Production-grade security configurations for Ubuntu/Debian servers.
**What’s Included:**
• UFW firewall ruleset (allowlist approach)
• Fail2ban config — SSH, Nginx, WordPress brute force
• SSH hardening: key-only auth, no root login, custom port
• Kernel sysctl hardening (network, memory, process limits)
• Automatic security updates (unattended-upgrades)
• Audit script — checks your server against CIS benchmarks
• Nginx WAF rules — SQL injection, XSS, path traversal
**Why this pack?** Every server needs hardening. This pack gives you 10+ config files with comments — paste and deploy. Tested on 9 production servers.
**Tech:** UFW · Fail2ban · Nginx · SSH · sysctl · auditd
What You Get
- 📦 Security Hardening Pack