VPS Hardening
Security auditing and automated hardening for remote servers.
Commands
/harden audit <host>
Run security audit against a server. Checks:
- •System updates
- •Auto-updates configuration
- •SSH root login status
- •Password authentication
- •Firewall status
- •Fail2ban status
- •System uptime
- •Listening services
- •Sudo user configuration
/harden fix <host>
Apply safe fixes that won't lock you out:
- •Install system updates
- •Enable unattended-upgrades
- •Configure UFW firewall
- •Install and enable fail2ban
- •Set SSH MaxAuthTries
/harden emergency <host>
Quick 10-minute hardening for new servers:
- •Full system update
- •Firewall setup
- •Fail2ban installation
- •Root password lock
/harden report <host>
Generate markdown security report.
Options
| Option | Description |
|---|---|
--user=NAME | SSH user (default: root) |
--dry-run | Preview changes without applying |
Examples
code
/harden audit 192.168.1.100 /harden fix myserver.com --user=admin /harden emergency vps.example.com --dry-run /harden report server.io > security-report.md
Security Checks
| Check | Pass Criteria |
|---|---|
| System Updates | 0 pending updates |
| Auto Updates | unattended-upgrades installed |
| Root Login | PermitRootLogin no |
| Password Auth | PasswordAuthentication no |
| Firewall | UFW active or iptables configured |
| Fail2ban | Service running |
| Uptime | < 90 days |
| Services | < 10 listening ports |
| Sudo Users | At least one non-root sudo user |
| MaxAuthTries | Set to 3 or less |