BLACKGLASS · CLARITY FOR LINUX TEAMS
Spot unwanted server changes early — before they become emergencies.
Best for: Platform and security teams managing Linux fleets at scale.
Configuration drift goes unnoticed until an incident, a breach, or an audit question.
Blackglass helps you understand what changed on your Linux systems, how serious it is, and what to do next — with baselines, severity-ranked findings, and audit-ready exports.
Free Lab tier for homelabs · 14-day trial of any paid plan · no credit card · SSH-first · optional one-line push agent · each customer's data stays separate end to end
Why small changes add up
Rules change. Software updates. Someone adjusts remote login settings. Spreadsheets and occasional audits often miss the period when risk actually moves. Blackglass gives you a steady, easy-to-read picture — whether you run a handful of servers or many.
Silent drift
You only hear about drift when something breaks — or when an auditor asks.
Uneven lockdown
Inconsistent hardening across machines makes it hard to see how far a problem could spread.
One-off fixes
Emergency fixes can leave servers no one fully understands.
Evidence gaps
Security reviews need a paper trail — not screenshots lost in chat.
How it works
Connect your servers
Link Linux hosts with a light-touch setup you control — nothing shipped to us beyond what you choose to share.
Save a trusted snapshot
After a release or hardening pass, pin an approved picture of each system so you have something to compare against.
See what changed
Regular checks highlight differences in remote access, accounts, scheduled tasks, software, and more — ranked so the important items stand out.
Respond with confidence
Track who is handling each item, add notes, and export neat summaries for leadership or compliance partners.
Optional: Charon for cloud sprawl
When you enable the Charon add-on, you can link read-scoped credentials for DigitalOcean, AWS, or Google Cloud. Blackglass inventories resources, highlights likely idle candidates, and keeps cleanup behind explicit approval — the same careful posture as the rest of the product.
Tenant isolation, agentless SSH collection, and an audit trail for material actions — summarised on blackglasssec.com/security.
Same product, visible source
The hosted console is the Next.js application in blackglass-console: fleet baselines, configuration findings, evidence exports, and SaaS operations — aligned with what ships at blackglasssec.com.
Common questions
Is Blackglass agent-based or agentless?
Agentless. Collection runs over SSH with read-scoped credentials. There's nothing to install on each host, and nothing acts on a host without a separately approved playbook.
Which Linux distributions are supported?
The major server distributions out of the box: Debian and Ubuntu LTS, RHEL/CentOS/Rocky/Alma, Amazon Linux, and SUSE. CIS Benchmark coverage targets the same set. Bespoke baselines for other distributions are supported on enterprise plans.
How does Blackglass detect drift?
Each fleet has a baseline captured at onboarding (or from a golden host). Subsequent collections diff against the baseline, classify findings by severity, and produce evidence-grade exports for change reviews and audits.
Does Blackglass change anything on my servers?
By default, no. Collection is read-only. Any remediation playbook (e.g. hardening, removing a stale SSH key) is gated behind explicit approval and dry-run preview — and is logged with operator identity for the audit trail.
Where is the data hosted?
The hosted console runs on UK / EU infrastructure with tenant isolation, encryption in transit and at rest, and customer-scoped data residency available on enterprise plans. Full procurement detail lives under Trust and blackglasssec.com/security.
How does Blackglass compare with Charon Gate?
They solve different problems. Charon Gate is webhook reliability — durable ingest, retries, DLQ, replay. Blackglass is Linux operational integrity — baselines, drift, audit evidence. Teams typically run both.
Further reading: Linux fleet baselines, explained without jargon.
Charon Gate — webhook reliability
If you also receive webhooks that providers retry inconsistently or deploys silently drop, look at Charon Gate. Durable ingest, exponential retries with jitter, dead-letter queue, and manual replay with lineage.
More on blackglasssec.com
The full product site has use cases, pricing, CIS benchmark coverage, and SSH audit guides. Start with the interactive demo — no account needed.
Detection to response — without manual steps.
Blackglass closes the loop with the other two products in the stack. When drift is detected, the response is automatic.
Blackglass detects drift → Charon Gate routes the alert
Blackglass can fire a signed webhook when it classifies a finding as high severity. Charon Gate ingests the event durably — so even if your alerting destination (Slack, PagerDuty, your own endpoint) is temporarily unavailable, the event is queued and delivered when the destination recovers. No lost alerts in the critical path.
Charon Gate routes the alert → Acheron Vault runs a backup health check
Simultaneously, Charon Gate can trigger Acheron Vault to run a backup readiness verification on the affected target. When an unauthorized configuration change lands on a database host, the question of whether the latest backup is recoverable becomes immediately relevant — Acheron Vault answers it automatically, so your team has a fresh recoverability report at the same moment as the incident alert.