Vulnerability management
Cloud and dedicated servers
We recommend scanning servers for vulnerabilities.To do this, you can use network vulnerability scanners or software agents on hosts.
Network scanners check hosts that are accessible over the network, and some scanners also support authentication configuration for more accurate analysis.
To analyze vulnerabilities of public IP addresses that belong to your infrastructure in Selectel, you can use the Vulnerability Analysis service. The service allows you to scan external IP addresses using an FSTEC-certified security analysis tool.
You can use free online scanners:
An example of a free scanner that runs as an agent on hosts is Wazuh.To run the scanner on each host, install:
- Wazuh shared server — more details in the Wazuh Quickstart documentation article;
- Wazuh agents — read more in the Wazuh agent article of the Wazuh documentation.
You can create a cloud server with a ready-made Wazuh application.
On Linux servers, you can also use Lynis, a security auditing and compliance tool at the host level.Lynis secures the operating system and applications by checking configurations, access rights, vulnerabilities and outdated packages, firewall settings, and critical system parameters.
On cloud servers, scanners can be installed as custom images.