Docs · Tools
Defense Monitor
Defense Monitor checks a host the way a hardening guide would — firewall, open ports, SSH configuration, dangerous SUID binaries, password policy — and runs a Lynis audit, so you can close the gaps before someone finds them.
- Category
- Defense & Hardening
- Powered by
Lynis + native OS checks- Edition
- Pro
- Where
- Desktop → Defense Monitor tab
What it does
- Firewall — is it enabled, and what is allowed inbound.
- Open ports — which services are listening and exposed.
- SSH config — root login, password auth, weak settings.
- SUID finder — setuid binaries that could enable privilege escalation.
- Password policy — age, complexity and lockout rules.
- Lynis audit — a broad, industry-standard hardening sweep.
How to use it
1
Open Defense Monitor
Select it from the module sidebar. On Linux, Lynis gives the deepest results.
2
Run the audit
The tool runs each check and lists every weakness it finds, ranked by severity.
3
Act on the findings
Send a finding to the Firewall Advisor for a ready-made rule, or to the Patch Advisor to plan updates.
What you get
A prioritized hardening checklist for the host. The Fleet agent runs the equivalent Security Configuration Assessment (SCA) continuously across many endpoints and feeds the results into the SecOps rule engine — see /docs/fleet.
Tips
- Re-run after hardening and use Scan Diff / Security Score to prove improvement.
- The SUID findings are easy to overlook and high impact — review them first.
Hardening is the cheapest defense. Most breaches exploit a default left on, not a clever zero-day. Closing these gaps removes the easy paths first.