On February 21, 2024, at 4:08 PM, Michael Kjörling <2695bd53d...@ewoof.net> wrote:
>On 21 Feb 2024 19:03 +0000, from an...@rodier.me (Andre Rodier): >> - What is the best approach to check if there is any vulnerability in the >> packages configuration ? >> - Is there any service that could audit the deployment code or the >> configuration files ? >My understanding is that both Lynis and Vuls are popular for >already-installed systems. If you have your configuration packaged as >Ansible scripts, then deploying that onto a disposable VM based on a >minimal Debian installation should be a reasonably practical way of >auditing the deployment process itself for vulnerabilities. >A web search for something like "linux local vulnerability scanner" >will provide you with additional leads. >Note that any automated tool will use some kind of heuristics so (a) >may find things that are not actually vulnerabilities in your setup, >and (b) might not find something which _is_ a vulnerability in your >setup. >-- You can install and run Tenable Nessus Vulnerability scanner. The free version can scan like 10 IPs. I use Nessus and it works well. Security Blanket is a Security hardening tool suite which is nice and not too expensive. >Michael Kjörling 🔗 https://michael.kjorling.se >“Remember when, on the Internet, nobody cared that you were a dog?”