Score your server security
in seconds
Single binary, agentless, 130+ checks across 27 categories. Detects rootkits, hidden processes, and verifies package integrity.
Server security is hard to measure
Most developers deploy a VPS, follow a tutorial, and never verify what's actually running.
No visibility
You don't know your server's security posture until something breaks.
Manual checks
SSH config, firewall rules, TLS certs - checking each one manually is tedious and error-prone.
No baseline
Without a score, you can't track improvements or regressions over time.
Complex tools
Existing tools require agents, XML configs, or Ruby runtimes. Too heavy for a quick check.
One command. Full picture.
Siovos Audit connects via SSH, runs 130+ checks across 27 categories, and gives you a score in seconds. No agent needed.
Agentless
Connects via SSH. Nothing to install on the target server.
Single binary
One Go binary. No dependencies, no runtime, no setup.
0-100 scoring
Per-category scores with PASS/WARN/FAIL for each of the 130+ checks.
10 seconds
Full audit completes in seconds, not minutes.
Is there anything suspicious on your server?
Deep integrity checks go beyond configuration. They look for signs of compromise.
Rootkit detection
Scans for known rootkit signatures in system files and kernel modules.
Hidden processes
Cross-references ps output with /proc to detect processes hiding from standard tools.
Hidden ports
Compares ss output with /proc/net to find ports not reported by standard tools.
Package integrity
Verifies every running binary belongs to a known package via dpkg. No orphans, no tampering.
Kernel modules
Checks that all loaded kernel modules come from the standard module tree.
Real audit output
Actual audit result from a Siovos production server running Debian 13, K3s, WireGuard and Docker.
Before & After
See the difference between a default VPS and a properly configured server.
Default VPS
Out-of-the-box VPS with no hardening. Root login enabled, no firewall, no VPN.
Siovos Server
Siovos-deployed server. 95/100 score, CIS Level 1 at 96%, zero rootkits.
27 categories, 130+ checks
Comprehensive server security audit from OS hardening to rootkit detection.
SSH
19 checks: password auth, root login, key permissions, StrictModes, sshd config.
Firewall
7 checks: UFW status, default policies, open ports cross-referenced with rules.
TLS
5 checks: certificate validity, expiration, chain verification.
System
14 checks: updates, file permissions, kernel hardening, ASLR, AppArmor.
Network
6 checks: DNS config, IPv6, listening services, IP forwarding context.
Auth
7 checks: UID 0 accounts, password hashing, system account shells, sudoers.
Services
4 checks: unexpected exposed services, port analysis.
Database
4 checks: authentication, network binding, default credentials.
Web Server
5 checks: server tokens, directory listing, security headers.
Kubernetes
6 checks: RBAC, network policies, secrets encryption, pod security.
VPN
3 checks: WireGuard status, config permissions, peer handshakes.
Logging
5 checks: syslog, auth logs, log rotation, firewall logging.
Cron
5 checks: crontab permissions, unexpected jobs, system cron security.
Packages
4 checks: orphaned packages, unattended upgrades, repo integrity.
Insecure
10 checks: SUID/SGID binaries, world-writable files, /tmp security.
Deep Integrity
9 checks: rootkits, hidden processes, hidden ports, binary verification, kernel modules.
6 server profiles
minimal-vps, web-server, kubernetes-node, database-server, vpn-gateway, full.
Compliance mapping
CIS Benchmark Level 1 (27 controls) and SOC2 Type II (8 controls).
--explain mode
Detailed descriptions and remediation steps for every finding.
Inventory command
List all users, services, packages, processes, cron jobs. No scoring, just facts.
CI/CD ready
JSON output, --min-score flag, GitHub Action and GitLab CI templates.
3 reporters
Terminal with colors, JSON for automation, HTML for sharing.
Free & Open Source
MIT licensed. 130+ checks, 51 tests, zero telemetry. Contribute, fork, or self-host.
Run the audit. The code is open source, the checks are transparent. Don't trust us - verify.