HN Showcase
Back to browse
GitHub Repository

Idempotent VPS hardening for Ubuntu — SSH, firewall, fail2ban, kernel tuning, auditd, SOPS secrets, and optional AI agent workspace security. Dry-run first, lockout protection built in.

17 starsShell

VPS-Harden, an Idempotent Bash Script to Harden Ubuntu VPS

by ranbo·Feb 16, 2026·2 points·1 comment
Visit ProjectView on HN

AI Analysis

●●SolidSolve My ProblemNiche Gem
The Take

If you manage small VPSes this removes the usual nail-biting: every change is previewed, the script is idempotent, and SSH edits come with automatic lockout rollback. It's a single-file, zero-deps tool with 14 modular steps (firewall, fail2ban, kernel tuning, auditd, SOPS support) and CI/ShellCheck badges — great for one-off servers, but not a fleet management replacement for Ansible or cloud-init.

Category
Security
Target Audience

Sysadmins, DevOps engineers, SREs, and small VPS owners who need repeatable server hardening

Similar Projects

Infrastructure●●Solid

Mail Server Builder – Deploy a Full Mail Server on Ubuntu from Windows

This is useful because it turns the infamous 'mail server final boss' into a largely GUI-driven, repeatable workflow: SSH provisioning, DKIM/SPF/DMARC setup, Let's Encrypt, firewall and fail2ban hardening, plus DNS automation via Linode API and installation logs for auditing. It doesn't invent a new mail stack — it wraps established components into a Windows-friendly multi-server manager — which makes it genuinely handy for Windows-first folks who'd otherwise fumble config files and deliverability pitfalls. Watch out for the usual caveats: choice of VPS (port 25) and DNS provider integrations limit the out-of-the-box experience.

Niche GemSolve My Problem
tungkaiying
114mo ago