Recommendation for simple security check

A nice basic hardness check that I really like is Lynis (can do "apt-get install lynis" although repo might be a few minor versions out of date).

The next step after that is running an IDS. A really good choice here is OSSEC. This isn't overly complex and has a lot of benefit. Many of the other open source choices in this area, such as Tripwire, are a waste of time because they aren't maintained anymore (usually the developers are now focused on commercial enterprise versions).

If you want to check your SSL "hardness" a great free service is SSL Server Test by Qualys SSL Labs.

Beyond the open source stuff you can run free-trials, or community editions, of some of the better commercial tools. For example: * Qualys ExpressGuard Lite, Trial version will do external scan, internal system scan, and a web app scan (same guys who run the free SSL Server Test mentioned above).
* Rapid7 Nexpose Community edition.
* beyondtrust Retina CS Community Edition (I've never been able to test this tool because it requires a Windows server as the scan launcher).

> A nice basic hardness check that I really like is Lynis (can do "apt-get install lynis)"

Thanks. I take this to mean that it must be installed first.

Would there be any other option that does not need to be installed? IOW it would just make a "scan" from the outside?