First thing I did was cat /etc/redhat-release. It’s how I found out they told me they were RHEL 6.8 but nope they’re RHEL 6.10 servers.
Then they wrote scripts to do what the top utility in Linux does. That blew my mind. But I did point out after reviewing /var/log/secure that qualys01 had numerous entries where it was denied access. OOOPS!