Agent security

What the Fivenines agent does on your servers.

The Fivenines agent is an open-source Linux monitoring agent. It collects infrastructure telemetry locally, then pushes metrics to Fivenines over HTTPS. It is not a remote shell, not an inbound daemon, and not a command-and-control channel.

Read the agent source Start free trial

Open-source agent · HTTPS push model · Optional modules are explicit

Fivenines overview dashboard showing monitored servers and infrastructure status

Agent model

The agent runs locally and talks out to Fivenines. Your server does not need to expose an agent port to the internet.

Install

Creates the agent service, local config, and host token.

Collect

Reads metrics and enabled module data from the local host.

Push

Sends telemetry to Fivenines API endpoints over HTTPS.

Config

Receive config

Gets module settings and intervals back from Fivenines.

Access boundary

What the agent can and cannot do

The agent sends operational telemetry out to Fivenines. It does not open a control path back into your server.

Your server

Fivenines agent

Reads local host and enabled module data.

metrics · process names · package versions

HTTPS · Outbound only

No inbound agent port

Fivenines

Telemetry API

Receives operational telemetry pushed by the agent.

dashboard · alerts · module config

What the agent does

Agent reads and sends

Host identity

Reads hostname, OS, kernel, CPU architecture, IP addresses, and agent version.

Resource metrics

Collects CPU, load, memory, swap, disk I/O, partitions, network counters, and temperatures.

Process visibility

Reports top process names by CPU and memory usage for troubleshooting.

Optional inventory

Can send open ports, package names and versions when those modules are enabled.

Optional modules

Can collect Docker, QEMU, Proxmox, PostgreSQL, Redis, NGINX, Caddy, SNMP, RAID, S.M.A.R.T., Fail2ban, and NVIDIA GPU stats when configured.

Scoped permissions

Supports user-level install; deeper modules use explicit local access such as Docker socket, read-oriented API tokens, database monitoring views, or constrained sudoers commands.

What it will never do

Four hard limits

× No remote shell The dashboard cannot SSH into your host or execute arbitrary commands through the agent.
× No inbound listener Your server does not need to expose an agent port to the internet for Fivenines.
× No application files The normal payload is metrics and metadata, not your source code, application logs, SSH keys, or shell history.
× No database rows Database modules read operational stats, not customer data stored in your tables.

Frequently Asked Questions

Does the Fivenines agent give Fivenines shell access? +

No. The agent pushes metrics to Fivenines over HTTPS. It does not accept inbound connections, expose SSH access, or run commands sent from the Fivenines dashboard.

Does the agent need sudo? +

The standard installer uses sudo to install a system service. A user-level installer is available without sudo, with reduced coverage for modules that require elevated local read permissions such as S.M.A.R.T. and RAID health.

What data does the agent send? +

It sends host identity, operating system metadata, resource metrics, disk and network counters, top process names by resource use, and optional module metrics you enable such as Docker, Proxmox, PostgreSQL, SNMP, package versions, S.M.A.R.T., RAID, Fail2ban, and GPU metrics.

Can optional integrations be restricted? +

Yes. Optional modules are explicit. For example, Proxmox should use a read-oriented API token, PostgreSQL should use read access to monitoring views, and S.M.A.R.T. or RAID modules can be limited to specific sudoers commands.

Inspect the agent, then install it when you are ready.

The agent is open source, the install path is documented, and the permission model is explicit. Start with the live demo or create a trial when you want to test it on a real server.

View agent on GitHub Start free trial

No credit card · User-level install available · Optional modules are explicit