Echo
297bf1bd83
M11 - Email Notifications + Audit Logging Hardening: - Email notifier (lettre crate) with templates for patch failure, job completion, maintenance reminders - Audit log hash chaining (prev_hash + row_hash) for tamper-evident logging - Periodic + on-demand audit integrity verification - Audit logging for all config changes and certificate operations - Frontend: email settings integration, audit integrity verification action M12 - Deployment Packaging, Backup/DR, Integration Testing: - scripts/backup.sh: Nightly pg_dump, CA backup (GPG), config backup (secrets excluded unless encrypted) - scripts/setup.sh: Enhanced with backup dir, seed migration, backup cron, systemd target install - systemd units: Restart=always, WatchdogSec, ReadWritePaths, security hardening - systemd/patch-manager.target: Service target for coordinated lifecycle - docs/runbooks/restore.md: Full DR runbook with RPO 24h / RTO 4h targets - scripts/integration-test.sh: 9 test suites covering full API lifecycle - scripts/performance-test.sh: NFR validation (dashboard <5s, CIDR /22 <10s, API <2s) - docs/security-review.md: Comprehensive security control verification - docs/compliance-mapping.md: HIPAA (6 sections) + PCI-DSS v4.0 (9 requirements) mapped
Linux Patch Manager
Enterprise-class secure web-based management interface for controlling patching and updates on Linux servers and workstations.
Overview
Linux Patch Manager provides a centralized web interface to manage patching and software updates across a fleet of Linux servers and workstations. It communicates with managed devices through the Linux Patch API, leveraging mTLS-secured RESTful endpoints for all operations.
Key Features
- Centralized Dashboard — Monitor patch status across all managed hosts from a single interface
- Multi-Distribution Support — Manage Debian/Ubuntu, RHEL/CentOS/Fedora, Alpine, and Arch hosts
- Secure by Design — mTLS authentication, role-based access control, audit logging
- Batch Operations — Apply patches and updates across multiple hosts simultaneously
- Scheduling — Plan and schedule patch windows with approval workflows
- Reporting — Compliance reporting and patch status dashboards
Architecture
Linux Patch Manager is a web application that acts as a management plane, communicating with the Linux Patch API agent running on each managed host.
┌─────────────────────┐
│ Linux Patch Manager │ ← Web UI (this project)
│ (Management Plane) │
└──────────┬──────────┘
│ mTLS / REST API
┌──────┼──────┐
▼ ▼ ▼
┌──────┐┌──────┐┌──────┐
│ Host ││ Host ││ Host │ ← Linux Patch API agents
│ A ││ B ││ C │
└──────┘└──────┘└──────┘
Documentation
| Document | Description |
|---|---|
| SPEC.md | Full project specification |
| ARCHITECTURE.md | Architecture and design decisions |
| REQUIREMENTS.md | Functional and non-functional requirements |
Related Projects
- Linux Patch API — The API agent that runs on each managed host
License
Private — All rights reserved.