Are there some automated penetration testing tools to test against my server? I would like to know basic stuff like the following.<p>1) Only SSH and HTTP ports should be open
2) Root login is disabled via SSH,
3) SSH uses only public key authentication and does not use password based auth<p>The idea is to have a quick tool that checks and reports if we miss setting up a firewall and such. I have root access on all my machines so any tool that runs on the machine is also fine.
Nessus? I never tried it but i think it's what you are looking for.<p><a href="http://www.tenable.com/products/nessus" rel="nofollow">http://www.tenable.com/products/nessus</a>