Summary
A solid starting point for locking down Linux boxes with CIS-aligned configs. Covers the usual suspects: SSH hardening (no root login, key-based auth only), firewall rules via UFW or iptables, kernel parameter tweaks in sysctl, and auditd for tracking changes to sensitive files. The examples are copy-paste ready, which is helpful when you're setting up a new production server or trying to pass a compliance audit. It won't do everything for you, but it gives you the essential commands and config snippets in one place. Pair it with fail2ban and SELinux/AppArmor as suggested and you've got a reasonable baseline for most deployments.
Install to Claude Code
npx -y skills add bagelhole/devops-security-agent-skills --skill linux-hardening --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
