Open Source

Score your server security
in seconds

Single binary, agentless, scores your server security in seconds.

View on GitHubQuick Start
terminal
$ siovos-audit run --host 203.0.113.42 --user root
Connecting via SSH...
Running 33 checks across 8 categories...
firewall
100/100
kubernetes
95/100
network
100/100
services
100/100
ssh
100/100
system
90/100
tls
100/100
vpn
100/100
Overall Score98/100

Server security is hard to measure

Most developers deploy and hope for the best. No visibility, no baseline, no automated checks.

No visibility

You don't know your server's security posture until something breaks.

Manual checks

SSH config, firewall rules, TLS certs - checking each one manually is tedious and error-prone.

No baseline

Without a score, you can't track improvements or regressions over time.

Complex tools

Existing tools require agents, XML configs, or Ruby runtimes. Too heavy for a quick check.

One command. Full picture.

Siovos Audit connects via SSH, runs 33 checks across 8 categories, and gives you a score in seconds. No agent needed.

Agentless

Connects via SSH. Nothing to install on the target server.

Single binary

One Go binary. No dependencies, no runtime, no setup.

0-100 scoring

Per-category scores with PASS/WARN/FAIL for each test.

10 seconds

Full audit completes in seconds, not minutes.

Real audit output

This is an actual audit result from a Siovos production server (Debian 13, K3s, WireGuard).

siovos-audit
Siovos Audit
Target: 203.0.113.42 (Debian GNU/Linux 13 (trixie))
firewall
100/100
[PASS] UFW active
[PASS] Default deny incoming
[PASS] Port 53 (DNS) listening but blocked by firewall
[PASS] Port 6443 (Kubernetes API) listening but blocked by firewall
[PASS] Port 10250 (Kubelet) listening but blocked by firewall
[PASS] Port 8443 (Step-CA) listening but blocked by firewall
[PASS] Port 9100 (Node exporter) listening but blocked by firewall
kubernetes
95/100
[PASS] RBAC enabled
[PASS] Network policies defined (5)
[WARN] Secrets encryption at rest not detected
[PASS] API server not exposed on all interfaces
[PASS] No pods running as root
network
100/100
[PASS] DNS configured: 10.8.0.1, 1.1.1.1, 8.8.8.8
[INFO] IPv6 enabled with ip6tables rules
[INFO] 16 listening services (7 on public interfaces)
services
100/100
[PASS] No unexpected services exposed
ssh
100/100
[PASS] Password authentication disabled
[INFO] Root login via key only
[PASS] Empty passwords not permitted
[PASS] SSH Protocol 2 (default)
system
90/100
[WARN] 15 security updates available
[PASS] Unattended upgrades enabled
[PASS] Permissions OK: shadow file (640)
[PASS] Permissions OK: passwd file (644)
[PASS] Permissions OK: root SSH directory (700)
[WARN] net.ipv4.conf.all.rp_filter = 0 (expected 1)
[PASS] ICMP redirects disabled
[PASS] Send redirects disabled
[PASS] ASLR enabled
tls
100/100
[PASS] Certificate valid: K3s API server
[PASS] Certificate valid: K3s CA
vpn
100/100
[PASS] WireGuard active: wg0
[PASS] Config permissions OK (600)
[PASS] All peers have recent handshakes
Overall Score: 98/100
0 issue to fix, 3 warnings to review

Before & After

See the difference between a default VPS and a properly configured server.

~0/100

Default VPS

Out-of-the-box VPS with no hardening. Root login enabled, no firewall, no VPN.

Siovos
0/100

Siovos Server

Siovos-deployed server with K3s, WireGuard, UFW, automated updates.

8 categories, 33 checks

Comprehensive server security audit covering everything from SSH to Kubernetes.

System

System

Updates, file permissions, kernel hardening, ASLR.

Network

DNS config, IPv6 status, listening services count.

Network

Firewall

UFW status, default policies, open ports analysis.

SSH

Password auth, root login, protocol version, key permissions.

VPN

WireGuard status, config permissions, peer handshakes.

Services

TLS

Certificate validity, expiration dates, chain verification.

Services

Listening services, unexpected open ports, public exposure.

Kubernetes

RBAC, network policies, secrets encryption, pod security.

Tooling

Server profiles

Tailored checks for minimal-vps, web-server, kubernetes-node and more.

CI/CD ready

JSON output, --min-score flag, GitHub Action and GitLab CI templates.

3 reporters

Terminal, JSON, and HTML reports for every audit.

Get started in 30 seconds

Install and run your first audit.

terminal
# Install
$ go install github.com/Siovos/siovos-audit@latest
# Run an audit
$ siovos-audit run --host 192.168.1.100 --user root
# With a server profile
$ siovos-audit run --host 192.168.1.100 --user root --profile kubernetes-node

Free & Open Source

MIT licensed. Contribute, fork, or self-host. No telemetry, no vendor lock-in.

Star on GitHubContributing Guide

Deploy first, audit after

Use Siovos Desktop to deploy your infrastructure, then run an audit to verify everything is secure.

Learn about Siovos Desktop