this post was submitted on 14 Apr 2026
26 points (93.3% liked)

Selfhosted

58486 readers
526 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
26
Security Scanning (lemmy.ml)
submitted 14 hours ago by Zenlix@lemmy.ml to c/selfhosted@lemmy.world
13 comments fedilink hide all child comments
 

Hey guys. I have a few selfhosted systems that are available to the public. Its getting difficult to notice if any wrong port is still open or some web server is out of date. I am looking for a (foss) tool that can reguarly monitor my systems (via their public ip/domain) and notify me if any port that I not specifically allowed (in a config) is open. Additionally it would be cool if it checked all open ports if they provide out of date software (like webservers) or known security issues.

I found nikto, but it feels like its doing only half of what I want. greenbone feels way to bloated for my use case.

Do you know any kind of software that would do something like that?

you are viewing a single comment's thread
view the rest of the comments
[–] uenticx@lemmy.world 2 points 13 hours ago (1 children)

Its getting difficult to notice if any wrong port is still open or some web server is out of date

This isn't generally done with security scanners unless you're running hundreds of nodes. Use iptables rules with inclusive rules only to block ports. Keep your software inventoried for the rest, or some sort of basic configuration management.

If you don't have these basics, what good is a scanner going to do for you?

[–] non_burglar@lemmy.world 1 points 2 hours ago

Yeah, I agree. Not knowing what ports might be open on a single egress shouldn't happen.