Recommendation for simple security check

Can someone recommend a simple (possibly automated) hardness scan/check of a Debian 7 image on a Linode? Just something to check for basics, possibly with options for increased hardness checks for a higher cost.

2 Replies

A nice basic hardness check that I really like is Lynis (can do "apt-get install lynis" although repo might be a few minor versions out of date).

The next step after that is running an IDS. A really good choice here is OSSEC. This isn't overly complex and has a lot of benefit. Many of the other open source choices in this area, such as Tripwire, are a waste of time because they aren't maintained anymore (usually the developers are now focused on commercial enterprise versions).

If you want to check your SSL "hardness" a great free service is SSL Server Test by Qualys SSL Labs.

Beyond the open source stuff you can run free-trials, or community editions, of some of the better commercial tools. For example: * Qualys ExpressGuard Lite, Trial version will do external scan, internal system scan, and a web app scan (same guys who run the free SSL Server Test mentioned above).
* Rapid7 Nexpose Community edition.
* beyondtrust Retina CS Community Edition (I've never been able to test this tool because it requires a Windows server as the scan launcher).

> A nice basic hardness check that I really like is Lynis (can do "apt-get install lynis)"

Thanks. I take this to mean that it must be installed first.

Would there be any other option that does not need to be installed? IOW it would just make a "scan" from the outside?


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct