Security Checks¶
The agent runs 210+ checks grouped into categories.
Categories¶
| Category | Checks | Examples |
|---|---|---|
| OS updates | 10+ | patch availability, auto-update enabled |
| Firewall | 8+ | UFW/pf/Windows Firewall status |
| Disk encryption | 6+ | BitLocker, FileVault, LUKS |
| Password policy | 15+ | complexity, history, lockout |
| Antivirus | 5+ | installed, running, up-to-date |
| SSH hardening | 25+ | ciphers, MACs, KEX, root login |
| Network services | 20+ | open ports, unnecessary services |
| File permissions | 30+ | /etc/shadow, SSH keys, sudoers |
| Audit logging | 8+ | auditd, sudo logs, syslog |
| SUID binaries | 5+ | unexpected setuid/setgid |
| Kernel hardening | 12+ | ASLR, core dumps, ptrace_scope |
| Browser extensions | 10+ | risky extensions, policies |
| Cloud config | 10+ | environment variables, CLI creds |
Check lifecycle¶
- Agent executes check locally
- Result:
pass,fail,warning,error,skipped - Agent sends delta (only changed results)
- Server stores latest per device
- Dashboard aggregates across fleet
Status meanings¶
- pass — check met the required condition
- fail — condition not met, remediation needed
- warning — condition partially met or best-effort
- error — check couldn't run (missing tool, permission)
- skipped — not applicable for this OS/config