Vulnerability management

Cloud and dedicated servers

We recommend scanning servers for vulnerabilities. This can be done using network vulnerability scanners or software agents on hosts.

Network scanners check hosts that are accessible over the network, and some scanners also support authentication configuration for more accurate analysis.

You can use free online scanners:

• Nmap;
• OpenVAS;
• Zed Attack Proxy (ZAP) by Checkmarx.

An example of a free scanner that works as an agent on hosts is Wazuh. To run the scanner on each host, install it:

• Wazuh shared server — more details in the Wazuh Quickstart documentation article;
• Wazuh agents — read more in the Wazuh agent article of the Wazuh documentation.

You can create a cloud server with a ready-made Wazuh application.

Linux servers can also utilize Lynis, a host-level security auditing and compliance tool. Lynis ensures operating system and application security by checking configurations, permissions, vulnerabilities and outdated packages, firewall settings, and critical system parameters.

On cloud servers, scanners can be installed as custom images.