

Show HN: pyDash – Small web-based dashboard for Linux in Python and Django - k3oni

I started writing this mostly for the Pi but ended up building it to support multiple Linux OSs.<p>It&#x27;s intended to be just that, a small dashboard providing real-time details on the usage.
Still a work in progress and was done for fun, there&#x27;s a demo as well :).<p>MIT license.<p>https:&#x2F;&#x2F;pydash.net or http:&#x2F;&#x2F;k3oni.github.io&#x2F;pydash
======
anglebracket
Hmm, all these eval() calls using data from cookies[0]... is this vulnerable
to remote code execution? I think those eval() calls should be json.loads().

[0]
[https://github.com/k3oni/pydash/blob/1317771275aa118a40df1ec...](https://github.com/k3oni/pydash/blob/1317771275aa118a40df1ec912f86cd6a4f351a4/usage/views.py#L291)

~~~
k3oni
Those evals() are valid only if user is authenticated, if there is no
authentication then no eval() will be performed on the cookies.

~~~
anglebracket
True, but just because you trust someone to access the dashboard doesn't mean
you trust them to execute code on your server. There are other things to
consider as well, like MITM attacks, and that an XSS hole would let the
attacker set their own cookies.

The data in the cookies is just JSON, right? If json.loads() would work here
you should switch to that instead.

~~~
k3oni
Good point there, i'll look into limiting the eval().

I would hope that people won't give access to everyone to the dashboard,
wasn't really build for that, or at least that wasn't my initial idea.

------
spindritf
Clickable [http://k3oni.github.io/pydash/](http://k3oni.github.io/pydash/)

~~~
k3oni
Thanks for the clickable link :)

------
scott_w
Looks really cool. Are there any plans for exposing any of this information
via a JSON API?

Would be really nice to integrate some of the key numbers from this into other
dashboards e.g. Dashing.

~~~
k3oni
Actually it is exposing the data using JSON, and you can grab it by creating a
session into Django and accessing the links for the different requests.

Take a look at urls.py, you can grab any of the data from /info/ by making a
call to the specific requests.

~~~
scott_w
Very nice. I might have a bit of a play with this when I have some spare time
:)

------
peterbe
Cute! I like it. I installed it on my server and it's ticking away quite
nicely.

I'd love for the Processes table to have click-sortable column headers.

------
charleyramm
It is rather a 'web-based monitoring dashboard' than a 'web monitoring
dashboard'.

~~~
k3oni
Good catch, updated :)

------
STRiDEX
Looks like a really good jumping off point for quick customizable python
management w/ interface.

------
joshbaptiste
Hmm.. for some reason when I think "small" Django just doesn't come to mind.

~~~
k3oni
It could be moved to straight html and css, but i wanted to play with Django,
and yes it could be smaller :).

------
piit_perk
nice, but not small :P

this one is really small ->
[https://github.com/abimaelmartell/system_monitor](https://github.com/abimaelmartell/system_monitor)

------
lazyant
Looks very nice. I'm only missing disk I/O as fundamental metric

~~~
k3oni
That shouldn't be to hard to add, could be grabbed from /proc/diskstats or
/sys/block, i'll look into adding it tonight maybe.

