How to Perform a Basic Security Audit on Your Server

How to Perform a Basic Security Audit on Your Server

Regular security audits help identify vulnerabilities before attackers exploit them. Run these checks on your Breeze at least monthly to maintain a strong security posture.

Check for Open Ports

# Scan for listening services
sudo ss -tulnp

# External port scan from another machine
nmap -sV your-breeze-ip

Close any ports you do not actively need by updating your firewall rules.

Review User Accounts and Privileges

# List all users with login shells
awk -F: '$7 !~ /nologin|false/ {print $1}' /etc/passwd

# Check for users with UID 0 (root-level)
awk -F: '$3 == 0 {print $1}' /etc/passwd

# Review sudo group membership
getent group sudo

Inspect Running Processes and Cron Jobs

# Look for unexpected processes
ps aux --sort=-%mem | head -20

# List all cron jobs for all users
for user in $(cut -f1 -d: /etc/passwd); do
  crontab -u "$user" -l 2>/dev/null
done

Check for Outdated Packages

sudo apt update
apt list --upgradable

File Permission Audit

# Find world-writable files
find / -xdev -type f -perm -0002 -ls 2>/dev/null

# Find SUID/SGID binaries
find / -xdev \( -perm -4000 -o -perm -2000 \) -type f -ls 2>/dev/null

Document your findings and remediate issues promptly. Automate recurring checks with a cron job that emails results to your security team.