EXAMPLE REPORT — real, unedited output (hostname sanitized) · RHEL 9 / Rocky executive← all reports
AIXray
by PowerTrue Systems · AIX · IBM Power · VIOS · Linux
Executive Summary

System health — rhel9lab

System: rhel9lab  ·  Scan date: 2026-07-04  ·  READ-ONLY — nothing was changed on the system
RED
64%
Your system needs attention now — see the top risks below.
Where things standby category
Lifecycle & support
2 healthy
GREEN
Patch & vulnerability currency
1 to fix · 4 healthy
RED
Storage & capacity
1 to watch · 3 healthy
AMBER
Performance & sizing
1 to watch · 4 healthy
AMBER
Errors & events
1 to fix · 2 to watch · 2 healthy
RED
Availability & resilience
2 to watch · 2 healthy
AMBER
Security & hardening
1 to fix · 4 to watch · 2 healthy
RED
Config hygiene
1 to watch · 3 healthy
AMBER
Monitoring & operational readiness
3 healthy
GREEN
Category results
CategoryHealthyWatchTo fixStatus
Lifecycle & support200GREEN
Patch & vulnerability currency401RED
Storage & capacity310AMBER
Performance & sizing410AMBER
Errors & events221RED
Availability & resilience220AMBER
Security & hardening241RED
Config hygiene310AMBER
Monitoring & operational readiness300GREEN
Top risksworst first
Critical
Pending security updates
Many security errata are unapplied (20) — this is what an auditor flags first and where active-exploit CVEs hide.
Addressable — see the technical report.
Critical
Failed systemd units
2 systemd unit(s) are in the failed state — each is a service that could not start or crashed; this is the first thing to fix.
Addressable — see the technical report.
Critical
SSH ciphers
Weak/legacy SSH ciphers (CBC, arcfour, 3DES) are offered — a routine audit and cyber-insurance finding, and CBC has known padding-oracle issues.
Addressable — see the technical report.
High
Host firewall
No host firewall (firewalld/nftables) is active — the host relies entirely on upstream network controls; every listening port is directly reachable if the network path allows.
Addressable — see the technical report.
High
Passwordless sudo (NOPASSWD)
3 sudoers rule(s) grant passwordless root — a stolen key or hijacked session for those principals becomes root with no second check.
Addressable — see the technical report.
What a scan cannot see

A scan reads what a system looks like right now. It cannot confirm that your backups actually restore, that monitoring alerts reach a person who acts on them, or that change-control, access reviews and day-to-day staff practices are being followed. Those are worth a short conversation, not another tool.

This is the health of your systems, in plain terms. It is also what we do — every day, on systems like yours — and we watch them so the next finding never becomes an outage. Walk these results with an engineer (free, no obligation): powertruesystems.com.