Restored my backup and have all and none of the files, sir. Don’t look at it until we fsck.

Snapshots and for i in $hosts;do ssh -tt "sudo apt update -y && sudo apt upgrade -y";done

For docker/k8s: argocd, helm, etc.

Its getting difficult to notice if any wrong port is still open or some web server is out of date

This isn’t generally done with security scanners unless you’re running hundreds of nodes. Use iptables rules with inclusive rules only to block ports. Keep your software inventoried for the rest, or some sort of basic configuration management.

If you don’t have these basics, what good is a scanner going to do for you?

E: Re-reading this, I didn’t mean for it to sound snide. Genuinely wanting to help … OpenVAS is probably what you’re after.

Could use something as simple as a cronjob or gitea runners. Loki/Grafana can read logs and trigger webhooks, send emails, etc.

postfix/dovecot flow through my veins and I think one just popped imagining it. I may not be getting the end game here.

OP: Do you mean sending DM/PM’s to users at certain instances? This would require each one to have correctly (and strict) aligned SPF/DMARC/DKIM … or a cluster that handles it for them and pushes it via API to the instance.

Admittedly it’s been years, but this thread now has me firing off an updated instance :P

README.md

LibreOffice online: https://www.libreoffice.org/download/libreoffice-online/

Same, just replace docker compose with cloud-init. Gitea runners for deployment.

too early for operation, device not yet seeded