Skip to content

iu2vwk-ita/swiftserver

BranchesTags

Repository files navigation

ByteSweep (SwiftServer)

A lightweight, real-time Linux server monitoring dashboard with integrated disk cleanup utilities -- perfect for purging heavy AI-generated temporary files and cache. Built with Flask and vanilla JavaScript for zero-dependency deployment on remote or headless machines.

Features

  • Real-time Metrics -- Live CPU, memory, disk, and network charts (Chart.js)
  • System Overview -- Uptime, load average, CPU core count, temperature sensors
  • Top Processes -- Auto-updating table with one-click process kill
  • Network Details -- Per-interface IP and MAC address discovery
  • Disk Visualization -- Partition usage with color-coded progress bars
  • One-Click Cleanup -- Web UI to run maintenance cleaners (APT, logs, Docker, caches)
  • File Manager -- Browse, navigate, and delete files/directories from the dashboard
  • Web Terminal -- Full bash shell embedded in the dashboard (xterm.js + PTY WebSocket)
  • Auto-Cleanup Agent -- Background timer that cleans automatically when disk exceeds 90%
  • Security Panel -- Forensic scan (hidden dirs, backdoors, rootkits, C2 agents, suspicious cron/systemd, reverse shells), mining detection, open ports monitoring, virus scanning with ClamAV (auto-install from panel)
  • Panel Authentication -- Optional password protection, configurable from the web panel (no SSH needed)
  • Access Logging -- HTTP request logging with timestamps and IPs
  • Multi-Distro Packages -- Pre-built .deb, .rpm, AppImage + PKGBUILD and snapcraft.yaml
  • Responsive Dark UI -- Works on desktop, tablet, and mobile

Screenshots

Screenshot 2026-05-19 014518 Screenshot 2026-05-19 095842

Security Dashboard — Forensic scan, mining detection, ports, firewall, integrity monitor (v2.1+)

Security Features (v2.0+)

ByteSweep includes a full security suite to detect and respond to threats on your server — all from the web dashboard, no SSH required.

Forensic Scan

A comprehensive deep scan that checks for indicators of compromise across 10 categories:

Check What it detects
Hidden Directories Suspicious dot-directories in /bin, /etc, /tmp, /var/tmp — common malware hiding spots
Suspicious Binaries Large ELF/UPX-packed files in system directories (>10 MB) — typical cryptominer signature
SSH Backdoors Non-standard SSH ports, PermitRootLogin yes, suspicious authorized_keys entries
LD_PRELOAD Rootkits /etc/ld.so.preload hijacking, environment variable injection across all processes
Hidden Kernel Modules Modules visible in /proc/modules but hidden from lsmod
Suspicious Cron Jobs Cron entries using /tmp/, /dev/shm/, mining pool domains, download-and-pipe patterns
Suspicious Systemd Services Services with unusual names or ExecStart paths in temporary directories
C2 Agents Known command-and-control agents (Nezha, Cobalt Strike, Sliver) + connections on C2 ports
Reverse Shells Active processes matching reverse shell patterns (/dev/tcp, nc -e, bash -i >&)
Mining Pool Connections Established connections to known Monero/Stratum pools and miner ports (3333, 4444, 5555)

Mining Detection

Scans all running processes against a database of known mining software (xmrig, cpuminer, qgisring, softwaretech, t-rex, phoenixminer, lolminer, ethminer, and 12+ others). Also flags processes above a configurable CPU threshold.

Auto-Kill Miners

Toggle to automatically terminate any process identified as a known crypto miner — zero manual intervention.

Open Ports Monitor

Shows all listening ports, established connections, and recent outbound connections. Suspicious non-standard high ports are flagged separately.

Virus Scanning (ClamAV)

One-click integration with ClamAV. If not installed, the dashboard offers to download and install it automatically (~200 MB).

Scheduled Scanning

Configure automatic forensic scans at any interval (e.g., every hour). When threats are found, alerts are sent via Telegram bot or generic webhook.

Firewall (iptables)

Block and unblock IP addresses and ports directly from the dashboard. View current iptables INPUT/OUTPUT rules in real-time.

Integrity Monitor

Create a SHA256 baseline of critical system files (/etc/passwd, /etc/shadow, /etc/ssh/sshd_config, /bin/ls, etc.) and check for unauthorized modifications on demand.

Log Viewer

Browse system logs (access.log, auth.log, syslog, cleanup.log) with full-text search — no need to SSH and run tail/grep.

Panel Authentication

Optional password protection for the entire dashboard, with PBKDF2-HMAC-SHA256 hashing, per-server salt, and rate limiting (5 attempts/minute per IP). Enable, disable, or change the password from the Settings panel — no config file editing needed.

Process Management

Kill any process with one click from the Top Processes table. Kill endpoint is authenticated and prevents killing PID 1 (systemd) or the server itself.

Screenshot 2026-06-12 025554

Security Architecture

  • Password storage: PBKDF2-HMAC-SHA256 (100,000 iterations) with 128-bit per-server random salt — never plaintext
  • Session tokens: 256-bit cryptographic random (secrets.token_hex(32)), 4-hour expiry, max 100 concurrent sessions
  • Constant-time comparison: hmac.compare_digest for all password checks
  • Rate limiting: 5 login attempts per 60-second window per IP address
  • Settings file: Stored with chmod 600, old plaintext keys automatically purged on migration
  • Path traversal protection: os.path.realpath resolves symlinks before validation
  • XSS prevention: All user-supplied strings HTML-escaped in the frontend (escHtml)
  • WebSocket auth: Terminal requires session token as query parameter when password is enabled

Installation

Build packages from source (v2.0+):

Format Build Command
Debian/Ubuntu ./build-deb.sh
Fedora/RHEL ./build-rpm.sh
Arch Linux makepkg -si (uses PKGBUILD)
AppImage ./build-appimage.sh
Snap snapcraft (uses snap/snapcraft.yaml)

Universal install script (any Linux)

curl -sSL https://raw.githubusercontent.com/iu2vwk-ita/swiftserver/main/install.sh | sudo bash

Universal script (any Linux)

curl -sSL https://raw.githubusercontent.com/iu2vwk-ita/swiftserver/main/install.sh | sudo bash

After installation, the dashboard is available at http://your-server-ip:5000

Service Management

# Check service status
sudo systemctl status bytesweep

# Restart the service
sudo systemctl restart bytesweep

# Stop the service
sudo systemctl stop bytesweep

# View live logs
sudo journalctl -u bytesweep -f

# Check auto-cleanup timer
sudo systemctl status bytesweep-cleanup.timer

Uninstall

Debian/Ubuntu

sudo apt remove bytesweep      # Remove (keeps config)
sudo apt purge bytesweep        # Remove everything

Fedora/RHEL

sudo rpm -e bytesweep

Arch Linux

sudo pacman -R bytesweep        # Remove
sudo pacman -Rns bytesweep      # Remove with dependencies

AppImage

# Just delete the file and stop the process
pkill -f server_monitor.py
rm ByteSweep-*.AppImage

Quick Start (Development)

git clone https://github.com/iu2vwk-ita/swiftserver.git
cd swiftserver
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python server_monitor.py

Configuration

Edit /opt/server-monitor/config.py (or config.py for development):

SERVER_PORT = 5000          # Dashboard port
SERVER_HOST = "0.0.0.0"     # Bind address
UPDATE_INTERVAL = 2         # Seconds between metric refreshes
ENABLE_TEMPS = True         # Enable temperature sensor reading
LOG_LEVEL = "INFO"          # Logging verbosity

API Reference

Endpoint Method Description
/ GET Dashboard UI (HTML)
/api/system GET Hostname, platform, uptime, CPU count, memory total
/api/metrics GET Full real-time metrics snapshot (CPU, RAM, disk, net, temps, processes)
/api/cpu GET CPU usage, per-core breakdown, load average
/api/ram GET Memory usage statistics
/api/disk GET Disk partition usage
/api/network GET Network I/O counters
/api/cleanup/status GET List available cleaners and descriptions
/api/cleanup/run POST Run selected cleaners ({"items": ["apt","journal"]})
/api/files/list GET List directory contents (?path=/opt)
/api/files/delete POST Delete file or directory ({"path": "/opt/old-folder"})
/api/auth/status GET Authentication status (enabled/authenticated)
/api/auth/login POST Login with password ({"password": "..."})
/api/auth/logout POST Logout and invalidate session
/api/settings GET Get current panel settings
/api/settings POST Update settings ({"action":"set_password","password":"..."} / {"action":"disable_password"})
/api/process/kill POST Kill a process by PID ({"pid": 1234})
/api/security/ports GET Open ports, established connections, suspicious ports
/api/security/mine-detect GET Scan processes for crypto mining activity
/api/security/forensic-scan GET Full forensic scan (hidden dirs, backdoors, rootkits, C2, cron, systemd)
/api/security/clamav-status GET Check if ClamAV is installed
/api/security/install-clamav POST Install ClamAV automatically (apt install clamav)
/api/security/virus-scan POST Run ClamAV virus scan on configured paths

Cleaners

The cleanup module supports 10 maintenance operations:

ID Target Description
apt APT Cache Remove downloaded packages and run autoremove
journal Systemd Logs Limit journal retention to 200 MB
syslogs Old Syslogs Delete rotated log archives
snap Snap Packages Remove old revisions and cache
docker Docker Images Prune unused images, containers, and networks
pip Pip Cache Purge Python package download cache
npm npm Cache Clear Node.js package cache
browsers Browser Caches Remove Playwright / Puppeteer / Electron downloads
tmp Temp Files Delete /tmp files older than 1 day
uv UV Cache Clear UV Python package manager cache

Auto-Cleanup Agent

The auto-cleanup agent runs every hour via systemd timer. It checks disk usage and automatically triggers all cleaners if any partition exceeds 90% full.

# Check agent status
sudo systemctl status bytesweep-cleanup.timer

# Run manually
sudo /opt/server-monitor/venv/bin/python /opt/server-monitor/auto_cleanup.py

# View agent logs
tail -f /opt/server-monitor/logs/cleanup.log

Project Structure

swiftserver/
├── server_monitor.py    # Flask application + API endpoints + auth + access logging
├── security.py          # Security engine (forensics, mining, ports, virus scan, process kill)
├── cleanup.py           # Cleanup engine (10 maintenance operations)
├── auto_cleanup.py      # Background agent for automated cleanup
├── config.py            # Server, logging, auth, and security configuration
├── requirements.txt     # Python dependencies (Flask, psutil, netifaces, flask-sock)
├── install.sh           # Universal install script (all distros)
│
├── build-deb.sh         # Debian/Ubuntu package builder
├── debian/              # Debian package control files
│   └── DEBIAN/
│       ├── control
│       ├── postinst
│       ├── postrm
│       └── conffiles
│
├── build-rpm.sh         # Fedora/RHEL package builder
├── rpm/                 # RPM build files
│   └── bytesweep.spec
│
├── PKGBUILD             # Arch Linux package build
├── bytesweep.install    # Arch post-install hooks
├── build-arch.sh        # Arch package helper
│
├── build-appimage.sh    # AppImage builder
├── snap/                # Snapcraft configuration
│   └── snapcraft.yaml
│
└── static/
    └── index.html       # Dashboard frontend (vanilla JS + Chart.js + xterm.js)

Requirements

  • Python 3.8+
  • Linux with systemd (recommended for production)
  • Root access required for cleanup operations

Dependencies:

  • Flask 3.0.0
  • psutil 5.9.8
  • netifaces 0.11.0

License

MIT

About

SwiftServer - Real-time Linux server monitoring dashboard with integrated cleanup utilities

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages