Open Source

Score your server security
in seconds

Single binary, agentless, 130+ checks across 27 categories. Detects rootkits, hidden processes, and verifies package integrity.

terminal
$ siovos-audit run --host 203.0.113.42 --user root
Connecting via SSH...
Running 130+ checks across 27 categories...
auth
95/100
deepintegrity
95/100
firewall
100/100
kubernetes
95/100
ssh
90/100
system
95/100
vpn
100/100
Overall Score95/100

Server security is hard to measure

Most developers deploy a VPS, follow a tutorial, and never verify what's actually running.

No visibility

You don't know your server's security posture until something breaks.

Manual checks

SSH config, firewall rules, TLS certs - checking each one manually is tedious and error-prone.

No baseline

Without a score, you can't track improvements or regressions over time.

Complex tools

Existing tools require agents, XML configs, or Ruby runtimes. Too heavy for a quick check.

One command. Full picture.

Siovos Audit connects via SSH, runs 130+ checks across 27 categories, and gives you a score in seconds. No agent needed.

SSH

Agentless

Connects via SSH. Nothing to install on the target server.

1

Single binary

One Go binary. No dependencies, no runtime, no setup.

130+

0-100 scoring

Per-category scores with PASS/WARN/FAIL for each of the 130+ checks.

10s

10 seconds

Full audit completes in seconds, not minutes.

Is there anything suspicious on your server?

Deep integrity checks go beyond configuration. They look for signs of compromise.

Rootkit detection

Scans for known rootkit signatures in system files and kernel modules.

Hidden processes

Cross-references ps output with /proc to detect processes hiding from standard tools.

Hidden ports

Compares ss output with /proc/net to find ports not reported by standard tools.

Package integrity

Verifies every running binary belongs to a known package via dpkg. No orphans, no tampering.

Kernel modules

Checks that all loaded kernel modules come from the standard module tree.

deep integrity
deepintegrity — 95/100
[PASS] All running binaries belong to known packages
[PASS] Package integrity verified (dpkg -V)
[PASS] No hidden processes (ps=417, /proc=417)
[PASS] No hidden ports (ss=16, /proc/net=16)
[PASS] No rootkit signatures detected
[PASS] All 130 kernel modules from standard tree

Real audit output

Actual audit result from a Siovos production server running Debian 13, K3s, WireGuard and Docker.

siovos-audit
Siovos Audit
Target: 203.0.113.42 (Debian GNU/Linux 13 (trixie))
auth
95/100
[PASS] Only root has UID 0
[PASS] Strong password hashing: YESCRYPT
[PASS] No system accounts with login shell
deepintegrity
95/100
[PASS] All running binaries belong to known packages
[PASS] Package integrity verified (dpkg -V)
[PASS] No hidden processes (ps=417, /proc=417)
[PASS] No hidden ports (ss=16, /proc/net=16)
[PASS] No rootkit signatures detected
[PASS] All 130 kernel modules from standard tree
firewall
100/100
[PASS] UFW active
[PASS] Default deny incoming
[PASS] Port 6443 (Kubernetes API) listening but blocked by firewall
[PASS] Firewall logging enabled
kubernetes
95/100
[PASS] RBAC enabled
[PASS] Network policies defined (5)
[PASS] API server not exposed on all interfaces
[PASS] No pods running as root
ssh
90/100
[PASS] Password authentication disabled
[INFO] Root login via key only
[PASS] StrictModes enabled
[PASS] sshd_config permissions OK
system
95/100
[PASS] Unattended upgrades enabled
[PASS] AppArmor enabled
[PASS] ASLR enabled
[PASS] Core dumps disabled for SUID binaries
vpn
100/100
[PASS] WireGuard active: wg0
[PASS] Config permissions OK (600)
[PASS] All peers have recent handshakes
Overall Score: 95/100
0 issues to fix, 3 warnings to review

Before & After

See the difference between a default VPS and a properly configured server.

~0/100

Default VPS

Out-of-the-box VPS with no hardening. Root login enabled, no firewall, no VPN.

Siovos
0/100

Siovos Server

Siovos-deployed server. 95/100 score, CIS Level 1 at 96%, zero rootkits.

27 categories, 130+ checks

Comprehensive server security audit from OS hardening to rootkit detection.

Core

SSH

19 checks: password auth, root login, key permissions, StrictModes, sshd config.

Firewall

7 checks: UFW status, default policies, open ports cross-referenced with rules.

TLS

5 checks: certificate validity, expiration, chain verification.

System

14 checks: updates, file permissions, kernel hardening, ASLR, AppArmor.

Network

6 checks: DNS config, IPv6, listening services, IP forwarding context.

Auth

7 checks: UID 0 accounts, password hashing, system account shells, sudoers.

Services

Services

4 checks: unexpected exposed services, port analysis.

Database

4 checks: authentication, network binding, default credentials.

Web Server

5 checks: server tokens, directory listing, security headers.

Kubernetes

6 checks: RBAC, network policies, secrets encryption, pod security.

VPN

3 checks: WireGuard status, config permissions, peer handshakes.

Infrastructure

Logging

5 checks: syslog, auth logs, log rotation, firewall logging.

Cron

5 checks: crontab permissions, unexpected jobs, system cron security.

Packages

4 checks: orphaned packages, unattended upgrades, repo integrity.

Insecure

10 checks: SUID/SGID binaries, world-writable files, /tmp security.

Deep

Deep Integrity

9 checks: rootkits, hidden processes, hidden ports, binary verification, kernel modules.

Tooling

6 server profiles

minimal-vps, web-server, kubernetes-node, database-server, vpn-gateway, full.

Compliance mapping

CIS Benchmark Level 1 (27 controls) and SOC2 Type II (8 controls).

--explain mode

Detailed descriptions and remediation steps for every finding.

Inventory command

List all users, services, packages, processes, cron jobs. No scoring, just facts.

CI/CD ready

JSON output, --min-score flag, GitHub Action and GitLab CI templates.

3 reporters

Terminal with colors, JSON for automation, HTML for sharing.

Free & Open Source

MIT licensed. 130+ checks, 51 tests, zero telemetry. Contribute, fork, or self-host.

Run the audit. The code is open source, the checks are transparent. Don't trust us - verify.

# Install
$ curl -fsSL https://raw.githubusercontent.com/Siovos/siovos-audit/main/install.sh | sh
# Run an audit
$ siovos-audit run --host your-server.com --user root
# With explanations
$ siovos-audit run --host your-server.com --explain
# CIS compliance check
$ siovos-audit run --host your-server.com --compliance cis-level1
# Local audit
$ siovos-audit run --local