SentinelOS-Lite is a Linux-focused self-healing security stack that runs as a suite of services on a host or container stack. It combines an agent, rule engine, anomaly detection, REST API, web dashboard, and CLI with Telegram alerting.
- Self-healing agent with service restart and config restore
- Rule-based security automation with YAML rules
- Simple anomaly detection with explainable scoring
- REST API with SQLite storage and API token auth
- Next.js dashboard with charts and tables
- CLI for operations
- Docker and docker-compose deployment
agent/ Python self-healing agent
backend/ Node.js + TypeScript API and rule engine
ui/ Next.js dashboard
ml/ Python anomaly service
cli/ Node.js CLI
deploy/ Docker compose and deployment helpers
docs/ Architecture and security docs
data/ SQLite database and runtime data
Install dependencies:
node "C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js" install
Run backend and UI:
node "C:\Program Files\nodejs\node_modules\npm\bin\npm-cli.js" run dev
Start agent and ML manually:
python agent/app.py
python ml/app.py
Open:
- Backend: http://localhost:4000/health
- UI: http://localhost:3000
docker compose -f deploy/docker-compose.yml up --build
API_TOKEN: backend auth tokenDATABASE_URL: sqlite file path, defaults todata/sentinel.dbAGENT_URL: backend -> agent URLML_URL: backend -> ML URLTELEGRAM_BOT_TOKENandTELEGRAM_CHAT_ID: Telegram alertingNEXT_PUBLIC_API_BASE: UI API base URLNEXT_PUBLIC_API_TOKEN: UI API token
GET /healthGET /statusGET /events(filters: type, severity, since, until)POST /eventsGET /rules,POST /rules/reload,POST /rules/simulate,GET /rules/rawGET /anomalies,POST /anomaliesGET /actionsPOST /actions/lockdown,POST /actions/heal,POST /actions/scanGET /metrics,POST /metricsGET /services
sentctl status
sentctl scan --full
sentctl heal backend
sentctl lockdown --strict
Set SENTINEL_URL and SENTINEL_TOKEN, or create ~/.sentinelos/config.json.
- Ram Sunil Gawas