There are many tutorials on how to set up a new secured server.
But what if I have to administrate a server someone else had set up some time ago and I don't know much about its configuration yet?
Is there some tool which automatically checks the "usual suspects" or some checklist I can go through to make sure no obvious security holes exist? Are there web services which check remotely for vulnerabilities?
Download Nessus and perform a network check on it. It will tell you about remotely exploitable vulnerabilities.
Also, install Ossec; although it is not its primary purpose, it will find some common misconfigurations (improperly configured accounts for example). And its primary function -- host based intrusion detection -- will help find if someone is trying to exploit vulnerabilities.Tweet