:12.432Z (13 days ago)
Topics: administration, automation, cloud-native, cross-platform, devops, free-software, monitoring, remote, rmm
Language: Java
Homepage:
Size: 15.5 MB
Stars: 52
Watchers: 5
Forks: 8
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

![License](https://img.shields.io/github/license/fossable/sandpolis)
![GitHub repo size](https://img.shields.io/github/repo-size/fossable/sandpolis)
![Stars](https://img.shields.io/github/stars/fossable/sandpolis?style=social)

`sandpolis` is a **virtual estate monitoring/management tool** under active
development.

## Security Warning

Sandpolis is an extremely high-value attack target as it provides management
access to your virtual estate. To compensate, strong security measures are
available:

- All connections to a server use mTLS and require a valid client certificate.
The server automatically rotates these certificates periodically, but the
initial certificate must be installed out-of-band.

- Users can be required to login with two-factor authentication codes.

- User permissions can restrict what users are able to do and on what instances.

- Agents can optionally run in _read only_ mode which still provides useful
information, but prohibits all write operations. This can significantly
mitigate potential damage in the event of server compromise.

Even with several layers of strong authentication, there's always risk that the
Sandpolis server can be compromised. If the risks of "single point of
compromise" outweigh the convenience of having a unified management interface,
then **don't use Sandpolis**.

## Layers

Features are organized into _layers_ that can be toggled on/off in the UI.

### Account

### Alert

Triggers user notifications when certain events are detected in the Sandpolis
network. For example, if a user's status is currently _AWAY_, an unexpected SSH
login from that user (anywhere in the network) will fire an urgent alert.

### Desktop

Provides access to remote desktop capabilities.

### Filesystem

Provides read/write access to agent filesystems. The Sandpolis client can also
mount a remote filesystem.

### Logging

### Package

Integrates with the package manager on agents to manages package versions.

### Probe

Probes are managable from the Sandpolis network, but don't run agent software.
Instead, a remote Sandpolis agent instance connects to probes over a standard
protocol like SSH, SNMP, Docker, etc.

### Shell

Provides an interactive remote shell.

### Tunnel

### User