35 lines
987 B
Markdown
35 lines
987 B
Markdown
# Command Center Security Hardening
|
|
|
|
**Status:** Ready
|
|
**Priority:** Tier 1 - Security Foundation
|
|
**Time:** 1 hour
|
|
**Last Updated:** 2026-02-16
|
|
|
|
## Overview
|
|
Defense-in-depth security hardening for Command Center VPS (Dallas hub). Install Fail2Ban, harden SSH, review firewall rules.
|
|
|
|
## Current State
|
|
- ✅ UFW enabled (default deny incoming)
|
|
- ✅ Ports 22, 80, 443 open
|
|
- ❌ Fail2Ban not installed
|
|
- ❌ SSH allows password auth
|
|
- ❌ No rate limiting on SSH
|
|
|
|
## Tasks
|
|
1. **Install Fail2Ban** (auto-ban brute force)
|
|
2. **SSH Hardening:**
|
|
- Disable password auth (key-only)
|
|
- Optional: Change SSH port
|
|
- Set MaxAuthTries=3
|
|
3. **Review UFW rules** (close unnecessary ports)
|
|
4. **Document** in deployment-plan.md
|
|
5. **Test SSH** with keys before closing password auth
|
|
|
|
## Success Criteria
|
|
- ✅ Fail2Ban active and monitoring
|
|
- ✅ SSH key-only authentication
|
|
- ✅ Command Center locked down
|
|
- ✅ Security config documented
|
|
|
|
**Fire + Frost + Foundation** 💙🔥❄️
|