Blackglass

At a glance

Sample health indicators for a fictional Linux fleet — for illustration only. Nothing here connects to your infrastructure.

Demo actions

Sample exports

Integrity evidence (PDF)Evidence (JSON)Sample report (PDF)Report (JSON)

Hosts

Imported / connected

Open findings

New + acknowledged

SSH hardening fails

vs last baseline

Remediation items

tracked actions

Recent findings

highsshd PermitRootLogin=yes (expected: prohibit-password)
medium/etc/ssh/sshd_config: MACs line removed CIS-benchmark MACs
highNew listening TCP 0.0.0.0:9200 (process: java)
mediumUser prometheus added to sudo group vs baseline

Remediation queue

Harden jump host sshd_config and reload sshdin progress
Restrict batch-worker Prometheus exporter to loopback + firewallopen
Rotate legacy-monolith SSH host keysopen

Audit tail (sample)

2026-05-02T14:22:01Z · [email protected] · Fleet scan finished — 412 hosts (illustrative) · 6 new findings
2026-05-02T11:15:22Z · [email protected] · Finding acknowledged — Jump host root login on jump-sbx-01
2026-05-02T09:02:00Z · system · Policy check completed — CIS SSH level 1 — 2 failed checks, 4 warnings

Eight example scenarios, walked through

The exact severity, rationale, and remediation Blackglass surfaces for each scenario — backdoor listeners, sudoers tampering, rogue users, sshd policy changes, cron beacons, planted SUID, and more.

Read walkthrough →