Also of note, automating these sorts of checks are a lot easier than you'd expect. There's InSpec and the Linux baseline profile already built for it, and you can pretty easily write your own. No agent, nothing on the target server(s) except SSH and some basic tools that are probably already installed.
Blew my mind the first time I saw I could run a report and iterate through a fleet of servers with it.
I knew about automatization (mostly for monitoring purpose) but I didn't know about InSpec! I will give it a try, thanks!
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.