Skip to content

Security model

OpenSecDash is designed as an internal homelab admin tool.

No built-in authentication yet

OpenSecDash currently does not include built-in user management or authentication. Treat it like a sensitive internal dashboard.

Recommended placement:

  • LAN-only
  • VPN-only
  • behind Authentik, Authelia, Pocket ID, or another trusted forward-auth layer

Do not expose it directly to the public internet.

Sensitive data

OpenSecDash can display:

  • public and internal IP addresses
  • hostnames
  • asset names
  • access logs
  • security events
  • action controls such as CrowdSec ban/unban

Review debug reports before attaching them to public issues.

Action simulation

Action simulation / dry-run mode is the safer default. It records actions without executing them. Disable dry-run only after you have verified plugin configuration and permissions.

Released under the GNU Affero General Public License v3.0.