How secure are your endpoints — really? Lorika performs 190+ automated security checks across 8 categories, covering authentication, network, filesystem, kernel hardening, software patches, services, SSH, and audit logging. Know your posture. Prove your compliance.
Each check contributes to a weighted Security Score. Results are mapped to 8 compliance frameworks automatically.
Password policy, SSH hardening, brute-force protection, NOPASSWD sudoers, MFA enforcement, admin group audit.
Firewall status, risky open ports, 20+ dangerous exposed services, DNS-over-TLS, NTP config, NAT detection.
Full-disk encryption, world-writable files, SUID/SGID binaries, home directory permissions, sensitive file perms.
ASLR, NX/DEP, SIP (macOS), Secure Boot, SELinux/AppArmor, core dump disabled, kernel module blacklist.
Pending OS updates, auto-updates config, EOL OS detection, pending kernel reboot, untrusted repos.
Screen lock, antivirus/EDR, Docker daemon security, privileged containers, Content Trust, sharing services.
PermitRootLogin, PasswordAuth, MaxAuthTries, AllowTcpForwarding, ClientAliveInterval, key algorithm strength.
auditd running, log retention policy, syslog configured, privileged command audit rules, log integrity.
Lorika doesn't just run checks — it provides a complete endpoint security intelligence layer.
Every installed package is matched against OSV.dev CVE databases. Severity breakdown (Critical/High/Medium/Low), fix availability tracking, per-device CVE timeline, fleet-wide vulnerability dashboard.
Complete package list via dpkg, rpm, apk, pacman, brew, and Windows package managers. Searchable. Tracked per scan for change detection across your entire fleet.
CPU, RAM, disk usage per device. Historical tracking and trend analysis. Infrastructure health dashboard monitoring API, database, and Redis status.
Agent caches previous results and only sends changed checks. Three-timer architecture (heartbeat 3 min, quick 15 min, full 60 min) reduces bandwidth by ~90%.
Open port scanning, exposed service detection (Redis, MongoDB, MySQL, PostgreSQL, SMB, RDP, and 14+ more), NAT detection, and external reachability verification.
Agent updates itself on startup and every 6 hours. Binary integrity verified with SHA-256 checksums. Zero downtime, zero user interaction, zero manual maintenance.
Apple Silicon (M1-M4) and Intel. macOS 12 Monterey or later. FileVault, SIP, Gatekeeper, macOS sharing services, launchd integration. One-line install.
x64 architecture. Windows 10 (1903+) or Server 2019+. BitLocker, Windows Firewall, Windows Defender, Windows services monitoring. MSI or PowerShell install.
x86_64 and ARM64. Ubuntu 20.04+, Debian 10+, RHEL 8+, Fedora 38+. LUKS, SELinux/AppArmor, systemd, auditd, PAM. Shell one-liner install.
Free forever for personal use. 190+ checks, 8 categories, real-time Security Score. Install in 3 minutes.
Create free account →