Pan-Unix Control Agent

Note that development is in very early stages, targeting documentation first. There is no working code here yet.

puca, the Pan-Unix Control Agent, is an endpoint management system for Unix-like systems which needs no inbound connectivity to the endpoints.

The agent, puca, runs on each system being managed, and connects to a central pucamgr instance to retrieve instructions and send responses.

From the central manager, an operator can see the following for all endpoints, or subsets of endpoints:

The operator can search for endpoints and add them to groups, according to arbitrary criteria, using a simple query language.

Operators can queue up actions for endpoints to run. Actions are retrieved by each endpoint's puca agent and executed by calls to the external tools uact, xyz, and scw. This allows the operator to:

Both the agent and the central manager produce metrics which can be collected by monitoring tools such as Zabbix, Prometheus, and so on, allowing alerts about endpoint status to be tailored to the local norms.

Endpoint registration policy is flexible - pucamgr can impliticly trust all new puca agents, or require operators to approve new agents, or trust agents that use a pre-registered public key, or use a pre-shared secret, or restrict by IP address. These can be combined arbitrarily, so for example operator approval can be required for agents from one subnet, while trusting agents using a pre-shared key from another subnet.

This software is distributed under the terms of the GNU General Public License version 3 or later.

Comments, bug reports, and patches can be sent using the Issue tracker, or through the Contact Form.

This project is Free Software. Support the Free Software Foundation.