{"id":493,"date":"2025-12-08T11:14:15","date_gmt":"2025-12-08T11:14:15","guid":{"rendered":"https:\/\/serverexplorer.ledocdev.com\/?p=493"},"modified":"2025-12-17T08:42:25","modified_gmt":"2025-12-17T08:42:25","slug":"secure-vps-in-2026","status":"publish","type":"post","link":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/","title":{"rendered":"Secure VPS in 2026 \u2013 Complete Security Checklist"},"content":{"rendered":"<p class=\"wp-block-paragraph \" style=\"\">To <strong>secure VPS in 202<\/strong>6, you need more than basic protection. Modern attacks are faster, automated, and target every exposed server within hours. If your VPS is not properly secured, attackers can breach your system, steal data, or deploy malicious software.<br>This guide gives you a complete checklist to secure your VPS using Server Explorer&rsquo;s automated security scanner, even if you are not a security expert.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">This comprehensive security checklist shows you how to protect your VPS using Server Explorer&#8217;s visual security tools&mdash;making professional-grade server security accessible without memorizing dozens of commands.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h2 class=\"wp-block-heading\" id=\"why-you-must-secure-vps-in-2026\">Why You Must Secure VPS in 2026<\/h2>\n\n\n<h3 class=\"wp-block-heading\" id=\"the-reality-of-server-attacks\">The Reality of Server Attacks<\/h3>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">To secure VPS in 2026, you must understand how quickly automated bots attack new servers.<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Brute-force SSH passwords<\/li>\n\n\n\n<li>Scan for vulnerable services<\/li>\n\n\n\n<li>Exploit known CVEs (Common Vulnerabilities and Exposures)<\/li>\n\n\n\n<li>Install cryptocurrency miners<\/li>\n\n\n\n<li>Deploy ransomware payloads<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">You don&#8217;t need to be targeted specifically.<br>In fact, simply being online is enough for bots to attack your VPS.<br>Because of this, every server exposed to the internet becomes a potential target.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"common-attack-vectors\">Common Attack Vectors<\/h3>\n\n\n<ol class=\"wp-block-list wp-block-list\">\n<li>\n<strong>Weak SSH authentication<\/strong> &#8211; Default passwords, no key authentication<\/li>\n\n\n\n<li>\n<strong>Outdated software<\/strong> &#8211; Unpatched vulnerabilities in packages<\/li>\n\n\n\n<li>\n<strong>Open ports<\/strong> &#8211; Unnecessary services exposed to the internet<\/li>\n\n\n\n<li>\n<strong>Weak application security<\/strong> &#8211; SQL injection, XSS, insecure APIs<\/li>\n\n\n\n<li>\n<strong>Poor file permissions<\/strong> &#8211; Writable directories accessible to attackers<\/li>\n\n\n\n<li>\n<strong>No firewall<\/strong> &#8211; All ports open by default on many VPS providers<\/li>\n\n\n\n<li>\n<strong>Lack of monitoring<\/strong> &#8211; Compromises go undetected for weeks<\/li>\n<\/ol>\n\n\n<h3 class=\"wp-block-heading\" id=\"the-cost-of-compromise\">The Cost of Compromise<\/h3>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Financial impact:<\/strong><\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Data breach fines (GDPR: up to &euro;20M or 4% of revenue)<\/li>\n\n\n\n<li>Ransomware payments<\/li>\n\n\n\n<li>Lost business during downtime<\/li>\n\n\n\n<li>Recovery and forensics costs<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Reputational damage:<\/strong><\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Customer trust destroyed<\/li>\n\n\n\n<li>Brand reputation harmed<\/li>\n\n\n\n<li>Potential legal liability<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>The good news?<\/strong> Most attacks target low-hanging fruit. A properly secured VPS becomes an unattractive target.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h2 class=\"wp-block-heading\" id=\"server-explorer-security-scanner-automated-protection\">Server Explorer Security Scanner: Automated Protection<\/h2>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Server Explorer makes it easier to secure VPS in 2026 by detecting weak configurations automatically.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"how-it-works\">How It Works<\/h3>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Navigate to the <strong>Security<\/strong> section in Server Explorer and click <strong>&#8220;Run Security Scan&#8221;<\/strong>. The scanner automatically analyzes:<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<strong>Authentication &amp; Access Control<\/strong><ul class=\"wp-block-list wp-block-list\">\n<li>SSH PermitRootLogin status<\/li>\n\n\n\n<li>SSH PasswordAuthentication configuration<\/li>\n\n\n\n<li>SSH MaxAuthTries and LoginGraceTime settings<\/li>\n\n\n\n<li>Users with sudo privileges<\/li>\n\n\n\n<li>Fail2Ban installation and status<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<strong>Network Security<\/strong><ul class=\"wp-block-list wp-block-list\">\n<li>Firewall status (UFW\/firewalld)<\/li>\n\n\n\n<li>Open ports and listening services<\/li>\n\n\n\n<li>Common network daemons (unnecessary services)<\/li>\n\n\n\n<li>Docker TCP socket exposure (port 2375)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<strong>System Integrity<\/strong><ul class=\"wp-block-list wp-block-list\">\n<li>Pending security updates (APT\/Yum)<\/li>\n\n\n\n<li>Automatic security updates configuration<\/li>\n\n\n\n<li>Time synchronization service (NTP)<\/li>\n\n\n\n<li>Filesystem hardening (\/tmp, \/var, \/log)<\/li>\n\n\n\n<li>Auditd or journald persistent logging<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<strong>Additional Protections<\/strong><ul class=\"wp-block-list wp-block-list\">\n<li>SELinux or AppArmor confinement status<\/li>\n\n\n\n<li>Certbot auto-renewal configuration<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n<figure class=\"wp-block-image size-large\" style=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"822\" src=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/11\/server-explorer-security-audit-1-1024x822.webp\" alt=\"Security dashboard showing the complete scan results with 18 checks, color-coded as green (secure), yellow (warning), or red (critical)\" class=\"wp-image-435\" srcset=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/11\/server-explorer-security-audit-1-1024x822.webp 1024w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/11\/server-explorer-security-audit-1-300x241.webp 300w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/11\/server-explorer-security-audit-1-768x616.webp 768w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/11\/server-explorer-security-audit-1-1536x1232.webp 1536w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/11\/server-explorer-security-audit-1-png.webp 2024w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong>Image 1: Security dashboard showing the complete scan results with 18 checks, color-coded as green (secure), yellow (warning), or red (critical)<\/strong><\/figcaption><\/figure>\n\n\n<h3 class=\"wp-block-heading\" id=\"understanding-security-levels\">Understanding Security Levels<\/h3>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">The scanner categorizes findings:<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">&#128994; <strong>Secure<\/strong> &#8211; Configuration follows best practices, no action needed <\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">&#128992; <strong>Warning<\/strong> &#8211; Potential vulnerability, should be addressed soon <\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">&#128308; <strong>Critical<\/strong> &#8211; Serious security issue requiring immediate action<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Each finding includes:<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<strong>Clear description<\/strong> of what was checked<\/li>\n\n\n\n<li>\n<strong>Current status<\/strong> on your server<\/li>\n\n\n\n<li>\n<strong>Why it matters<\/strong> (security impact)<\/li>\n\n\n\n<li>\n<strong>How to fix<\/strong> (step-by-step instructions)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h2 class=\"wp-block-heading\" id=\"understanding-your-security-report\">Understanding Your Security Report<\/h2>\n\n\n<h3 class=\"wp-block-heading\" id=\"critical-checks-explained\">Critical Checks Explained<\/h3>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Let&#8217;s break down what each security check means and why it matters:<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"1-firewall-status-ufwfirewalld\">1. <strong>Firewall Status (UFW\/firewalld)<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether a firewall is active and properly configured<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Without a firewall, all ports are accessible from the internet. This is like leaving all doors and windows of your house open.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Red flag:<\/strong> Firewall inactive or not installed<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>How Server Explorer helps:<\/strong> Shows firewall status instantly. If inactive, provides commands to enable it.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"2-ssh-permitrootlogin\">2. <strong>SSH PermitRootLogin<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether root login via SSH is allowed<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Root has unlimited privileges. If compromised, attackers have complete control. Best practice is to use a regular user with sudo.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Red flag:<\/strong> <code>PermitRootLogin yes<\/code><\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Secure config:<\/strong> <code>PermitRootLogin no<\/code><\/p>\n\n\n<figure class=\"wp-block-image size-large\" style=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"863\" src=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/security-ssh-permit-root-server-explorer-1-1024x863.webp\" alt=\"\" class=\"wp-image-495\" srcset=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/security-ssh-permit-root-server-explorer-1-1024x863.webp 1024w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/security-ssh-permit-root-server-explorer-1-300x253.webp 300w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/security-ssh-permit-root-server-explorer-1-768x647.webp 768w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/security-ssh-permit-root-server-explorer-1-1536x1294.webp 1536w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/security-ssh-permit-root-server-explorer-1-2048x1725.webp 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong>Image 2: Security finding showing SSH PermitRootLogin check with red\/orange\/green indicator and fix instructions<\/strong><\/figcaption><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"3-ssh-passwordauthentication\">3. <strong>SSH PasswordAuthentication<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether password-based SSH login is enabled<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Passwords can be brute-forced. SSH keys are significantly more secure.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Red flag:<\/strong> <code>PasswordAuthentication yes<\/code><\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Secure config:<\/strong> <code>PasswordAuthentication no<\/code> (with SSH keys configured)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"4-ssh-maxauthtries-logingracetime\">4. <strong>SSH MaxAuthTries &amp; LoginGraceTime<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Login attempt limits and timeout settings<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Prevents brute-force attacks by limiting attempts and disconnecting slow attackers<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Recommended values:<\/strong><\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>MaxAuthTries: 3-6 attempts<\/li>\n\n\n\n<li>LoginGraceTime: 60 seconds<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"5-fail2ban-status\">5. <strong>Fail2Ban Status<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether Fail2Ban is installed and active<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Automatically bans IPs after repeated failed login attempts. Acts as automated defense against brute-force attacks.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Red flag:<\/strong> Not installed or inactive<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Impact:<\/strong> Bots can attempt thousands of password combinations without consequences<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"6-open-ports\">6. <strong>Open Ports<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> All listening ports and their associated services<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Each open port is a potential attack vector. Only necessary services should be exposed.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Common legitimate ports:<\/strong><\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>22: SSH<\/li>\n\n\n\n<li>80: HTTP<\/li>\n\n\n\n<li>443: HTTPS<\/li>\n\n\n\n<li>3306: MySQL (should only be on localhost!)<\/li>\n\n\n\n<li>5432: PostgreSQL (should only be on localhost!)<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Warning signs:<\/strong> Unexpected ports, database ports accessible from internet<\/p>\n\n\n<figure class=\"wp-block-image size-large\" style=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"863\" src=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/open-port-server-explorer-1024x863.webp\" alt=\"Open ports list showing port numbers, services, and security assessment\" class=\"wp-image-496\" srcset=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/open-port-server-explorer-1024x863.webp 1024w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/open-port-server-explorer-300x253.webp 300w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/open-port-server-explorer-768x647.webp 768w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/open-port-server-explorer-1536x1294.webp 1536w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/open-port-server-explorer-2048x1725.webp 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong>Image 3: Open ports list showing port numbers, services, and security assessment<\/strong><\/figcaption><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"7-pending-updates-aptyum\">7. <strong>Pending Updates (APT\/Yum)<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Available security and system updates<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Unpatched vulnerabilities are the #1 cause of successful attacks. Many exploits target known CVEs in outdated packages.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Red flag:<\/strong> Multiple pending security updates<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Best practice:<\/strong> Update within 7 days of security patches being released<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"8-users-in-sudoers\">8. <strong>Users in Sudoers<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Which users have sudo (administrative) privileges<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Excessive sudo access increases attack surface. Compromised non-admin accounts become admin if they have sudo.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Warning signs:<\/strong><\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Unnecessary users with sudo<\/li>\n\n\n\n<li>Generic usernames like &#8220;admin&#8221;, &#8220;test&#8221;<\/li>\n\n\n\n<li>Forgotten accounts from old employees<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"9-automatic-security-updates\">9. <strong>Automatic Security Updates<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether unattended-upgrades is configured for security patches<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Critical security updates are applied automatically, closing vulnerability windows faster.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Secure config:<\/strong> <code>unattended-upgrades<\/code> package installed and configured<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Trade-off:<\/strong> Small risk of update breaking something vs. large risk of unpatched vulnerabilities<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"10-time-synchronization-service\">10. <strong>Time Synchronization Service<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether NTP (Network Time Protocol) is active<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Accurate time is critical for:<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Log correlation during security investigations<\/li>\n\n\n\n<li>SSL\/TLS certificate validation<\/li>\n\n\n\n<li>Cron job scheduling<\/li>\n\n\n\n<li>Authentication token expiry<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Red flag:<\/strong> No time sync service or large time drift<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"11-enabled-network-daemons\">11. <strong>Enabled Network Daemons<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Common unnecessary services (Avahi, Cups, Bluetooth, etc.)<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Each running service:<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Consumes resources<\/li>\n\n\n\n<li>Increases attack surface<\/li>\n\n\n\n<li>May have vulnerabilities<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Common culprits on servers:<\/strong><\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<code>avahi-daemon<\/code> (network discovery &#8211; rarely needed on servers)<\/li>\n\n\n\n<li>\n<code>cups<\/code> (printing service &#8211; why on a server?)<\/li>\n\n\n\n<li>\n<code>bluetooth<\/code> (wireless connectivity &#8211; not needed on VPS)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"12-filesystem-hardening-tmp-var-log\">12. <strong>Filesystem Hardening (\/tmp, \/var, \/log)<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Mount options for critical partitions (noexec, nosuid, nodev)<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Prevents:<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Execution of malicious code from \/tmp<\/li>\n\n\n\n<li>Privilege escalation via setuid binaries<\/li>\n\n\n\n<li>Device file exploits<\/li>\n<\/ul>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>\/tmp     noexec,nosuid,nodev\n\/var\/tmp noexec,nosuid,nodev<\/textarea>\n<\/div><code>\/tmp     noexec,nosuid,nodev\n\/var\/tmp noexec,nosuid,nodev<\/code><\/pre>\n\n\n<h4 class=\"wp-block-heading\" id=\"13-auditd-active-or-journald-persistent\">13. <strong>Auditd Active or Journald Persistent<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether system events are logged persistently<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Forensic investigation and compliance require comprehensive audit logs. Without persistent logging, you can&#8217;t investigate incidents.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Options:<\/strong><\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<strong>Auditd:<\/strong> Dedicated audit daemon, more detailed<\/li>\n\n\n\n<li>\n<strong>Journald persistent:<\/strong> Built-in systemd logging with persistence<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"14-certbot-auto-renew\">14. <strong>Certbot Auto-Renew<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether Let&#8217;s Encrypt certificates renew automatically<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Expired certificates break your site and destroy user trust. Auto-renewal prevents embarrassing outages.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Secure config:<\/strong> Certbot timer\/cron active, certificates renew before expiry<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Check manually:<\/strong> <code>sudo certbot renew --dry-run<\/code><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"15-docker-tcp-2375\">15. <strong>Docker TCP 2375<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether Docker daemon is exposed on TCP port 2375 (unencrypted)<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> This is a <strong>critical vulnerability<\/strong>. An exposed Docker daemon gives attackers complete control over your containers and potentially the host system.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Red flag:<\/strong> Port 2375 open to the internet<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Secure config:<\/strong> Docker daemon only on Unix socket (<code>\/var\/run\/docker.sock<\/code>) or encrypted TLS on 2376<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h4 class=\"wp-block-heading\" id=\"16-selinuxapparmor-confinement\">16. <strong>SELinux\/AppArmor Confinement<\/strong>\n<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>What it checks:<\/strong> Whether mandatory access control (MAC) is enabled<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Why it matters:<\/strong> Adds additional security layer beyond traditional permissions. Even if a service is compromised, confinement limits damage.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Options:<\/strong><\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<strong>SELinux:<\/strong> Red Hat\/CentOS\/Fedora default<\/li>\n\n\n\n<li>\n<strong>AppArmor:<\/strong> Ubuntu\/Debian default<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Warning:<\/strong> Enforcing mode can break misconfigured applications. Monitor logs carefully.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h2 class=\"wp-block-heading\" id=\"essential-steps-to-secure-vps-in-2026\">Essential Steps to Secure VPS in 2026<\/h2>\n\n\n<h3 class=\"wp-block-heading\" id=\"priority-1-critical-issues-fix-immediately\">Priority 1: Critical Issues (Fix Immediately)<\/h3>\n\n\n<h4 class=\"wp-block-heading\" id=\"enable-firewall\">Enable Firewall<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>If scanner shows firewall inactive:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Ubuntu\/Debian (UFW)\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\nsudo ufw allow 22\/tcp  # SSH - CRITICAL: Do this first!\nsudo ufw allow 80\/tcp  # HTTP\nsudo ufw allow 443\/tcp # HTTPS\nsudo ufw enable\n\n# RHEL\/CentOS (firewalld)\nsudo systemctl start firewalld\nsudo systemctl enable firewalld\nsudo firewall-cmd --permanent --add-service=ssh\nsudo firewall-cmd --permanent --add-service=http\nsudo firewall-cmd --permanent --add-service=https\nsudo firewall-cmd --reload<\/textarea>\n<\/div><code># Ubuntu\/Debian (UFW)\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\nsudo ufw allow 22\/tcp  # SSH - CRITICAL: Do this first!\nsudo ufw allow 80\/tcp  # HTTP\nsudo ufw allow 443\/tcp # HTTPS\nsudo ufw enable\n\n# RHEL\/CentOS (firewalld)\nsudo systemctl start firewalld\nsudo systemctl enable firewalld\nsudo firewall-cmd --permanent --add-service=ssh\nsudo firewall-cmd --permanent --add-service=http\nsudo firewall-cmd --permanent --add-service=https\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Verify via Server Explorer:<\/strong> Rerun security scan &#8211; firewall should show &#128994; green<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"disable-root-ssh-login\">Disable Root SSH Login<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Edit SSH config<\/strong> via Explorer &rarr; <code>\/etc\/ssh\/sshd_config<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>PermitRootLogin no<\/textarea>\n<\/div><code>PermitRootLogin no<\/code><\/pre>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Create user if needed\nsudo adduser yourusername\nsudo usermod -aG sudo yourusername\n\n# Test sudo access before disabling root\nsu - yourusername\nsudo whoami  # Should output \"root\"<\/textarea>\n<\/div><code># Create user if needed\nsudo adduser yourusername\nsudo usermod -aG sudo yourusername\n\n# Test sudo access before disabling root\nsu - yourusername\nsudo whoami  # Should output \"root\"<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Apply changes:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl restart sshd<\/textarea>\n<\/div><code>sudo systemctl restart sshd<\/code><\/pre>\n\n\n<h4 class=\"wp-block-heading\" id=\"disable-password-authentication\">Disable Password Authentication<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>After setting up SSH keys:<\/strong><\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Edit <code>\/etc\/ssh\/sshd_config<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>PasswordAuthentication no\nPubkeyAuthentication yes<\/textarea>\n<\/div><code>PasswordAuthentication no\nPubkeyAuthentication yes<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Generate SSH key (on your local machine):<\/strong><\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">ssh-keygen -t ed25519 -C &#8220;your-email@example.com&#8221;<\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>ssh-copy-id yourusername@your-server-ip<\/textarea>\n<\/div><code>ssh-copy-id yourusername@your-server-ip<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Restart SSH:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl restart sshd<\/textarea>\n<\/div><code>sudo systemctl restart sshd<\/code><\/pre>\n\n\n<figure class=\"wp-block-image size-large\" style=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"959\" src=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/edit-sshd-config-server-explorer-1024x959.webp\" alt=\"\" class=\"wp-image-498\" srcset=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/edit-sshd-config-server-explorer-1024x959.webp 1024w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/edit-sshd-config-server-explorer-300x281.webp 300w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/edit-sshd-config-server-explorer-768x719.webp 768w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/edit-sshd-config-server-explorer-1536x1439.webp 1536w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/edit-sshd-config-server-explorer-png.webp 2024w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><strong>Image 4: File editor in Server Explorer securtiy section showing sshd_config<\/strong><\/figcaption><\/figure>\n\n\n<h4 class=\"wp-block-heading\" id=\"close-docker-tcp-port-2375\">Close Docker TCP Port 2375<\/h4>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>If Docker daemon is exposed:<\/strong><\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Edit <code>\/etc\/docker\/daemon.json<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>{\n  \"hosts\": [\"unix:\/\/\/var\/run\/docker.sock\"]\n}<\/textarea>\n<\/div><code>{\n  \"hosts\": [\"unix:\/\/\/var\/run\/docker.sock\"]\n}<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Or edit systemd service:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl edit docker.service<\/textarea>\n<\/div><code>sudo systemctl edit docker.service<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Remove any <code>-H tcp:\/\/0.0.0.0:2375<\/code> from ExecStart<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Restart Docker:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl restart docker<\/textarea>\n<\/div><code>sudo systemctl restart docker<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Verify:<\/strong> Port 2375 should not appear in open ports list<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h3 class=\"wp-block-heading\" id=\"priority-2-important-issues-fix-this-week\">Priority 2: Important Issues (Fix This Week)<\/h3>\n\n\n<h4 class=\"wp-block-heading\" id=\"install-and-configure-fail2ban\">Install and Configure Fail2Ban<\/h4>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Install\nsudo apt install fail2ban  # Ubuntu\/Debian\nsudo yum install fail2ban  # RHEL\/CentOS\n\n# Enable and start\nsudo systemctl enable fail2ban\nsudo systemctl start fail2ban\n\n# Create local config\nsudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/textarea>\n<\/div><code># Install\nsudo apt install fail2ban  # Ubuntu\/Debian\nsudo yum install fail2ban  # RHEL\/CentOS\n\n# Enable and start\nsudo systemctl enable fail2ban\nsudo systemctl start fail2ban\n\n# Create local config\nsudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Edit <code>\/etc\/fail2ban\/jail.local<\/code>:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>[sshd]\nenabled = true\nport = 22\nfilter = sshd\nlogpath = \/var\/log\/auth.log\nmaxretry = 3\nbantime = 3600\nfindtime = 600<\/textarea>\n<\/div><code>[sshd]\nenabled = true\nport = 22\nfilter = sshd\nlogpath = \/var\/log\/auth.log\nmaxretry = 3\nbantime = 3600\nfindtime = 600<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Restart Fail2Ban:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl restart fail2ban<\/textarea>\n<\/div><code>sudo systemctl restart fail2ban<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Check status:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo fail2ban-client status sshd<\/textarea>\n<\/div><code>sudo fail2ban-client status sshd<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"configure-automatic-security-up\">Configure Automatic Security Up<\/h5>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Ubuntu\/Debian\nsudo apt install unattended-upgrades\nsudo dpkg-reconfigure -plow unattended-upgrades\n\n# RHEL\/CentOS\nsudo yum install yum-cron\nsudo systemctl enable yum-cron\nsudo systemctl start yum-cron<\/textarea>\n<\/div><code># Ubuntu\/Debian\nsudo apt install unattended-upgrades\nsudo dpkg-reconfigure -plow unattended-upgrades\n\n# RHEL\/CentOS\nsudo yum install yum-cron\nsudo systemctl enable yum-cron\nsudo systemctl start yum-cron<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Configure<\/strong> (Ubuntu\/Debian) &#8211; edit <code>\/etc\/apt\/apt.conf.d\/50unattended-upgrades<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>Unattended-Upgrade::Allowed-Origins {\n    \"${distro_id}:${distro_codename}-security\";\n};\nUnattended-Upgrade::Automatic-Reboot \"false\";<\/textarea>\n<\/div><code>Unattended-Upgrade::Allowed-Origins {\n    \"${distro_id}:${distro_codename}-security\";\n};\nUnattended-Upgrade::Automatic-Reboot \"false\";<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"apply-pending-update\">Apply Pending Update<\/h5>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Ubuntu\/Debian\nsudo apt update\nsudo apt upgrade -y\n\n# RHEL\/CentOS\nsudo yum update -y<\/textarea>\n<\/div><code># Ubuntu\/Debian\nsudo apt update\nsudo apt upgrade -y\n\n# RHEL\/CentOS\nsudo yum update -y<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Schedule via Cron<\/strong> (using Server Explorer&#8217;s Cron manager):<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>Frequency: Weekly<\/li>\n\n\n\n<li>Day: Sunday at 3 AM<\/li>\n\n\n\n<li>Command: <code>\/usr\/bin\/apt update &amp;&amp; \/usr\/bin\/apt upgrade -y<\/code>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"configure-time-synchronization\">Configure Time Synchronization<\/h5>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Ubuntu\/Debian (systemd-timesyncd)\nsudo timedatectl set-ntp true\n\n# Check status\ntimedatectl status\n\n# RHEL\/CentOS (chronyd)\nsudo systemctl enable chronyd\nsudo systemctl start chronyd<\/textarea>\n<\/div><code># Ubuntu\/Debian (systemd-timesyncd)\nsudo timedatectl set-ntp true\n\n# Check status\ntimedatectl status\n\n# RHEL\/CentOS (chronyd)\nsudo systemctl enable chronyd\nsudo systemctl start chronyd<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"harden-filesystem-mounts\">Harden Filesystem Mounts<\/h5>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Edit <code>\/etc\/fstab<\/code><\/strong> via Server Explorer&#8217;s Explorer:<\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>tmpfs \/tmp tmpfs defaults,noexec,nosuid,nodev 0 0\ntmpfs \/var\/tmp tmpfs defaults,noexec,nosuid,nodev 0 0<\/textarea>\n<\/div><code>tmpfs \/tmp tmpfs defaults,noexec,nosuid,nodev 0 0\ntmpfs \/var\/tmp tmpfs defaults,noexec,nosuid,nodev 0 0<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Apply immediately:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo mount -o remount \/tmp\nsudo mount -o remount \/var\/tmp<\/textarea>\n<\/div><code>sudo mount -o remount \/tmp\nsudo mount -o remount \/var\/tmp<\/code><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id=\"priority-3-recommended-do-this-month\">Priority 3: Recommended (Do This Month)<\/h3>\n\n\n<h5 class=\"wp-block-heading\" id=\"enable-auditd-or-persistent-journald\">Enable Auditd or Persistent Journald<\/h5>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Option 1: Auditd (more detailed)<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo apt install auditd\nsudo systemctl enable auditd\nsudo systemctl start auditd<\/textarea>\n<\/div><code>sudo apt install auditd\nsudo systemctl enable auditd\nsudo systemctl start auditd<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Option 2: Journald persistence<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo mkdir -p \/var\/log\/journal\nsudo systemctl restart systemd-journald<\/textarea>\n<\/div><code>sudo mkdir -p \/var\/log\/journal\nsudo systemctl restart systemd-journald<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Verify persistence:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>journalctl --verify<\/textarea>\n<\/div><code>journalctl --verify<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"configure-certbot-auto-renewal\">Configure Certbot Auto-Renewal<\/h5>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Install certbot\nsudo apt install certbot python3-certbot-nginx\n\n# Obtain certificate\nsudo certbot --nginx -d yourdomain.com\n\n# Test renewal\nsudo certbot renew --dry-run<\/textarea>\n<\/div><code># Install certbot\nsudo apt install certbot python3-certbot-nginx\n\n# Obtain certificate\nsudo certbot --nginx -d yourdomain.com\n\n# Test renewal\nsudo certbot renew --dry-run<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Verify timer (systemd):<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl status certbot.timer<\/textarea>\n<\/div><code>sudo systemctl status certbot.timer<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Or schedule via Cron<\/strong> (using Server Explorer):<\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>0 0 1 * * certbot renew --quiet &amp;&amp; systemctl reload nginx<\/textarea>\n<\/div><code>0 0 1 * * certbot renew --quiet &amp;&amp; systemctl reload nginx<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"enable-selinuxapparmor\">Enable SELinux\/AppArmor<\/h5>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Ubuntu\/Debian (AppArmor):<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl enable apparmor\nsudo systemctl start apparmor\n\n# Check status\nsudo aa-status<\/textarea>\n<\/div><code>sudo systemctl enable apparmor\nsudo systemctl start apparmor\n\n# Check status\nsudo aa-status<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>RHEL\/CentOS (SELinux):<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Check current mode\ngetenforce\n\n# Set to enforcing\nsudo setenforce 1\n\n# Make permanent\nsudo vi \/etc\/selinux\/config\n# Set: SELINUX=enforcing<\/textarea>\n<\/div><code># Check current mode\ngetenforce\n\n# Set to enforcing\nsudo setenforce 1\n\n# Make permanent\nsudo vi \/etc\/selinux\/config\n# Set: SELINUX=enforcing<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Warning:<\/strong> Test in permissive mode first to avoid breaking applications.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"disable-unnecessary-services\">Disable Unnecessary Services<\/h5>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Check what&#8217;s running:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl list-units --type=service --state=running<\/textarea>\n<\/div><code>sudo systemctl list-units --type=service --state=running<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Disable common unnecessary services:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Network discovery (rarely needed on servers)\nsudo systemctl disable avahi-daemon\nsudo systemctl stop avahi-daemon\n\n# Printing (why on a server?)\nsudo systemctl disable cups\nsudo systemctl stop cups\n\n# Bluetooth (VPS doesn't have bluetooth)\nsudo systemctl disable bluetooth\nsudo systemctl stop bluetooth<\/textarea>\n<\/div><code># Network discovery (rarely needed on servers)\nsudo systemctl disable avahi-daemon\nsudo systemctl stop avahi-daemon\n\n# Printing (why on a server?)\nsudo systemctl disable cups\nsudo systemctl stop cups\n\n# Bluetooth (VPS doesn't have bluetooth)\nsudo systemctl disable bluetooth\nsudo systemctl stop bluetooth<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"audit-sudo-users\">Audit Sudo Users<\/h5>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>List users with sudo access:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo grep -Po '^sudo.+:\\K.*$' \/etc\/group<\/textarea>\n<\/div><code>sudo grep -Po '^sudo.+:\\K.*$' \/etc\/group<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Review sudoers file:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo visudo<\/textarea>\n<\/div><code>sudo visudo<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Remove unnecessary sudo access:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo deluser username sudo  # Ubuntu\/Debian\nsudo gpasswd -d username wheel  # RHEL\/CentOS<\/textarea>\n<\/div><code>sudo deluser username sudo  # Ubuntu\/Debian\nsudo gpasswd -d username wheel  # RHEL\/CentOS<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<h5 class=\"wp-block-heading\" id=\"optimize-ssh-settings\">Optimize SSH Settings<\/h5>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Edit <code>\/etc\/ssh\/sshd_config<\/code>:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea># Reduce auth tries\nMaxAuthTries 3\n\n# Reduce grace time\nLoginGraceTime 30\n\n# Disable empty passwords\nPermitEmptyPasswords no\n\n# Disable X11 forwarding if not needed\nX11Forwarding no\n\n# Use strp ciphers only\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com\nMACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com<\/textarea>\n<\/div><code># Reduce auth tries\nMaxAuthTries 3\n\n# Reduce grace time\nLoginGraceTime 30\n\n# Disable empty passwords\nPermitEmptyPasswords no\n\n# Disable X11 forwarding if not needed\nX11Forwarding no\n\n# Use strp ciphers only\nCiphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com\nMACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com<\/code><\/pre>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Restart SSH:<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\"><div class=\"copy-to-clipboard\">\n<span>Copied!<\/span><button class=\"click-to-copy-button\" title=\"Copy to clipboard\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 32 32\" stroke=\"currentcolor\" stroke-width=\"1.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" width=\"24\" height=\"24\" fill=\"none\">\n  <path d=\"M12.9975 10.7499L11.7475 10.7499C10.6429 10.7499 9.74747 11.6453 9.74747 12.7499L9.74747 21.2499C9.74747 22.3544 10.6429 23.2499 11.7475 23.2499L20.2475 23.2499C21.352 23.2499 22.2475 22.3544 22.2475 21.2499L22.2475 12.7499C22.2475 11.6453 21.352 10.7499 20.2475 10.7499L18.9975 10.7499Z\"><\/path>\n  <path d=\"M17.9975 12.2499L13.9975 12.2499C13.4452 12.2499 12.9975 11.8022 12.9975 11.2499L12.9975 9.74988C12.9975 9.19759 13.4452 8.74988 13.9975 8.74988L17.9975 8.74988C18.5498 8.74988 18.9975 9.19759 18.9975 9.74988L18.9975 11.2499C18.9975 11.8022 18.5498 12.2499 17.9975 12.2499Z\"><\/path>\n  <path d=\"M13.7475 16.2499L18.2475 16.2499\"><\/path>\n  <path d=\"M13.7475 19.2499L18.2475 19.2499\"><\/path>\n<\/svg><\/button><textarea>sudo systemctl restart sshd<\/textarea>\n<\/div><code>sudo systemctl restart sshd<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-1 wp-block-columns-is-layout-flex has-width is-stacked-on-mobile\" style=\"--width:100%;--columns:2\" data-columns=\"2\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:20%\">\n<figure class=\"wp-block-image size-full\" style=\"\"><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2024\/01\/OIG.P8HQiZbb_YxAtGo_Pkmw-removebg-preview.png\" alt=\"logo\" class=\"wp-image-18\" srcset=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2024\/01\/OIG.P8HQiZbb_YxAtGo_Pkmw-removebg-preview.png 500w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2024\/01\/OIG.P8HQiZbb_YxAtGo_Pkmw-removebg-preview-300x300.png 300w, https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2024\/01\/OIG.P8HQiZbb_YxAtGo_Pkmw-removebg-preview-150x150.png 150w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<div class=\"wp-block-group is-vertical is-layout-flex wp-container-core-group-is-layout-2 wp-block-group-is-layout-flex\">\n<h2 class=\"wp-block-heading\" id=\"try-server-explorer-today\">Try Server Explorer Today<\/h2>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Manage your servers with just a few clicks. Replace complex command-line operations with an intuitive interface, while maintaining the performance and security of traditional SSH access.<\/p>\n\n\n<div class=\"wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-1 wp-block-group-is-layout-flex\">\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-fill\" style=\"\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/apps.apple.com\/bj\/app\/server-files-explorer\/id6474502110?l=fr-FR&amp;mt=12\" style=\"\">Dowload on Apple Store<\/a><\/div>\n\n\n<div class=\"wp-block-button is-style-outline is-style-outline--1\" style=\"\"><a class=\"wp-block-button__link has-text-align-left wp-element-button\" href=\"https:\/\/apps.microsoft.com\/detail\/9nrb68w7pjg8?hl=en-US&amp;gl=US\" style=\"\">Get it from Microsoft Store<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Server Explorer Security Features:<\/strong><\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">&#9989; <strong>18 automated security checks<\/strong><br>&#9989; Visual security reports with priority levels<br>&#9989; Step-by-step fix instructions<br>&#9989; One-click access to config files<br>&#9989; Integrated terminal for advanced tasks<br>&#9989; Regular scan scheduling<br>&#9989; Security trend tracking<br>&#9989; Compliance-ready audit logs<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"conclusion-security-doesnt-have-to-be-overwhelming\">Conclusion: Security Doesn&#8217;t Have to Be Overwhelming<\/h2>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">With the right tools and clear guidance, anyone can secure VPS in 2026 without advanced sysadmin skills. Instead of memorizing dozens of commands or reading through scattered documentation, you get:<\/p>\n\n\n<ul class=\"wp-block-list wp-block-list\">\n<li>\n<strong>Clear visual indicators<\/strong> of your security posture<\/li>\n\n\n\n<li>\n<strong>Prioritized fixes<\/strong> so you know what matters most<\/li>\n\n\n\n<li>\n<strong>Automated scanning<\/strong> that catches issues you&#8217;d miss manually<\/li>\n\n\n\n<li>\n<strong>Educational guidance<\/strong> that helps you learn as you secure<\/li>\n<\/ul>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>The result?<\/strong> Professional-grade security without requiring years of sysadmin experience.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\">Your applications deserve secure infrastructure. Your users deserve protected data. Your business deserves peace of mind.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Start securing your VPS today with Server Explorer&#8217;s automated security scanning.<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><strong>Remember:<\/strong> Server Explorer&#8217;s Security section automates these checks&mdash;use commands for verification and learning.<\/p>\n\n\n<p class=\"wp-block-paragraph \" style=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To secure VPS in 2026, you need more than basic protection. Modern attacks are faster, automated, and target every exposed server within hours. If your VPS is not properly secured, attackers can breach your system, steal data, or deploy malicious software.This guide gives you a complete checklist to secure your VPS using Server Explorer&rsquo;s automated &hellip;<\/p>\n","protected":false},"author":1,"featured_media":501,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[29,28,26,27,25],"class_list":["post-493","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server-security","tag-fail2ban","tag-firewall-configuration","tag-server-security","tag-ssh-security","tag-vps-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Secure VPS in 2026 \u2013 Complete Security Checklist - Server Explorer<\/title>\n<meta name=\"description\" content=\"Secure VPS in 2026 using this clear step-by-step guide. Fix critical issues, close vulnerabilities, and automate security checks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure VPS in 2026 \u2013 Complete Security Checklist - Server Explorer\" \/>\n<meta property=\"og:description\" content=\"Secure VPS in 2026 using this clear step-by-step guide. Fix critical issues, close vulnerabilities, and automate security checks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Server Explorer\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-08T11:14:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-17T08:42:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"darrellkidjo.dev\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@darrell_kidjo\" \/>\n<meta name=\"twitter:site\" content=\"@darrell_kidjo\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"darrellkidjo.dev\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/\"},\"author\":{\"name\":\"darrellkidjo.dev\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/person\/20f67c2affa11693453fec19477c9ec8\"},\"headline\":\"Secure VPS in 2026 \u2013 Complete Security Checklist\",\"datePublished\":\"2025-12-08T11:14:15+00:00\",\"dateModified\":\"2025-12-17T08:42:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/\"},\"wordCount\":1709,\"publisher\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp\",\"keywords\":[\"fail2ban\",\"firewall configuration\",\"server security\",\"SSH security\",\"VPS security\"],\"articleSection\":[\"Server Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/\",\"url\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/\",\"name\":\"Secure VPS in 2026 \u2013 Complete Security Checklist - Server Explorer\",\"isPartOf\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp\",\"datePublished\":\"2025-12-08T11:14:15+00:00\",\"dateModified\":\"2025-12-17T08:42:25+00:00\",\"description\":\"Secure VPS in 2026 using this clear step-by-step guide. Fix critical issues, close vulnerabilities, and automate security checks.\",\"breadcrumb\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#primaryimage\",\"url\":\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp\",\"contentUrl\":\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp\",\"width\":1024,\"height\":1024,\"caption\":\"securing your vps in 2026 with server explorer\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/serverexplorer.ledocdev.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure VPS in 2026 \u2013 Complete Security Checklist\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#website\",\"url\":\"https:\/\/serverexplorer.ledocdev.com\/\",\"name\":\"Server Explorer\",\"description\":\"Server Explorer SSH client - SFTP Explorer, VPS Security, terminal, Ai Integrated, Cron Management, Docker Manager for Linux servers on Mac and Windows\",\"publisher\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#organization\"},\"alternateName\":\"Server Files Explorer\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/serverexplorer.ledocdev.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#organization\",\"name\":\"Server Explorer\",\"alternateName\":\"Server Files Explorer\",\"url\":\"https:\/\/serverexplorer.ledocdev.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2024\/01\/OIG.P8HQiZbb_YxAtGo_Pkmw-removebg-preview.png\",\"contentUrl\":\"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2024\/01\/OIG.P8HQiZbb_YxAtGo_Pkmw-removebg-preview.png\",\"width\":500,\"height\":500,\"caption\":\"Server Explorer\"},\"image\":{\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/darrell_kidjo\",\"https:\/\/www.linkedin.com\/in\/darrell-kidjo-ab49381a3\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/person\/20f67c2affa11693453fec19477c9ec8\",\"name\":\"darrellkidjo.dev\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b13fcfe9f93b14f48665ec3a485024c9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b13fcfe9f93b14f48665ec3a485024c9?s=96&d=mm&r=g\",\"caption\":\"darrellkidjo.dev\"},\"sameAs\":[\"https:\/\/serverexplorer.ledocdev.com\"],\"url\":\"https:\/\/serverexplorer.ledocdev.com\/index.php\/author\/darrellkidjo-dev\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure VPS in 2026 \u2013 Complete Security Checklist - Server Explorer","description":"Secure VPS in 2026 using this clear step-by-step guide. Fix critical issues, close vulnerabilities, and automate security checks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/","og_locale":"en_US","og_type":"article","og_title":"Secure VPS in 2026 \u2013 Complete Security Checklist - Server Explorer","og_description":"Secure VPS in 2026 using this clear step-by-step guide. Fix critical issues, close vulnerabilities, and automate security checks.","og_url":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/","og_site_name":"Server Explorer","article_published_time":"2025-12-08T11:14:15+00:00","article_modified_time":"2025-12-17T08:42:25+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp","type":"image\/png"}],"author":"darrellkidjo.dev","twitter_card":"summary_large_image","twitter_creator":"@darrell_kidjo","twitter_site":"@darrell_kidjo","twitter_misc":{"Written by":"darrellkidjo.dev","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#article","isPartOf":{"@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/"},"author":{"name":"darrellkidjo.dev","@id":"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/person\/20f67c2affa11693453fec19477c9ec8"},"headline":"Secure VPS in 2026 \u2013 Complete Security Checklist","datePublished":"2025-12-08T11:14:15+00:00","dateModified":"2025-12-17T08:42:25+00:00","mainEntityOfPage":{"@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/"},"wordCount":1709,"publisher":{"@id":"https:\/\/serverexplorer.ledocdev.com\/#organization"},"image":{"@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp","keywords":["fail2ban","firewall configuration","server security","SSH security","VPS security"],"articleSection":["Server Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/","url":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/","name":"Secure VPS in 2026 \u2013 Complete Security Checklist - Server Explorer","isPartOf":{"@id":"https:\/\/serverexplorer.ledocdev.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#primaryimage"},"image":{"@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp","datePublished":"2025-12-08T11:14:15+00:00","dateModified":"2025-12-17T08:42:25+00:00","description":"Secure VPS in 2026 using this clear step-by-step guide. Fix critical issues, close vulnerabilities, and automate security checks.","breadcrumb":{"@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#primaryimage","url":"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp","contentUrl":"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2025\/12\/ChatGPT-Image-8-dec.-2025-12_22_20-png.webp","width":1024,"height":1024,"caption":"securing your vps in 2026 with server explorer"},{"@type":"BreadcrumbList","@id":"https:\/\/serverexplorer.ledocdev.com\/index.php\/2025\/12\/08\/secure-vps-in-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/serverexplorer.ledocdev.com\/"},{"@type":"ListItem","position":2,"name":"Secure VPS in 2026 \u2013 Complete Security Checklist"}]},{"@type":"WebSite","@id":"https:\/\/serverexplorer.ledocdev.com\/#website","url":"https:\/\/serverexplorer.ledocdev.com\/","name":"Server Explorer","description":"Server Explorer SSH client - SFTP Explorer, VPS Security, terminal, Ai Integrated, Cron Management, Docker Manager for Linux servers on Mac and Windows","publisher":{"@id":"https:\/\/serverexplorer.ledocdev.com\/#organization"},"alternateName":"Server Files Explorer","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/serverexplorer.ledocdev.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/serverexplorer.ledocdev.com\/#organization","name":"Server Explorer","alternateName":"Server Files Explorer","url":"https:\/\/serverexplorer.ledocdev.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/logo\/image\/","url":"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2024\/01\/OIG.P8HQiZbb_YxAtGo_Pkmw-removebg-preview.png","contentUrl":"https:\/\/serverexplorer.ledocdev.com\/wp-content\/uploads\/2024\/01\/OIG.P8HQiZbb_YxAtGo_Pkmw-removebg-preview.png","width":500,"height":500,"caption":"Server Explorer"},"image":{"@id":"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/darrell_kidjo","https:\/\/www.linkedin.com\/in\/darrell-kidjo-ab49381a3\/"]},{"@type":"Person","@id":"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/person\/20f67c2affa11693453fec19477c9ec8","name":"darrellkidjo.dev","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/serverexplorer.ledocdev.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b13fcfe9f93b14f48665ec3a485024c9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b13fcfe9f93b14f48665ec3a485024c9?s=96&d=mm&r=g","caption":"darrellkidjo.dev"},"sameAs":["https:\/\/serverexplorer.ledocdev.com"],"url":"https:\/\/serverexplorer.ledocdev.com\/index.php\/author\/darrellkidjo-dev\/"}]}},"_links":{"self":[{"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/posts\/493","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/comments?post=493"}],"version-history":[{"count":2,"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/posts\/493\/revisions"}],"predecessor-version":[{"id":500,"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/posts\/493\/revisions\/500"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/media\/501"}],"wp:attachment":[{"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/media?parent=493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/categories?post=493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serverexplorer.ledocdev.com\/index.php\/wp-json\/wp\/v2\/tags?post=493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}