Welcome to PatchMon
Introduction
Welcome to PatchMons Documentation
PatchMon is an open open-source softwareLinux patch management system that helpsgives system administrators monitorcentralised visibility over patches and managepackages across their infrastructure.
It works with standard Linux patches, mainly working around package managers such- asapt, apt, yum, and dnf.
The- featureand listrequires isno growinginbound ports on ayour weeklymonitored basishosts.
Contributing docsto documentation
Documentation is an area where we need help :)
- You can signup with your email or use SSO using your github account
- After which we will enable your account to be
updatedaaccordingly.contributor so you can edit - Please send us a message on Discord or email for your role to change to a contributor
How PatchMon Works
PatchMonHowuses doesa itlightweight work
agent It'smodel prettywith simple;three simple steps:
YouDeploy the Server - Self-host PatchMon using Docker or the native installer, or use our managed Cloud version.- Install the Agent - Add a host in the dashboard and run the one-liner install
PatchMon Server (or setup with our Cloud hosted version on our websitehere) You add a Linux host on the platform and copy the script installercommandfor the "agent" (uses curl )TheAgentthat liveson your Linuxsystemserver.- Monitor - The agent sends
periodically via cronsystem andpatchpackageinformationdata outbound toPatchMon.PatchMon
Therea isschedule. noNo inbound ports need for any ports to be opened upon your servers.
Network requirements: Agents only need outbound access on
theportlinux server, however outbound you would need 80/443to(HTTPS).be opened up. Normally outbound connections are allowed however ifIf your systems areair-gapped orbehind firewalls that inspectSSL /SSL/DNS trafficthenorpleaseareamendair-gapped, adjust your rulesto suit.accordingly.
Whilst
Key beFeatures
| Area | Details |
|---|---|
| Dashboard | Customisable |
| Host Management | Host inventory, grouping, and OS detail tracking |
| Package Tracking | Package and Repo inventory, outdated package counts, and repository tracking per host |
| Agent System | Lightweight GO agents with outbound-only communication connected via Web Sockets |
| Users & Auth | Multi-user accounts with roles, permissions, and RBAC |
| OIDC SSO | Single Sign-On via external identity providers |
| API & Integrations | REST API for managing hosts and data, templates for getHomepage and others available |
| Proxmox Integration | Auto-enrollment for LXC containers from Proxmox hosts |
| BETA - Security Compliance | OpenSCAP CIS Benchmarks and Docker Bench for Security with scheduled and on-demand scans |
| Docker Inventory | Container discovery and tracking across your hosts |
| SSH Terminal | In-browser SSH terminal with AI assistance |
| Extensive Configuration | Configurable parameters using .env variables |
Quick Links
Architecture
End Users (Browser) ──HTTPS──▶ nginx (frontend + API proxy)
│
▼
Backend (Node.js / Express / Prisma)
│
▼
PostgreSQL
▲
Agents on your servers ──HTTPS──▶ Backend API (/api/v1)
(outbound only)
- Backend: Node.js, Express, Prisma ORM
- Frontend: Vite + React
- Database: PostgreSQL
- Reverse Proxy: nginx
- Service Management: systemd
Support
- Discord: patchmon.net/discord
- Email: support@patchmon.net
- GitHub Issues: Report a
modernbug
License
"Can it patch my systems?"
The featurePatchMon is beinglicensed built.under AGPLv3.
It's pretty straight forward for us to build a mechanism that will update the systems but it requires a lot of thought in terms of security and workflows.
The last thing I want is for someone to press update and it break a webserver, so there will be policies, rollback options and we want to utilise Ansible for this.
I anticipate that we will get a beta version of patch Management out mid November 2025.
Quick links:
Installation
Key:
Will be linked