Enterprise-grade server security hardening and monitoring toolkit
Transform your Linux servers into impenetrable fortresses with automated security hardening, real-time monitoring, and multi-server deployment capabilities.
# 1. Download and setup
git clone https://github.com/xploz1on/astro-server.git
cd astro-tech
chmod +x astro
# 2. Run it! π
./astroThat's it! Astro Server will show you a beautiful interactive menu. No need to remember commands or profiles!
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π‘οΈ ASTRO SERVER MENU β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Available Operations:
1) π‘οΈ Harden Server - Interactive security hardening
2) π Generate Report - Security status report
3) π Deploy to Multiple - Deploy via Ansible
4) π System Check - Compatibility verification
5) π Update Toolkit - Update Astro Server
6) βΉοΈ Version Info - Show version details
7) β Help - Show detailed help
0) πͺ Exit - Exit Astro Server
Quick Profiles:
dev) π» Development - VS Code compatible
prod) π΄ Production - Maximum security
bal) π‘ Balanced - Asks about VS Code
web) π Web Server - Web applications
db) ποΈ Database - Database servers
a) β‘ Aggressive - High security (legacy)
p) π Paranoid - Maximum security (legacy)
Enter your choice:
Just type a number or letter and press Enter! π
# Quick hardening with specific profiles
./astro harden --profile development # VS Code compatible development
./astro harden --profile production # Maximum security for production
./astro harden --profile balanced # Asks about VS Code support
./astro harden --profile webserver # Optimized for web applications
./astro harden --profile database # Maximum security for databases
# Generate security report
./astro report
# System compatibility check
./astro check
# Multi-server deployment
./astro deploy --inventory hostsAstro Server includes intelligent VS Code compatibility:
# π RECOMMENDED: Interactive approach (safest)
./astro
# Choose "1" then select "bal" for balanced profile
# You'll be asked about VS Code support during deployment
# Quick shortcuts for VS Code users
./astro dev # Development profile (always VS Code compatible)
./astro bal # Balanced profile (asks about VS Code)
# For production servers (VS Code disabled by design)
./astro prod # Production profile (maximum security)π‘οΈ Safety First: Astro Server will never break your SSH connection. All changes are applied safely with:
- Automatic SSH connection verification
- Backup creation before modifications
- Interactive confirmation for risky changes
- Easy rollback capabilities
- β¨ Why Astro Server?
- π Features
- π‘οΈ Security Features
- π§ Supported Distributions
- π Documentation & Advanced Usage
- π― Roadmap
- π€ Contributing
- π License
- π Support & Community
- π― One Command Launch - Just run
./astroand you're ready to go! - π‘οΈ Enterprise-Grade Protection - Multi-layer security used by Fortune 500 companies
- π Beautiful Reporting - Professional security reports that executives love
- π€ Automation Ready - Scale from 1 to 1000+ servers with Ansible
- π§ Universal Compatibility - Works across all major Linux distributions
- π Zero Trust Approach - Assume breach, verify everything
- π Continuous Monitoring - Real-time threat detection and response
- π¨ Beautiful Interface - No more remembering complex commands or profiles
- π― One-Command Launch - Just run
./astrofor beautiful interactive menu - π¨ Interactive Security Hardening - Beautiful, colorful CLI interface with guided setup
- π‘οΈ Multi-Layer Protection - SSH, Fail2Ban, Firewall, Kernel hardening in one tool
- π Professional Security Reports - Markdown reports with executive summaries and metrics
- π Ansible Automation - Deploy across multiple servers with infrastructure as code
- π§ Multi-Distro Support - Ubuntu, Debian, Fedora, RHEL, Arch Linux support
- π± Real-time Monitoring - Continuous security status tracking and alerting
- π― Zero-Config Setup - Smart defaults with expert recommendations
- π§ 5 Security Profiles - Development, Production, Balanced, Web Server, Database
- π VS Code Integration - Intelligent remote development support
- π‘οΈ Never Breaks SSH - Safe deployment with automatic verification
- π VS Code Compatibility Reports - Know your remote development status
- β Disable root login
- π Key-based authentication enforcement
- π« Connection attempt limits
- β±οΈ Session timeouts
- π Protocol restrictions
- π¨ Fail2Ban with aggressive mode
- π Configurable ban durations (1h - 1 week)
- π Real-time IP blocking
- π Attack pattern analysis
- π‘οΈ UFW firewall configuration
- πͺ Smart port management
- π Default deny policies
- π Custom service rules
- π« IP forwarding disabled
- π ICMP protections
- π‘οΈ Source routing disabled
- π― Enhanced ASLR
- π Real-time security dashboards
- π Markdown status reports
- π¨ Attack trend analysis
- π Resource monitoring
- Ubuntu 18.04+ (LTS recommended)
- Debian 10+ (Buster, Bullseye, Bookworm)
- Linux Mint (All versions)
- Pop!_OS (All versions)
- Elementary OS (All versions)
- Fedora 35+
- RHEL/CentOS 8+
- Rocky Linux (All versions)
- AlmaLinux (All versions)
- Oracle Linux (All versions)
- Arch Linux & derivatives (Manjaro, EndeavourOS)
- Alpine Linux
- openSUSE
- macOS - Linux systems only
- Windows - Use WSL for Windows support
# Method 1: Clone from GitHub (Recommended)
git clone https://github.com/xploz1on/astro-server.git
cd astro-tech
chmod +x astro
# Method 2: Download and extract
wget https://github.com/xploz1on/astro-tech/archive/main.zip
unzip main.zip && cd astro-tech-main
chmod +x astro
# Method 3: One-line installer (Coming Soon)
curl -sSL https://get.astro-tech.cloud | bash# π― EASIEST WAY: Use the interactive menu!
./astro
# Then select "Deploy to Multiple" from the menu
# π COMMAND LINE OPTIONS (for advanced users):
# 1. Install Ansible
sudo apt install ansible # Ubuntu/Debian
sudo dnf install ansible # Fedora/RHEL
# 2. Configure your server inventory
cp ansible/inventory/hosts.example ansible/inventory/hosts
vim ansible/inventory/hosts
# 3. Deploy to all servers
./astro deploy --inventory ansible/inventory/hosts
# 4. Deploy to specific server groups
./astro deploy --limit web-servers
# 5. Generate reports for all servers
./astro deploy --playbook security-reports.yml# π‘οΈ Server Security Status Report
## π Executive Summary
| Metric | Status | Value |
|--------|--------|-------|
| **Security Level** | π’ **SECURE** | Active monitoring |
| **Failed Login Attempts (24h)** | β
| 0 attempts |
| **Currently Banned IPs** | β
| 0 IPs blocked |
## π Security Services Status
β
SSH hardened with key-only authentication
β
Fail2Ban active with aggressive monitoring
β
Firewall configured with minimal attack surface
β
Kernel hardened against network attacksastro-server/configs/ssh/
βββ hardened-sshd.conf # Production SSH config
βββ paranoid-sshd.conf # Maximum security
βββ development-sshd.conf # Dev-friendly configastro-server/configs/fail2ban/
βββ aggressive.conf # High security
βββ balanced.conf # Recommended
βββ permissive.conf # Light protectionastro-server/configs/firewall/
βββ web-server.rules # HTTP/HTTPS services
βββ database.rules # Database servers
βββ minimal.rules # SSH-only accessastro-server/
βββ astro # π― Main launcher script (improved with new profiles)
βββ scripts/ # π§ Core security scripts
β βββ Astro-server.sh # Interactive hardening wizard
β βββ security-report.sh # Markdown report generator (VS Code checks)
βββ ansible/ # π€ Multi-server automation
β βββ playbooks/ # Deployment playbooks
β β βββ harden-servers.yml # Main hardening playbook (profile-aware)
β βββ inventory/ # Server inventories
β βββ group_vars/ # Profile-based configuration variables
β β βββ development.yml # Development profile (VS Code enabled)
β β βββ production.yml # Production profile (maximum security)
β β βββ balanced.yml # Balanced profile (asks about VS Code)
β β βββ database.yml # Database profile (secure DB server)
β β βββ webserver.yml # Web server profile (web optimized)
β β βββ all.yml # Global variables
β βββ tasks/ # Reusable task files
β βββ templates/ # Jinja2 configuration templates
β βββ sshd_config.j2 # SSH hardening template (profile-aware)
β βββ jail.local.j2 # Fail2Ban configuration template
βββ configs/ # βοΈ Security templates (legacy)
βββ docs/ # π Comprehensive documentation
β βββ PROFILES.md # Detailed profile documentation
β βββ INSTALL.md # Installation guide
β βββ STANDALONE-USAGE.md # Single server usage
β βββ ANSIBLE-USAGE.md # Multi-server deployment
βββ LICENSE # π Apache 2.0 License
βββ CONTRIBUTING.md # π€ Contribution guidelines
βββ README.md # π This file (updated with new features)
| Guide | Description | Audience |
|---|---|---|
| π Quick Start | Get started in 5 minutes | Everyone |
| π Installation Guide | Detailed setup instructions | Administrators |
| π₯οΈ Standalone Usage | Single server hardening | System Administrators |
| π€ Ansible Usage | Multi-server deployment | DevOps Engineers |
| π€ Contributing | How to contribute | Developers |
| πΊοΈ Roadmap | Development roadmap | Everyone |
- Interactive security hardening with beautiful CLI
- Professional markdown security reports
- Multi-layer protection (SSH, Fail2Ban, Firewall, Kernel)
- Configuration templates and profiles
- Comprehensive documentation
- Complete Ansible playbook framework
- Multi-server deployment with templates and tasks
- Multi-OS support (Debian/Ubuntu, RedHat/Fedora)
- Environment management (dev/staging/prod)
- Firewall automation (UFW/firewalld)
- Advanced role-based architecture
- Automated report collection
- Fedora/RHEL/CentOS support
- Arch Linux support
- Package manager abstraction
- Distribution-specific optimizations
- Automated compatibility testing
- Container security (Docker/Kubernetes)
- Compliance frameworks (CIS, NIST, PCI DSS)
- SIEM integration (ELK, Splunk)
- Threat intelligence feeds
- Zero Trust architecture
- AWS/Azure/GCP integration
- Web management dashboard
- RESTful API
- Mobile app support
- Commercial licensing
We welcome contributions from security professionals, system administrators, and developers!
| Area | Skills Needed | Impact |
|---|---|---|
| π§ Multi-distro support | Linux administration, package management | High |
| π€ Ansible development | Ansible, YAML, infrastructure as code | High |
| π Security research | Security hardening, compliance frameworks | Critical |
| π Monitoring integration | Prometheus, Grafana, ELK Stack | Medium |
| π Documentation | Technical writing, tutorials | High |
| π§ͺ Testing | QA, automated testing, CI/CD | Medium |
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Test your changes thoroughly
- Commit with clear messages (
git commit -m 'Add amazing feature') - Push to your branch (
git push origin feature/amazing-feature) - Open a Pull Request
See CONTRIBUTING.md for detailed guidelines.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
- π Documentation: Comprehensive guides in
docs/ - π Bug Reports: Create an issue
- π‘ Feature Requests: Suggest features
- π¬ Discussions: Community discussions
- Security Issues: Email dp@astro-tech.cloud (do not use public issues)
- Security Advisories: Check GitHub Security Advisories
- Contributors: See GitHub Contributors
- Code of Conduct: We follow the Contributor Covenant
- Discussions: Join our community discussions
After running Astro Server, your infrastructure will achieve:
- π‘οΈ Enterprise-grade security posture
- π Continuous threat monitoring
- π¨ Automated attack prevention
- π Compliance-ready reporting
- π Scalable security management
Transform your servers into ASTRO-level secure fortresses! ππ‘οΈ
Built with β€οΈ for the security community