free · read-only · stdout only

Your Linux server, scored in 30 seconds.

A small Bash script that prints a 0-10 hygiene score for one Ubuntu / Debian / Amazon Linux box. No agent. No upload. No phone-home. You can read every line before you run it — and you should.

Install

Read it first. It's about 230 lines.

curl -fsSL https://blog.richgibbs.dev/quickcheck-mini/free-quickcheck-mini.sh -o quickcheck-mini.sh
less quickcheck-mini.sh           # please actually read it
bash quickcheck-mini.sh

Prefer to skip the read step? Don't. But if you must: curl -fsSL https://blog.richgibbs.dev/quickcheck-mini/free-quickcheck-mini.sh | bash

What it checks

OS version and rough end-of-life status
SSH: root login policy, password vs. key auth
Firewall presence (UFW / firewalld / nftables / iptables)
Services listening on every interface (0.0.0.0, ::)
Pending security updates (apt / dnf / yum)
Whether automatic security updates are enabled
EC2 IMDSv1 reachability (when running on EC2)
Docker socket exposure and unauthenticated :2375
Time / NTP synchronization
Uptime / time since last reboot

What it does not do

It never writes a file.
It never installs anything.
It never makes an outbound network connection.
It never prints your hostname, IP addresses, MAC addresses, or machine ID.
It is not an audit, a compliance scan, or a certification. It is a tire-kick.

Sample output

==============================================
 free-quickcheck-mini 0.1.0 — local report
==============================================
 Score:  6/10   (pass=6 warn=4 fail=2 skip=1)
----------------------------------------------
 FIX NOW:
  ✗ SSH password auth enabled — switch to key-only
  ✗ EC2 IMDSv1 still reachable — enforce IMDSv2

 REVIEW:
  ! 3 services listening on all interfaces — confirm intentional
  ! Automatic security updates not detected
  ! Docker socket present (660 docker)
  ! Uptime 214 days — plan a reboot

 LOOKS OK:
  ✓ OS family supported (ubuntu 22.04)
  ✓ UFW firewall active
  ✓ Time synchronization active
  ...
==============================================

See a longer sample run →

Want a deeper report on one host? QuickCheck pilot — $149.

The free script is a sanity check. The pilot is the real thing:

Run on one host you choose, with your consent and your supervision.
Goes well past the free tool: cloud-side checks, IAM hygiene, log retention, backup posture, kernel CVE exposure.
Written report (PDF + Markdown) you can hand a junior engineer or a vendor.
30-minute review call to walk through the findings.
One-time $149. No subscription. No upsell to a platform.

Book a QuickCheck pilot →

Why we built it this way

Hosted security scanners ask for an SSH key, an IAM role, or an agent. That's a fine business model. It's also why a lot of small teams never run any scan at all. We wanted a magnet that respects the kind of engineer who reads scripts before they run them.

So: the free tool does what it says on the box, in code you can audit on a phone screen. If you trust what you read, you'll trust the pilot.

Honest scope

This script is not a certification, not a compliance audit, and not endorsed by AWS, Canonical, Red Hat, or anyone else. It does not guarantee security; nothing does. It is a small set of opinionated checks written by a human who has been handed too many neglected Linux boxes. Treat the score as a conversation starter, not a verdict.