Skip to main content

Welcome to PatchMon

PatchMon is an open-source Linux patch management system that gives system administrators centralised visibility over patches and packages across their infrastructure.

It works with standard Linux package managers - apt, yum, and dnf - and requires no inbound ports on your monitored hosts.


Contributing to documentation

Documentation is an area where we need help :)

  • You can signup with your email or use SSO using your github account
  • After which we will enable your account to be a contributor so you can edit
  • Please send us a message on Discord or email for your role to change to a contributor

How PatchMon Works

PatchMon uses a lightweight agent model with three simple steps:

  1. Deploy the Server - Self-host PatchMon using Docker or the native installer, or use our managed Cloud version.
  2. Install the Agent - Add a host in the dashboard and run the one-liner install command on your Linux server.
  3. Monitor - The agent sends system and package data outbound to PatchMon on a schedule. No inbound ports need to be opened on your servers.

Network requirements: Agents only need outbound access on port 443 (HTTPS). If your systems are behind firewalls that inspect SSL/DNS traffic or are air-gapped, adjust your rules accordingly.


Key Features

Area Details
Dashboard Customisable per-user card layout with fleet-wide overview
Host Management Host inventory, grouping, and OS detail tracking
Package Tracking Package and Repo inventory, outdated package counts, and repository tracking per host
Agent System Lightweight GO agents with outbound-only communication connected via Web Sockets
Users & Auth Multi-user accounts with roles, permissions, and RBAC
OIDC SSO Single Sign-On via external identity providers
API & Integrations REST API for managing hosts and data, templates for getHomepage and others available
Proxmox Integration Auto-enrollment for LXC containers from Proxmox hosts
BETA - Security Compliance OpenSCAP CIS Benchmarks and Docker Bench for Security with scheduled and on-demand scans
Docker Inventory Container discovery and tracking across your hosts
SSH Terminal In-browser SSH terminal with AI assistance
Extensive Configuration Configurable parameters using .env variables


Architecture

End Users (Browser)  ──HTTPS──▶  nginx (frontend + API proxy)
                                        │
                                        ▼
                                Backend (Node.js / Express / Prisma)
                                        │
                                        ▼
                                   PostgreSQL
                                        ▲
Agents on your servers  ──HTTPS──▶  Backend API (/api/v1)
     (outbound only)
  • Backend: Node.js, Express, Prisma ORM
  • Frontend: Vite + React
  • Database: PostgreSQL
  • Reverse Proxy: nginx
  • Service Management: systemd

Support


License

PatchMon is licensed under AGPLv3.