server_lock
Harden a server to production standard by applying 24 hardening steps in a single SSH session, covering SSH, fail2ban, UFW, Docker, and more, with audit score comparison.
Instructions
Harden a server to production standard. Applies 24 hardening steps in a single SSH session covering SSH, fail2ban, UFW, sysctl, unattended-upgrades, Docker daemon, auditd, AIDE, and more. Requires production=true (safety gate). Pass dryRun=true to preview. Platform-aware: preserves Coolify/Dokploy ports. Shows audit score before and after. Requires SSH access. For fine-grained SSH/firewall/domain changes use server_secure instead.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| force | No | Force lock even if server already appears hardened. | |
| dryRun | No | Preview changes without applying. Returns what would be done. Bypasses the production safety gate. | |
| server | No | Server name or IP. Auto-selected if only one server exists. | |
| production | No | Set to true to confirm hardening intent. Required to apply 19 hardening steps (safety gate). Omit or pass false to preview with dryRun=true. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |