Maybe also a manual check to check the server logs, under /var/log. There's a lot that could potentially be in there that might be useful. E.g. signs of hackers.
If someone was providing a 'comprehensive review service' it'd be really useful for the Health Check to sign post them to everything to check.
EDIT: Done

I've just done this via some manual notes.
Trying to automate it would be unfeasible because it would only work for Linux systems, where it's not a VPS, where there is hardware support, and where the Composr administrator has configured device IDs in the config, and has the correct Linux packages installed. That's a tiny tiny audience.