Primus AI Console
Lokaler Scanner + OpenAI als Coworker.
Verlauf · Neu laden
Status
| llama.cpp Prozess | root 456835 0.1 17.9 13239076 11796852 pts/0 Sl+ 13:06 0:08 ./build/bin/llama-server -m /mnt/storage/models/mistral-7b-instruct-v0.2.Q4_K_M.gguf --host 127.0.0.1 --port 8082 |
| Lokale Modelle | mistral-7b-instruct-v0.2.Q4_K_M.gguf |
| API 8082 | HTTP/1.1 200 OK |
| Open WebUI 3000 | HTTP/1.1 200 OK |
| LocalAI 8083 | HTTP/1.1 405 Method Not Allowed |
| code-server 8084 | HTTP/1.1 302 Found |
| OpenAI Key | nicht gesetzt |
| Gemini Key | nicht gesetzt |
| GitHub Token | nicht gesetzt |
| Website-Datei | /var/www/primusnex/index.html |
| Caddy Config | /etc/caddy/Caddyfile |
Massenaktionen
Offen
Review and apply package upgrades (could require reboot)
medium
openai · packages · 2026-03-21T13:24:07.796656+00:00 · auto_allowed=0
System packages may need upgrading. This will install security and bugfix updates; note kernel upgrades or major changes may require a reboot. Run in a maintenance window if uptime is important.
Befehl anzeigen
sudo apt update && sudo apt upgrade -y
Collect quick system health snapshot
low
ai · monitoring · 2026-03-21T13:21:59.319549 · auto_allowed=0
Gather a short snapshot of disk, memory and docker container status for triage and monitoring setup. Useful before implementing automated alerting or backups.
Befehl anzeigen
df -hT / /boot /boot/efi && free -h && docker ps --format '{{.Names}} {{.Image}} {{.Status}}' || true
List listening sockets and processes for exposure review
low
ai · network · 2026-03-21T13:21:59.319535 · auto_allowed=0
Review which services are publicly listening (e.g., ports 22, 25, 80, 443, 9100). Confirm only intended services are exposed and plan to bind internal-only services to localhost if possible.
Befehl anzeigen
ss -tulpen | sed -n '1,200p' || true
Review recent sudo and authentication errors
low
ai · security · 2026-03-21T13:21:59.319521 · auto_allowed=0
There are repeated sudo PAM conversation failures for user 'caddy' and SSH KEX errors in the logs. Inspect sudo/journal entries and SSH logs to determine whether these are misconfigurations or benign connection probes.
Befehl anzeigen
journalctl --no-pager -u sudo -n 200 || journalctl _COMM=sshd --no-pager -n 200 || true
Inspect zramswap failures
low
ai · systemd · 2026-03-21T13:21:59.319506 · auto_allowed=0
zramswap.service is repeatedly failing. If you don't need zram swap, consider disabling it; otherwise inspect the service unit and journal to identify why it fails to start.
Befehl anzeigen
systemctl status zramswap.service --no-pager -l || journalctl -u zramswap.service --no-pager -n 200 || true
Inspect problematic Prometheus node-exporter override drop-in
low
ai · systemd · 2026-03-21T13:21:59.319491 · auto_allowed=0
systemd reported 'Executable name contains special characters' for /etc/systemd/system/prometheus-node-exporter.service.d/override.conf. Inspect the file contents and remove any stray characters or invalid Exec lines before reloading.
Befehl anzeigen
sed -n '1,200p' /etc/systemd/system/prometheus-node-exporter.service.d/override.conf 2>/dev/null || echo 'override.conf not present or not readable'
Disable Avahi daemon if mDNS is not required
medium
ai · hardening · 2026-03-21T12:26:32.364823 · auto_allowed=0
Avahi exposes mDNS/zeroconf on the network which may be undesired on servers. If you do not need local network service discovery, consider disabling it. (Don't run this if you rely on Zeroconf.)
Befehl anzeigen
systemctl disable --now avahi-daemon
Recommend Docker daemon log rotation (inspect and apply carefully)
medium
ai · docker · 2026-03-21T12:26:32.364788 · auto_allowed=0
Docker containers can accumulate large json logs. Consider adding log-opts to /etc/docker/daemon.json (e.g. max-size, max-file) and restarting docker. Test changes carefully since restarting the daemon impacts containers.
Befehl anzeigen
jq -n '{"log-driver":"json-file","log-opts":{"max-size":"10m","max-file":"3"}}' | tee /etc/docker/daemon.json && systemctl restart docker
Inspect and (optionally) restart code-server-root.service
medium
ai · remote-stability · 2026-03-21T12:26:32.364776 · auto_allowed=0
code-server-root.service has failed starts in logs. Inspect the journal to see why and, if appropriate, restart the unit. Restarting may interrupt active sessions.
Befehl anzeigen
journalctl -u code-server-root.service -n200 --no-pager; systemctl restart code-server-root.service
Limit systemd journal disk usage to prevent unbounded growth
medium
ai · logging · 2026-03-21T11:53:43.122963 · auto_allowed=0
Configure systemd-journald to cap SystemMaxUse and RuntimeMaxUse and enable compression. This prevents logs from consuming all disk space on long-running hosts. The change is reversible but restarts journald.
Befehl anzeigen
mkdir -p /etc/systemd/journald.conf.d && printf '%s
' '[Journal]' 'SystemMaxUse=500M' 'RuntimeMaxUse=200M' 'Compress=yes' > /etc/systemd/journald.conf.d/10-limits.conf && systemctl restart systemd-journald
Install and enable Monit for lightweight service checks
medium
ai · monitoring · 2026-03-21T11:31:46.742809 · auto_allowed=1
Monit can watch key processes (Caddy, docker, node services) and restart them or alert when unhealthy. Install and enable it, then add service checks in /etc/monit/monitrc (manual review required before adding checks).
Befehl anzeigen
apt-get update && apt-get install -y monit && systemctl enable --now monit
Ensure Docker containers restart after reboots
medium
ai · remote-stability · 2026-03-21T11:20:54.072178 · auto_allowed=0
Set a restart policy on running containers so essential services come back after host reboots. This sets a conservative 'unless-stopped' policy for all currently running containers.
Befehl anzeigen
sudo docker ps -q | xargs -r -I{} sudo docker update --restart=unless-stopped {}
Disable Avahi (mDNS) if not required
medium
ai · security · 2026-03-21T11:20:54.072170 · auto_allowed=0
Avahi is listening on mDNS (5353). If you don't need local service discovery on this server, disabling it reduces exposure and unwanted network chatter.
Befehl anzeigen
sudo systemctl disable --now avahi-daemon
Add a small swapfile as a safe fallback (optional)
medium
ai · stability · 2026-03-21T11:20:54.072162 · auto_allowed=0
This system currently has no swap. If you prefer a traditional swap fallback for memory-pressure situations, create a modest swapfile (2GB example). Review before applying on systems where swap is intentionally disabled.
Befehl anzeigen
sudo fallocate -l 2G /swapfile && sudo chmod 600 /swapfile && sudo mkswap /swapfile && sudo swapon /swapfile && echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
Mask zramswap.service to stop repeated failure noise (if zram is not needed)
medium
ai · stability · 2026-03-21T11:20:54.072154 · auto_allowed=0
If you do not need zram swap, masking the unit prevents repeated failed start attempts and noisy logs. Only do this if you confirmed zram is not required.
Befehl anzeigen
sudo systemctl mask zramswap.service && sudo systemctl daemon-reload
Disable Avahi (mDNS) if not required
medium
ai · security · 2026-03-21T11:10:06.022828 · auto_allowed=0
avahi-daemon advertises services via mDNS/Bonjour on the LAN. If you don't need local service discovery, disabling it reduces unnecessary network exposure. Validate impact (local discovery) before applying.
Befehl anzeigen
systemctl disable --now avahi-daemon.service
Add a simple local Fail2Ban SSH jail and restart fail2ban
medium
ai · security · 2026-03-21T10:25:26.919626 · auto_allowed=0
Your logs show repeated SSH key/kex errors and connection resets. Enabling a conservative Fail2Ban jail for sshd will help auto-block repeated failing connections. Review the file before applying in production.
Befehl anzeigen
bash -c 'cat > /etc/fail2ban/jail.d/ssh-local.conf <<"EOF"
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600
EOF
systemctl restart fail2ban.service'
Configure Docker daemon log rotation (optional, requires restart)
medium
ai · docker · 2026-03-21T09:52:49.630140 · auto_allowed=0
Set Docker's json-file log-driver options to limit per-container log size. This change will restart the Docker daemon (containers will be restarted). Marked non-auto because it restarts containers and impacts running services.
Befehl anzeigen
[ -f /etc/docker/daemon.json ] || bash -c 'cat > /etc/docker/daemon.json <<"EOF"
{"log-driver":"json-file","log-opts":{"max-size":"50m","max-file":"5"}}
EOF
&& systemctl restart docker'