Initial commit

docs/security-hardening.md

@@ -0,0 +1,7 @@
+# Securing the VPS
+## Network Security
+- **SSH Hardening**: Password authentication disabled, root login disabled, key-only authentication
+- **Firewall Configuration**: UFW with deny-all incoming, allow-all outgoing defaults
+- **Fail2ban**: SSH brute-force protection with configurable ban times
+- **Kernel Network Hardening**: IP forwarding disabled, source routing blocked, ICMP redirects disabled
+