Security & Patching

• Apply outstanding OS and package security updates
• Verify patch application completed cleanly
• Apply vendor firmware updates (network devices, HPE iLO, drives)
• Review installed packages and remove unnecessary attack surface
• Check open ports and exposed services against expected baseline
• Review user accounts, sudo access, and SSH configuration

Logs & Health

• Review system logs and application logs for errors, warnings, and anomalies
• Verify log rotation is configured correctly and running
• Check filesystem usage and clear stale files, temp data, and old packages
• Review RAID array state; identify degraded arrays, failed members, and rebuild status
• Check service states, failed systemd units, and scheduled task outcomes
• Review TLS certificate expiry and renew where required

Backup Verification

• Confirm backup jobs completed successfully since last visit
• Test restore of a recent backup to verify restorability
• Check backup storage consumption and retention policy adherence
• Verify offsite or cloud copy is current

Network & Hardware

• Apply firmware updates to routers, switches, and firewalls in maintenance windows
• Review firewall rules and ACLs for redundant or overly permissive entries
• Check interface error rates, spanning tree state, and neighbour adjacencies
• Review VPN tunnel health and IPsec SA state

• Operating system, installed stack, and key package versions
• Services that must be running and services that must not be present
• Open ports: what is expected, and whether each is local or internet-facing
• Network path to the outside world and expected ingress/egress points
• Expected CPU, RAM, and disk utilisation ranges
• Authorised user accounts, sudo and administrator access
• Backup schedule, retention policy, and destination

The profile is the baseline. An unexpected open port, an unfamiliar user with sudo access, a service that should not be running, or resource usage outside the expected range; all of these are immediately visible because the engineer knows precisely what the system should look like.

We have tooling that takes the profile and automates much of the comparison work: checking open ports against the expected list, detecting new or removed user accounts, flagging unusual file ownerships, identifying services not in the profile, and spotting excessive log file generation. The tooling produces a diff of what has changed or drifted since the last visit, and the engineer's focus goes straight to the things that need investigation rather than manually working through the whole checklist from scratch.

That is what makes the process fast. An experienced engineer can complete a full PM of a Linux server running a LAMP stack in around ten minutes, not a half-day exercise. Ten minutes weekly, monthly, or on whatever schedule suits the asset.

• Regular patching windows matched to your change control process
• Monthly full-estate health review across all registered assets
• Quarterly deep review: security posture, capacity trends, backup integrity
• Annual configuration audit against hardening baseline

• CVE published with CVSS score above threshold: patch task raised against affected assets
• Vendor critical advisory: firmware or configuration review triggered
• Monitoring alert (RAID degradation, disk failure, service): investigation task auto-raised
• Backup failure detected: immediate verification and remediation task