3542afbe28
Phase 1 of task management consolidation (per Gemini consultation). Added standardized frontmatter with: - status: open | blocked | complete - priority: P1 | P2 | P3 | P4 - owner: Michael | Meg | Holly - created: YYYY-MM-DD Final counts: - 39 open tasks - 17 complete tasks - 1 blocked task Metadata extracted from existing inline markdown and audit results. Ready for Phase 2: 11ty mobile index generation. Chronicler #69
42 lines
1.0 KiB
Markdown
42 lines
1.0 KiB
Markdown
---
|
|
status: open
|
|
priority: P1
|
|
owner: Michael
|
|
created: 2026-01-01
|
|
---
|
|
|
|
# Command Center Security Hardening
|
|
|
|
**Status:** Ready
|
|
**Priority:** Tier 1 - Security Foundation
|
|
**Time:** 1 hour
|
|
**Last Updated:** 2026-02-16
|
|
|
|
## Overview
|
|
Defense-in-depth security hardening for Command Center VPS (Dallas hub). Install Fail2Ban, harden SSH, review firewall rules.
|
|
|
|
## Current State
|
|
- ✅ UFW enabled (default deny incoming)
|
|
- ✅ Ports 22, 80, 443 open
|
|
- ❌ Fail2Ban not installed
|
|
- ❌ SSH allows password auth
|
|
- ❌ No rate limiting on SSH
|
|
|
|
## Tasks
|
|
1. **Install Fail2Ban** (auto-ban brute force)
|
|
2. **SSH Hardening:**
|
|
- Disable password auth (key-only)
|
|
- Optional: Change SSH port
|
|
- Set MaxAuthTries=3
|
|
3. **Review UFW rules** (close unnecessary ports)
|
|
4. **Document** in deployment-plan.md
|
|
5. **Test SSH** with keys before closing password auth
|
|
|
|
## Success Criteria
|
|
- ✅ Fail2Ban active and monitoring
|
|
- ✅ SSH key-only authentication
|
|
- ✅ Command Center locked down
|
|
- ✅ Security config documented
|
|
|
|
**Fire + Frost + Foundation** 💙🔥❄️
|