4 Essential Commands to Audit a Fresh Dedicated Server
Before changing a single configuration file, you need to know your baseline. Whether your host spun up Ubuntu, Debian, AlmaLinux, Rocky Linux, RHEL, Fedora, or a Proxmox VE hypervisor, these four discovery commands will map out your server’s current footprint.
Because all of these modern enterprise distributions share a systemd architecture and GNU utilities, these commands are functionally universal for your deployment.
1. Identify All Active Network Ports
Before you configure a firewall, you need to know what doors are already wide open to the internet.
sudo ss -tlnpWhat it does: Lists all listening (-l) TCP (-t) ports, numerically (-n), along with the specific process ID and name (-p) responsible for that port.
Why it matters: Fresh images from some hosting providers come pre-installed with extra database engines, RPC binds, or mail servers you didn’t ask for. If it’s listening on 0.0.0.0, the whole world can see it.
Note to readers: You must run this with sudo; otherwise, Linux will hide the actual application names owning the ports.
2. Inventory Running Background Services
Ports tell you about network traffic, but they don’t tell you about internal background tasks that might be draining memory or tracking logs.
systemctl list-units --type=service --state=runningWhat it does: Queries the systemd manager to isolate only background daemons (--type=service) that are actively executing (--state=running).
Why it matters: This exposes exactly what software stack your provider bundled into their “minimal” OS image. It gives you an immediate list of targets to disable or mask if they aren’t strictly necessary for your workload.
3. Hunt for SUID/SGID Privileged Binaries
Files with SUID (Set User ID) or SGID (Set Group ID) permissions execute with the privileges of the file owner (often root) rather than the user running the command.
find / -type f \( -perm -4000 -o -perm -2000 \) 2>/dev/nullWhat it does: Scours the system for files matching SUID (-perm -4000) OR (-o) SGID (-perm -2000) flags, silently discarding standard permission-denied errors (2>/dev/null).
Why it matters: Malicious actors exploit vulnerabilities in these specific binaries to achieve privilege escalation. Tracking down this baseline list lets you spot anomalies or unneeded packages (like legacy system management tools) that shouldn’t have root execution rights.
4. Locate World-Writable Directories
Any directory with a 0002 permission mask allows any local, unprivileged user account to write, alter, or delete files within it.
find / -xdev -type d -perm -0002 2>/dev/nullWhat it does: Searches strictly within the local filesystem root (-xdev) for directories (-type d) that are world-writable (-perm -0002).
Why it matters: The -xdev flag is crucial here—it tells find not to wander off into virtual directories like /proc or /sys, keeping your execution fast and precise. You need to know where users or automated web exploits can drop files onto your storage drives.
🛡️ Edge-Defended Dedicated Hardware
Software-level firewalls and audit tools are your last line of defense, but heavy volumetric network flooding can still saturate your local network interface before the OS can even process the drop rules. True protection starts upstream.
👉 View Our Live Unmanaged Server Inventory to deploy dedicated hardware inherently protected by automated inline DDoS mitigation, massive port capacities, and premium network routing.
