# server security audit



## fred974 (Apr 30, 2014)

Hello everyone,

I'm trying to see my  my server is secure or not.
I would like to know what tools do you guys use to audit your security audit on your FreeBSD boxes?
Ideally I would like something that will have an report at the end so I know what to fix.

Could you also tell me what professional services you used that doesn't cost the earth.

Thank you all in advance.

Fred


----------



## xy16644 (Apr 30, 2014)

If your server is connected to the internet I ran this free scan:

https://freescan.qualys.com/freescan-front/

I think they allow you 10 free scans. It takes some time to run the scan but the report is quite good considering it is free!


----------



## fred974 (May 1, 2014)

xy16644 said:
			
		

> If your server is connected to the internet I ran this free scan:
> 
> https://freescan.qualys.com/freescan-front/
> 
> I think they allow you 10 free scans. It takes some time to run the scan but the report is quite good considering it is free!


Hi @xy16644,
Thank you very much for the link. I appreciate your reply.

Fred


----------



## atmosx (May 8, 2014)

The most advanced IMHO is Nessus. But you need a computer to install it and run it. It takes some sort of technical knowledge to tune, etc. But works.


----------



## fred974 (May 8, 2014)

atmosx said:
			
		

> The most advanced IMHO is Nessus. But you need a computer to install it and run it. It takes some sort of technical knowledge to tune, etc. But works.



Thank you i'll look into it


----------



## SirDice (May 12, 2014)

The "problem" with security/vulnerability scanners like Nessus is that it requires someone knowledgeable to interpret the scan results. Don't blindly accept anything these applications might throw at you. You also want to be careful with the types of scan you run with them. Some can actually crash the machine you're testing.


----------



## fred974 (May 12, 2014)

SirDice said:
			
		

> The "problem" with security/vulnerability scanners like Nessus is that it requires someone knowledgeable to interpret the scan results. Don't blindly accept anything these applications might throw at you. You also want to be careful with the types of scan you run with them. Some can actually crash the machine you're testing.


Thank you


----------

