DEV.co
Open-Source DevOps · vernu

vps-audit

vps-audit is a lightweight, dependency-free Bash script that performs automated security and performance checks on Linux VPS servers. It runs on Debian/Ubuntu systems, requires sudo access, and generates color-coded reports with specific remediation recommendations.

Source: GitHub — github.com/vernu/vps-audit
2k
GitHub stars
161
Forks
Shell
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryvernu/vps-audit
Ownervernu
Primary languageShell
LicenseMIT — OSI-approved
Stars2k
Forks161
Open issues13
Latest releaseUnknown
Last updated2026-01-12
Sourcehttps://github.com/vernu/vps-audit

What vps-audit is

Single-file Bash utility that audits SSH config, firewall status, failed logins, open ports, SUID files, and system resource utilization against configurable thresholds. Outputs real-time console feedback (PASS/WARN/FAIL) and timestamped report files; no external dependencies beyond standard GNU utilities (grep, awk, netstat).

Quickstart

Get the vps-audit source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/vernu/vps-audit.gitcd vps-audit# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Scheduled VPS Security Baseline Audits

Run weekly or monthly via cron to track drift in SSH config, firewall rules, and service count. Generates timestamped reports for compliance and change tracking without requiring a separate monitoring platform.

Rapid Post-Deployment Security Verification

Execute immediately after provisioning new Debian/Ubuntu instances (e.g., via CI/CD) to confirm SSH hardening, firewall activation, and resource allocation meet organizational standards before handoff.

Manual Incident Response and Triage

Quick diagnostic tool for ops teams to assess whether a compromised or degraded VPS has common misconfigurations (open ports, excessive failed logins, disabled firewall) during initial investigation.

Implementation considerations

  • Requires root or passwordless sudo; plan sudoers configuration for automated execution (e.g., via Ansible, cron, or CI/CD pipelines).
  • Thresholds for WARN/FAIL are hardcoded and generic; customize them in the script source for your infrastructure baseline (e.g., adjust service or port thresholds for legacy apps).
  • Output parsing is human-readable and text-based; integrating programmatic consumption of results requires additional shell scripting or tooling.
  • Script runs synchronously and may take 10–30 seconds on loaded systems; schedule during off-peak hours or as background tasks.
  • Limited to checks detailed in the README; does not audit container runtimes, application-level configs, or compliance frameworks beyond basic OS hardening.

When to avoid it — and what to weigh

  • Red Hat / CentOS / RHEL-based Systems — Script is explicitly designed for Debian/Ubuntu and relies on ufw and systemd conventions. Porting to dnf/firewalld requires non-trivial modifications.
  • Containerized or Orchestrated Environments — vps-audit audits host OS configuration. In Kubernetes or container-heavy deployments, host-level checks offer limited value; use platform-native security scanning instead.
  • Requirement for Real-time Alerting or Integration — Script generates reports but does not integrate with SIEM, ticketing, or alerting systems. If you need cross-VPS dashboards or automated incident creation, use dedicated monitoring platforms (Prometheus, DataDog, etc.).
  • Compliance Audits Requiring Formal Evidence Chain — While the script identifies issues, it does not provide cryptographic attestation, audit logs suitable for legal discovery, or role-based access controls needed for SOC 2 or FedRAMP compliance.

License & commercial use

MIT License. Permits commercial use, modification, and distribution with no warranty. Attribution and license notice required. No patent grants or trademark usage permissions. Suitable for proprietary internal tooling or commercial products with proper attribution.

MIT is a permissive OSI license allowing commercial deployment and resale. Organizations may incorporate this script into commercial managed services offerings. However, no indemnification, SLA, or liability cap is provided; users assume all risk. Recommend legal review before bundling into revenue-critical products.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Script requires sudo and reads sensitive files (SSH config, sudoers logs, open ports, SUID files). No input validation or escaping is documented; review shell injection risks if chaining output. Checks for common misconfigurations (disabled firewall, root SSH, weak password policy) but does not perform cryptographic validation, rootkit detection, or intrusion forensics. Should not be your sole security control; supplement with log monitoring, intrusion detection, and professional audits. Report files may contain sensitive system details; restrict their permissions and storage.

Alternatives to consider

lynis (https://github.com/CISOfy/lynis)

Mature, audits 300+ checks, cross-platform (Linux, macOS, BSD), generates scored reports, professionally maintained. Heavier overhead and more opinionated remediation advice; better for compliance and detailed baselines.

Wazuh Agent + Manager

Distributed agent-based security monitoring with real-time alerting, SIEM integration, and compliance mapping. Requires central server and agent provisioning; overkill for simple ad-hoc audits but superior for fleet monitoring.

OpenSCAP / SCAP Workbench

Standards-based (NIST, CIS benchmarks), formal compliance reporting, automated remediation scripts. Steeper learning curve and more bureaucratic; best for regulated environments requiring formal audit trails.

Software development agency

Build on vps-audit with DEV.co software developers

vps-audit provides a fast, dependency-free baseline assessment for Debian/Ubuntu servers. Ideal for initial hardening checks, compliance verification, and scheduled security reviews. Contact our DevOps team to integrate auditing into your infrastructure automation or incident response workflows.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

vps-audit FAQ

Can I run vps-audit on CentOS/RHEL?
Not without significant modification. The script relies on ufw (Debian/Ubuntu firewall) and systemd conventions. You would need to rewrite firewall checks for firewalld and adapt package manager commands for dnf/yum.
How do I integrate vps-audit output into my monitoring dashboard?
Manually parse the generated text report files and ingest them into your aggregation tool (Splunk, ELK, Datadog) via scripts or collectors. No native API or structured output format (JSON/CSV) is built-in; consider a wrapper script for parsing.
Is vps-audit a substitute for professional penetration testing?
No. The script checks for common misconfigurations and basic hardening gaps. Professional audits assess application logic, advanced attack scenarios, and compliance requirements beyond what a configuration scanner provides.
Can I schedule vps-audit to run automatically and alert on failures?
Yes, via cron jobs and wrapper scripts. Run the script periodically, pipe output to a log aggregator or alerting tool, and define thresholds for notification. The script itself does not provide built-in scheduling or notifications.

Custom software development services

DEV.co helps companies turn open-source tools like vps-audit into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.

Ready to Audit Your VPS Security Posture?

vps-audit provides a fast, dependency-free baseline assessment for Debian/Ubuntu servers. Ideal for initial hardening checks, compliance verification, and scheduled security reviews. Contact our DevOps team to integrate auditing into your infrastructure automation or incident response workflows.