VPS Hardening
Security auditing and automated hardening for remote servers.
Commands
/harden audit <host>
Run security audit against a server. Checks:
-
System updates
-
Auto-updates configuration
-
SSH root login status
-
Password authentication
-
Firewall status
-
Fail2ban status
-
System uptime
-
Listening services
-
Sudo user configuration
/harden fix <host>
Apply safe fixes that won't lock you out:
-
Install system updates
-
Enable unattended-upgrades
-
Configure UFW firewall
-
Install and enable fail2ban
-
Set SSH MaxAuthTries
/harden emergency <host>
Quick 10-minute hardening for new servers:
-
Full system update
-
Firewall setup
-
Fail2ban installation
-
Root password lock
/harden report <host>
Generate markdown security report.
Options
Option Description
--user=NAME
SSH user (default: root)
--dry-run
Preview changes without applying
Examples
/harden audit 192.168.1.100 /harden fix myserver.com --user=admin /harden emergency vps.example.com --dry-run /harden report server.io > security-report.md
Security Checks
Check Pass Criteria
System Updates 0 pending updates
Auto Updates unattended-upgrades installed
Root Login PermitRootLogin no
Password Auth PasswordAuthentication no
Firewall UFW active or iptables configured
Fail2ban Service running
Uptime < 90 days
Services < 10 listening ports
Sudo Users At least one non-root sudo user
MaxAuthTries Set to 3 or less