Quick, full & custom scans
Run profiled scans over your home directory, all mounted filesystems, or a path you choose—with sequential or parallel execution when multiple scanners are installed.
Security tooling, unified.
One desktop hub for open-source security on Linux.
OpenSentinel
Targets Debian · Ubuntu · Linux Mint
Stack Python 3 · Tk · CustomTkinter
Install .deb · tarball · curl script
Host GitHub · Cloudflare Pages
Built for real workflows
Scan, review, and operate multiple security tools without juggling terminals and log paths.
Live output
Stream tool stdout/stderr into the UI while jobs run, plus phase banners so you always know which engine is active.
Threat queue
ClamAV FOUND lines are parsed into a queue with quarantine, delete, and ignore actions—optional auto-quarantine from Settings.
Dashboard & status
See which tools are installed, definition freshness hints, and a quick read on ClamAV, Fail2Ban, and CrowdSec service activity.
Settings & automation
Desktop notifications for scan completion and new detections, plus configurable automation—without noisy defaults.
Logs & tool registry
Dedicated pages for run history, raw threat log, and a browsable catalog of integrated tools with install status by category.
Optional .deb package
System install with menu entry and icon; managed virtualenv under /var/lib/opensentinel and XDG paths for your data.
Portable tarball
Same experience from a source tree: virtualenv, scripts/install.sh for APT dependencies, and scripts/run.sh to launch.
Tool categories supported
OpenSentinel surfaces whatever is installed on your system—missing tools show as “Missing” so you know what to add with your package manager.
Antivirus / malware — ClamAV and similar scanners
Rootkit & intrusion detection — RKHunter, Chkrootkit
Firewall & network — UFW, nftables, firewalld
Intrusion prevention — Fail2Ban, CrowdSec
Hardening & audit — Lynis, AIDE, auditd
Network analysis — Tcpdump, tshark, Nmap, Nikto
Encryption & privacy — GnuPG, Tor
Sandboxing & isolation — Firejail, Flatpak, Docker
Advanced / optional — PSAD, Tiger, and more when present
Proprietary scanners (Sophos, ESET, etc.) are not bundled; the app documents manual install notes where relevant. OpenSentinel is a dashboard—not a replacement for enterprise EDR.
Download & install
Host this site on GitHub Pages or Cloudflare. Point version.json at your repository and demo URL, then attach release assets with matching filenames.
Repository: GrangeDevGroup/opensentinel — adjust version.json if you fork.
The interactive web demo (full UI mock in the browser) is linked via demo_url in version.json — e.g. opensentineldemo.pages.dev.
One-liner (clone + installer)
curl -fsSL https://raw.githubusercontent.com/GrangeDevGroup/opensentinel/main/release/install-from-github.sh | bash
Requirements & expectations
Designed for desktop Linux with a graphical session—not a headless server daemon.
System
- Python 3.10+ with
tkinter(python3-tk) - Graphical desktop (X11 or Wayland)
- Network for first-time
pipinstall of UI dependencies
Privileges
- Many tools use
sudo -nfor root-only checks - Interactive sudo from the GUI is not assumed
- Full-disk scans can be heavy—plan time and power
FAQ
Quick answers for visitors and packagers.
How do download links work?
Is the web demo the full application?
No. The web demo is an interactive HTML/JavaScript recreation of the interface with simulated scans and logs. The real app is Python + CustomTkinter and runs actual tools on your Linux system.
Does the .deb work on all distributions?
It targets Debian-style packages (Debian, Ubuntu, Mint, Pop!_OS, etc.). Other families should use the tarball or clone +
scripts/run.sh with their own dependency setup.Where is user data stored?
From source: project
logs/ and config under the repo. From the .deb: XDG paths—typically ~/.config/opensentinel and ~/.local/share/opensentinel.Ship security visibility to your users
Fork, theme this landing page, and wire your own GitHub URLs in version.json.