Book a Free Linux Infrastructure Audit

Free 30-Min Infrastructure Audit

No obligation. No jargon. Book below.

Book a Free Linux Infrastructure Audit

AV Services · avservices.in · Mumbai, India

Know Exactly Where Your Servers Stand. No Cost. No Obligation.

Most businesses running Linux servers do not know their current security posture. Not approximately — precisely. They do not know which CVEs apply to the kernel they are running. They do not know whether their backup restored cleanly last month, or whether it has been tested at all. They do not know which ports are open and whether every open port has a current justification. They do not know whether a former employee’s SSH key is still active on their production server.

They are not careless businesses. They are businesses where infrastructure knowledge lives in the gap between the person who built the server and the team that runs on top of it — a gap that exists in almost every organisation that has not assigned ongoing, formal ownership of its Linux infrastructure.

The free Infrastructure Audit closes that gap. In 30 minutes of conversation and five business days of analysis, you will know exactly where your server stands — not approximately, not based on assumptions about what was configured at launch, but based on what is actually running on your actual server today.

That knowledge is the beginning of everything else.

What the Audit Covers

The Infrastructure Audit is a comprehensive read-only assessment of your Linux server environment. No write access is required at any stage. Your production systems are not touched, modified, or disrupted. The assessment is conducted entirely through observation — examining what is running, how it is configured, and how it compares against current best practices and the current threat landscape.

Operating system and kernel assessment. The current kernel version is checked against the CVE database for known vulnerabilities. The OS release is verified against its support lifecycle — end-of-life operating systems receive no security patches from their vendors, making every vulnerability discovered after the EOL date permanently unpatched. Package versions are reviewed for known CVEs across the full installed package list.

Security configuration review. SSH configuration is examined — whether root login is permitted, whether password authentication is enabled, what the current key management looks like, whether there are anomalies in recent authentication logs. Firewall rules are reviewed for completeness, accuracy, and whether the current ruleset reflects a deliberate access policy or an accumulated history of individual decisions. fail2ban status and configuration are checked.

Open port assessment. Every open port is identified and documented. Each is cross-referenced against the running services to verify that what is listening corresponds to what should be listening. Ports that cannot be explained by a current service are flagged.

User account and access review. All user accounts are listed and reviewed. sudo privileges are documented. SSH keys are inventoried. The account list is cross-referenced against current operational requirements to identify accounts that may represent former employees, former contractors, or historical access grants that have not been reviewed.

Backup configuration assessment. The current backup configuration is examined — what is being backed up, where it is going, how frequently it runs, what the retention policy is, whether the destination is genuinely separate from the primary storage, and whether there is evidence of successful recent completion. If a restore test has been performed, the date and result are noted.

Disk, memory, and performance review. Current disk usage and usage trends are examined. Memory utilisation and any evidence of leaks or sustained pressure is reviewed. CPU load patterns are assessed. The review identifies any resource constraint that is developing toward a critical threshold.

Running services and process review. The full list of running services and processes is examined. Services that are running without a clear operational justification are identified. Unnecessary services represent both an attack surface and a resource overhead with no corresponding benefit.

Log analysis. Recent system logs, authentication logs, and application logs are reviewed for anomalies — unusual access patterns, repeated errors, signs of automated probing or brute-force activity, service failures that have not triggered visible application errors.

Configuration and cron job review. Key configuration files are examined for common misconfigurations. Scheduled cron jobs are documented and reviewed for current relevance and correct operation.

What You Receive

Within five business days of the audit access being granted, you receive a written Infrastructure Audit Report. The report is structured, specific, and actionable — not a generic checklist applied to every server, but a document written for your specific environment with findings that reflect what was actually found on your actual server.

Executive summary. A one-page overview of the audit findings, written for a non-technical founder or senior manager. The overall risk level is characterised — not numerically scored on an arbitrary scale, but described accurately in plain language. If the server is in good shape, the report says so. If it has significant vulnerabilities requiring prompt attention, the report says that too.

Critical findings. Any finding that represents an immediate and material risk to the security or availability of the server is listed first, with a clear description of the risk and a specific remediation recommendation. Critical findings are those that require prompt attention — not eventually, not in the next quarterly planning cycle, but within days.

High severity findings. Findings that represent significant risk and should be addressed within the current month. These are typically configuration issues, unpatched vulnerabilities with public exploits, or access management gaps that create meaningful exposure.

Medium severity findings. Findings that represent meaningful risk but do not require immediate action. These are addressed in the normal course of ongoing maintenance if a retainer is established, or on a planned schedule for clients addressing the findings independently.

Low severity findings. Observations and recommendations that represent best practice improvements rather than material risks. These include configuration optimisations, documentation gaps, and minor housekeeping items.

Remediation roadmap. A prioritised list of recommended actions, in the order they should be addressed, with an estimated effort for each. The roadmap gives the client or their technical team a clear path from the current state to a properly hardened and maintained server without requiring them to determine the sequence independently.

Current state summary. A reference section documenting the current state of the server across all assessed dimensions — OS version, kernel version, key configuration settings, open ports, user accounts, backup status, and resource utilisation. This document serves as the baseline against which future changes can be measured.

Who This Audit Is For

The Infrastructure Audit is designed for any business running a Linux server in production that does not have a dedicated, active infrastructure management process in place.

Founders and CTOs who built the server themselves, or oversaw its construction, and have not had the bandwidth to maintain it actively since launch. You know the server needs attention. The audit tells you precisely what attention it needs, in what order, with what urgency.

Engineering managers whose team is responsible for the infrastructure but whose primary focus is the product. The audit gives you a documented picture of the infrastructure risk your business is carrying — information you need to make informed decisions about whether to address it internally or engage a specialist.

Businesses that have recently experienced an incident — an outage, a performance problem, a security concern — and want to understand whether the incident was symptomatic of broader infrastructure issues or an isolated event. The audit answers that question with evidence rather than reassurance.

International companies with India-based infrastructure or Indian clients that need confidence in the reliability and security of their Indian server environment. The audit produces a document in clear professional English that meets the documentation standards international businesses require.

Businesses evaluating a managed retainer who want to make an informed decision based on actual findings rather than a sales conversation. The audit report is the basis on which the retainer scope and pricing are confirmed. There is no obligation to proceed with a retainer after receiving the audit report. Many clients do. Some address the findings independently. The audit report is yours regardless.

What the Audit Is Not

The Infrastructure Audit is a read-only assessment. Nothing on your server is changed during the audit. No software is installed. No configuration is modified. No services are restarted. The assessment is conducted entirely through observation of the current state.

The audit is not a penetration test. It does not involve attempting to exploit identified vulnerabilities or test the server’s defences under active attack conditions. It is an assessment of configuration and current state against best practices and known vulnerability data — a different and complementary activity to penetration testing.

The audit does not require extended access. SSH access is granted for the duration of the audit, typically two to four hours of active assessment time spread across one to two days. After the assessment is complete, access can be revoked immediately if the client prefers. The audit report is delivered from the data collected during that window.

The audit is not a commitment to a retainer. There is no obligation, no pressure, and no follow-up sales process if you prefer not to proceed further. The report is delivered. The findings are explained. What happens next is entirely your decision.

The Process

Step one — Initial conversation. A 30-minute call or video meeting in which you describe your server environment — the number of servers, the operating system, the applications running, the current management arrangements, and any specific concerns you have. No access is requested at this stage. The purpose is to understand the scope of the assessment so that the audit is focused on what matters most for your specific environment.

Step two — Read-only access. Following the initial conversation, a minimal SSH access arrangement is established. The access requested is the minimum necessary for the assessment — typically a read-only user account with sufficient permissions to examine configuration files, running processes, and log files. You retain full administrative control throughout. No changes are made.

Step three — Assessment. The assessment is conducted over one to two days of active work. Your server continues to run normally throughout. Users are not affected. Services are not disrupted.

Step four — Report delivery. Within five business days of access being granted, the written Infrastructure Audit Report is delivered by email. The report is typically eight to fifteen pages depending on the complexity of the environment and the number of findings.

Step five — Review call. A 30-minute call to walk through the findings, answer questions, and discuss the remediation roadmap. This call is included in the audit at no additional cost. It is not a sales call — it is a technical discussion of what was found and what it means.

That is the complete process. No complexity. No extended procurement. No waiting weeks for a scheduling slot. The audit begins within a few days of the initial conversation and the report is delivered within the week that follows.

Pricing

The Infrastructure Audit is offered free of charge as the first step in the AV Services engagement process.

For clients who proceed to a retainer following the audit, there is no audit fee. The audit is included as part of the onboarding process.

For clients who receive the audit report and choose to address the findings independently, the audit remains free. There is no retroactive charge. No minimum engagement requirement. No obligation of any kind beyond the time invested in the initial conversation and the access window.

For environments of significant complexity — multiple servers, custom configurations, specialised infrastructure requirements — a paid audit engagement is available at ₹10,000 to ₹25,000 depending on scope. This applies to larger environments where the assessment requires substantially more time and analysis than a standard single-server audit. The scope and fee for complex audits are agreed in advance, before access is granted.

For international clients, the paid audit is available at $150 to $350 depending on environment complexity. As with domestic clients, the fee is waived with a three-month retainer commitment.

Frequently Asked Questions

How long does the audit take? The initial conversation takes 30 minutes. The assessment itself takes one to two days of active work on the server — this happens in the background while your server runs normally. The report is delivered within five business days of access being granted. Total elapsed time from initial contact to report delivery is typically one to two weeks.

What access do you need? Read-only SSH access with sufficient permissions to examine configuration files, running processes, logs, and installed packages. Typically this is a dedicated audit user account created for the purpose. You retain full administrative access throughout. Access can be revoked the moment the assessment is complete.

Will the audit affect my server’s performance? No. The assessment tools used produce negligible load — comparable to a developer SSH session. Your application performance and user experience are not affected.

What if the findings are serious? If the assessment identifies critical vulnerabilities requiring immediate attention, you will be informed before the formal report is delivered. You will not wait five days to learn that something requires urgent action.

Do I have to sign up for a retainer? No. The audit report is yours. What you do with it is your decision entirely. Many clients proceed to a retainer on the basis of the audit findings. Some address the findings with their internal team. Some file the report and address findings over time. There is no pressure and no follow-up sales process if you prefer not to proceed.

Is the audit really free? Yes. For standard single-server environments, the audit is free with no conditions attached. For complex multi-server environments, a paid option is available at a fee agreed in advance. The scope is confirmed in the initial conversation so there are no surprises.

Can you audit a server we did not build? Yes. The audit is particularly valuable for servers built by contractors, freelancers, or previous team members whose configuration decisions are not fully understood by the current team. The report documents the current state of the server regardless of how it came to be in that state.

What about confidentiality? All information obtained during the audit is treated as strictly confidential. NDA available on request before access is granted. Infrastructure details are never shared with third parties.

We are based outside India. Can you audit our servers remotely? Yes. Remote audits are conducted for international clients in the same way as domestic ones — via SSH, with the same read-only access model, the same report format, and invoicing in USD. Time zone differences are managed to ensure the access window and communication are convenient for the client.

To Book Your Audit

Contact AV Services by email with a brief description of your server environment — the number of servers, the operating system if known, and any specific concerns you have. An initial conversation will be scheduled within one business day.

Email: arun@avservices.in

Website: avservices.in

Response to audit requests: Within one business day

WhatsApp: Available on request for time-sensitive enquiries

Location: Mumbai, India · IST (UTC+5:30)

Availability: 24 hours a day · 7 days a week

The Conversation That Costs Nothing and Prevents a Great Deal

The Infrastructure Audit is 30 minutes of your time and five business days of waiting for a report that tells you exactly where your server stands.

The alternative is not knowing — and in infrastructure management, not knowing is not a neutral state. It is a state in which conditions that may already be present on your server continue to develop, undetected, until they produce an outcome that is more expensive and more disruptive than the audit that would have surfaced them.

The audit costs nothing. The information it produces is the most accurate picture of your infrastructure risk that exists. What you do with that information is your decision.

Make the decision from knowledge rather than assumption.

arun@avservices.in · avservices.in · Mumbai, India

AV Services · avservices.in · Mumbai, India Linux Infrastructure Care & Maintenance Since 1999 Free Infrastructure Audit · No Write Access · No Obligation · Report Within 5 Business Days