Hacker News new | comments | ask | show | jobs | submit login
Show HN: pyDash – Small web-based dashboard for Linux in Python and Django
39 points by k3oni on Feb 12, 2014 | hide | past | web | favorite | 19 comments
I started writing this mostly for the Pi but ended up building it to support multiple Linux OSs.

It's intended to be just that, a small dashboard providing real-time details on the usage. Still a work in progress and was done for fun, there's a demo as well :).

MIT license.

https://pydash.net or http://k3oni.github.io/pydash

Hmm, all these eval() calls using data from cookies[0]... is this vulnerable to remote code execution? I think those eval() calls should be json.loads().

[0] https://github.com/k3oni/pydash/blob/1317771275aa118a40df1ec...

Those evals() are valid only if user is authenticated, if there is no authentication then no eval() will be performed on the cookies.

True, but just because you trust someone to access the dashboard doesn't mean you trust them to execute code on your server. There are other things to consider as well, like MITM attacks, and that an XSS hole would let the attacker set their own cookies.

The data in the cookies is just JSON, right? If json.loads() would work here you should switch to that instead.

Good point there, i'll look into limiting the eval().

I would hope that people won't give access to everyone to the dashboard, wasn't really build for that, or at least that wasn't my initial idea.

doesn't this get even worse since the python server is run by root?

Thanks for the clickable link :)

Looks really cool. Are there any plans for exposing any of this information via a JSON API?

Would be really nice to integrate some of the key numbers from this into other dashboards e.g. Dashing.

Actually it is exposing the data using JSON, and you can grab it by creating a session into Django and accessing the links for the different requests.

Take a look at urls.py, you can grab any of the data from /info/ by making a call to the specific requests.

Very nice. I might have a bit of a play with this when I have some spare time :)

Cute! I like it. I installed it on my server and it's ticking away quite nicely.

I'd love for the Processes table to have click-sortable column headers.

It is rather a 'web-based monitoring dashboard' than a 'web monitoring dashboard'.

Good catch, updated :)

Looks like a really good jumping off point for quick customizable python management w/ interface.

Hmm.. for some reason when I think "small" Django just doesn't come to mind.

It could be moved to straight html and css, but i wanted to play with Django, and yes it could be smaller :).

Looks very nice. I'm only missing disk I/O as fundamental metric

That shouldn't be to hard to add, could be grabbed from /proc/diskstats or /sys/block, i'll look into adding it tonight maybe.

nice, but not small :P

this one is really small -> https://github.com/abimaelmartell/system_monitor

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact