Vulnerability management

Last update: May 30 2026

Cloud and dedicated servers

We recommend scanning servers for vulnerabilities. This can be done using network vulnerability scanners or software agents on hosts.

Network scanners check hosts that are accessible over the network, and some scanners also support authentication configuration for more accurate analysis.

To analyze vulnerabilities of public IP addresses belonging to your infrastructure in Selectel, you can use the Vulnerability Scanning service. The service allows you to scan external IP addresses using a security analysis tool certified by FSTEC.

You can use free network scanners:

• Nmap;
• OpenVAS;
• Zed Attack Proxy (ZAP) by Checkmarx.

An example of a free scanner that works as an agent on hosts is Wazuh. To start the scanner, install the following on each host:

• shared Wazuh server — for details, see the Quickstart article in the Wazuh documentation;
• Wazuh agents — for details, see the Wazuh agent article in the Wazuh documentation.

You can create a cloud server with a pre-installed Wazuh application.

On Linux servers, you can also use Lynis — a security auditing and compliance tool at the host level. Lynis ensures operating system and application security by checking configurations, permissions, vulnerabilities and outdated packages, firewall settings, and critical system parameters.

On cloud servers, scanners can be installed in the form of custom images.