There are a few Debian specific checks which could be expanded upon to be more agnostic. From the reddit thread: - The [SSH Configuration checks](https://github.com/vernu/vps-audit/blob/main/vps-audit.sh#L59) are only in /etc/ssh/sshd_config but these could also be present in a file in /etc/sshd/sshd_config.d. - [UFW](https://github.com/vernu/vps-audit/blob/main/vps-audit.sh#L84) is not present on all systems. Other systems may have firewalld or even plain iptables or nftables. - Assumes the server is Debian based: https://github.com/vernu/vps-audit/blob/main/vps-audit.sh#L119 - Many systems have ss instead of netstat: https://github.com/vernu/vps-audit/blob/main/vps-audit.sh#L137 - Not every system logs auth failures in /var/log/auth.log, and it could be /var/log/secure on some systems: https://github.com/vernu/vps-audit/blob/main/vps-audit.sh#L109
There are a few Debian specific checks which could be expanded upon to be more agnostic. From the reddit thread:
The SSH Configuration checks are only in /etc/ssh/sshd_config but these could also be present in a file in /etc/sshd/sshd_config.d.
UFW is not present on all systems. Other systems may have firewalld or even plain iptables or nftables.
Assumes the server is Debian based: https://github.com/vernu/vps-audit/blob/main/vps-audit.sh#L119
Many systems have ss instead of netstat: https://github.com/vernu/vps-audit/blob/main/vps-audit.sh#L137
Not every system logs auth failures in /var/log/auth.log, and it could be /var/log/secure on some systems: https://github.com/vernu/vps-audit/blob/main/vps-audit.sh#L109