Projects - Openbyte | Linux Administration & Support

Containerised industrial IOT power solution:

Openbyte designed and deployed a fully containerised industrial power monitoring system for a commercial facility client, integrating power meters via Modbus over RS485 into a real-time data pipeline built on IOT devices, time series database, and visualisation. The solution captures three-phase voltage, current, active and reactive power, and cumulative energy across multiple meters — polling every 60 seconds — and surfaces this data through custom dashboards that include Eskom time-of-use tariff analysis for peak, standard, and off-peak cost breakdowns. Deployed using Docker Containers and Zabbix health monitoring, the system gives the client continuous visibility into their energy consumption, power quality, and operational costs, with a scalable architecture ready to replicate across additional sites.

Sovereign document management migration: financial services

Openbyte designed and deployed a fully self-hosted document management solution for a financial services client, migrating them off cloud-based SharePoint onto an on-premises Proxmox virtualisation environment running Nextcloud. The solution preserves the collaborative workflows the client relied on, including team and group folder structures and real-time document co-editing, through an integrated OnlyOffice server that provides a familiar interface for users transitioning from a Microsoft ecosystem. Two-factor authentication was enforced across all user accounts, meeting the heightened security and data sovereignty requirements typical of financial services environments. The result is a private, internally controlled platform that gives the client full ownership of their data and the flexibility to scale storage and users as the business grows, with cloud licensing costs replaced by a once-off infrastructure investment.

Local eTenders mirror with full-text search and alerting

Openbyte developed a locally hosted government tender intelligence platform addressing a well-known pain point with the national eTenders database: slow response times and data loss on large queries. The system periodically clones the government database, running consistency checks to detect and recover dropped records, and loads the verified data into a locally served database with FTS5 full-text search for fast, reliable browsing. Users can configure keyword, category, and region-based alert profiles that trigger email notifications when matching tenders are published, keeping procurement teams informed regardless of upstream reliability.

Lightweight terminal log analyser for live and offline diagnostics

Openbyte developed a terminal log analysis tool built entirely on Python’s standard library, deployable directly onto affected systems with no installation steps required. This makes it practical for triage on production systems where observability infrastructure is unavailable and adding third-party tooling is restricted. The tool supports live log tailing, Docker container log streaming, and named pipe ingestion alongside static file analysis, with automatic log type detection across common formats including Nginx, syslog, MariaDB, and Caddy. A built-in stats engine provides real-time frequency analysis, activity histograms, and field-level breakdowns, while regex-capable full-text search, invertible level and field filters, and click-to-filter interactivity allow rapid narrowing of large log volumes. Log type behaviour and highlighting rules are defined in JSON templates, making it straightforward to extend support to custom application formats.

Virtualised infrastructure deployment with centralized security and monitoring

Openbyte designed and deployed a resilient virtualised server environment built on a Proxmox high-availability cluster across two Dell servers, eliminating single points of failure and simplifying VM lifecycle management. Hosted within the cluster are a Windows Server Active Directory domain controller for centralized authentication and group policy enforcement, a WireGuard VPN gateway for secure low-overhead remote access, a Zabbix monitoring stack providing host and service visibility with tuned alerting, and a Wazuh SIEM platform delivering log aggregation, file integrity monitoring, and real-time threat detection. The result is a fully self-hosted environment that gives the client complete ownership over their authentication, connectivity, observability, and security posture — with room to expand as the business grows.

Nextcloud private cloud deployments

Openbyte designed and deployed a fully self-hosted Nextcloud environment for a client requiring complete ownership over their collaboration and file management infrastructure. The deployment includes Nextcloud Talk for encrypted internal messaging and video conferencing, Deck for Kanban-style project tracking, and the Passwords app providing a secure internally hosted credential vault. End-to-end encryption was enforced across file storage and sharing, with granular access controls governing both internal team shares and external sharing links — eliminating recurring cloud licensing costs and giving the client full sovereignty over their data.

Resilient backup infrastructure: BareOS deployment

Openbyte designed and deployed a BareOS backup solution for a client requiring reliable, self-hosted protection across their server infrastructure. The deployment covers automated backup schedules for physical and virtual workloads, with configurable retention policies and verified restore testing to ensure recovery objectives are consistently met. The result is a fully owned, vendor-independent backup platform that gives the client confidence in their data recoverability without reliance on costly proprietary backup licensing..

Linux server hardening: CIS and NIST 800-53 compliance

Openbyte performed systematic hardening across a client’s Linux server fleet, benchmarking each system against CIS standards and NIST 800-53 controls to identify and remediate surface exposure. Lynis was used as the primary auditing tool as well as Wazuh and other external scanning solutions, with scored reports driving a structured remediation process covering SSH configuration, file permission enforcement, kernel parameter tuning, service minimisation, and PAM policy hardening. Each server was re-audited post-remediation to verify control implementation, leaving the client with a documented, measurably improved security baseline across their environment.

Apache web server hardening: production security configuration

Openbyte performed a comprehensive hardening engagement on a client’s Apache deployment, addressing the significant attack surface present in its default configuration. Controls applied covered information disclosure, version banner and server-status removal, directory listing restrictions, XSS and clickjacking protection, cookie security, and proper access logging. SSL was hardened by disabling weak ciphers, SSLv2, and legacy HTTP versions, with unused modules and IPv6 removed and Apache confined to a non-privileged account. mod_security was deployed as a web application firewall and mod_evasive configured for active DoS and DDoS mitigation — leaving the client with layered defensive controls across their web-facing infrastructure..