VPS checkup (Ubuntu + Docker)
Goal
- •Produce a clear, read-only health/security/update report for an Ubuntu VPS running Docker.
- •Propose safe, minimal fixes; do not apply changes or restart anything unless the user explicitly confirms.
Inputs to ask for (if missing)
- •SSH target host alias (from
~/.ssh/configon Windows:$HOME\\.ssh\\config) oruser@ip. - •Confirm
sudoaccess and whether runningapt updateis allowed (it modifies package lists). - •Required open ports (e.g.,
22,80,443) and any non-standard SSH port. - •Where deployments live: confirm if Docker Compose is used on the VPS (common), and whether compose files are in a known path.
- •If the local
sshclient or required tools are missing, tell the user and ask whether to install them or provide command output manually.
Workflow (checklist)
- •Connect safely
- •Keep a second SSH session open before any SSH/firewall changes.
- •Record identity/time/host:
whoami,hostname -f,date -Is,uptime.
- •Collect a read-only baseline (system)
- •OS/kernel:
lsb_release -a(orcat /etc/os-release),uname -a. - •CPU/mem/disk:
topsnapshot,free -h,df -hT,lsblk. - •Services:
systemctl --failed,journalctl -p 3 -xb --no-pager(usesudoif needed).
- •OS/kernel:
- •Check security posture (read-only)
- •SSH: prefer
sudo sshd -T(fallback tosudo cat /etc/ssh/sshd_config+sshd_config.d/). - •Firewall:
sudo ufw status verbose(andsudo ufw status numbered). - •Fail2ban:
sudo fail2ban-client status(+status sshdif present). - •Listening ports:
ss -tulpn(usesudoif needed).
- •SSH: prefer
- •Check update posture (read-only by default)
- •If user allows: run
sudo apt updateto ensure accurate results. - •Then collect:
apt list --upgradable,ubuntu-security-status(if available), and/var/run/reboot-requiredpresence. - •Check unattended upgrades:
systemctl status unattended-upgrades --no-pagerand/var/log/unattended-upgrades/.
- •If user allows: run
- •Check Docker health (read-only)
- •Daemon status:
systemctl status docker --no-pager,docker info. - •Containers:
docker ps, unhealthy/restarting containers, recent restarts, anddocker stats --no-stream. - •Disk usage:
docker system dfand large log growth indicators. - •Compose overview:
docker compose ls(then inspect key projects as needed).
- •Daemon status:
- •Produce the report + recommendations
- •Use
references/report-template.md. - •Use
references/ubuntu-docker-checkup-commands.mdfor a copy/paste command set. - •Rank findings by severity and explicitly list what requires confirmation (updates, firewall changes, SSH changes, restarts, pruning, reboot).
- •Use
- •Apply fixes (ONLY with explicit confirmation)
- •Do not run
apt upgrade, change UFW rules, change SSH auth, prune Docker, restart services/containers, or reboot unless the user says to.
- •Do not run
Safety gates (non-negotiable)
- •No restarts (Docker/system services) unless the user explicitly asks for restart.
- •No SSH/firewall changes unless you have a backup access path (second session open) and the user confirms the plan.
- •Never paste secrets (tokens, private keys) into chat or logs.
Deliverable
Provide:
- •A read-only report using
references/report-template.md. - •A prioritized list of recommended fixes and which ones require explicit confirmation.
- •The exact commands run (or requested if the user ran them manually).