Use a security auditing tool
A security auditing tool can examine the system and note the present weak point. An example of a Open Source scanner is Lynis, available from the meta-security layer.
- Figure out how to generate audit images and how they differ from the default ones
- Enable the scanner
- Verify if the scanner runs correctly (eg. missing dependencies, busybox commands compatibility issues etc)
- Run it on all available images and store results
- Review the results and correct the issues found, or decide the change is not needed
- Document the decisions taken and reasons behind them.
- Store the audit result between releases and compare