backup-strategy

This repository contains [Agent Skills](https://agentskills.io/) for securing Virtual Private Servers (VPS). These skills enable AI coding assistants to automatically configure server security following proven hardening techniques.

Within 60 seconds of spinning up a new VPS, someone is already trying to break in. Automated bots constantly scan the entire internet looking for vulnerable servers. These skills help you secure your server before attackers find it.

| Skill | Description |

|-------|-------------|

| [auto-updates](secure-server-setup/auto-updates/) | Configure automatic security updates to patch vulnerabilities |

| [ssh-hardening](secure-server-setup/ssh-hardening/) | Disable root login, enforce SSH keys, create non-root users |

| [firewall-configuration](secure-server-setup/firewall-configuration/) | Set up UFW firewall with default-deny policies |

| [fail2ban-setup](secure-server-setup/fail2ban-setup/) | Automatically ban IPs showing brute-force behavior |

| [backup-strategy](secure-server-setup/backup-strategy/) | Implement automated backups with off-server storage |

Installation

Using Skills CLI:

```bash

# With npm

npx skills add mikr13/secure-server-setup-skills

# Or with Bun

bunx skills add mikr13/secure-server-setup-skills

```

Using Context7 CLI:

```bash

# With npm

npx ctx7 skills install /mikr13/secure-server-setup-skills

# Or with Bun

bunx ctx7 skills install /mikr13/secure-server-setup-skills

```

Usage with AI Assistants

Once installed, prompt your AI assistant:

```

Harden my new Ubuntu VPS server with all security best practices

```

Or target specific security areas:

```

Set up SSH hardening and firewall on my server

```

```

Configure automatic backups to AWS S3

```

No time for the full security setup? Here's the absolute minimum you should do on a new VPS:

```bash

# Update everything

sudo apt update && sudo apt upgrade -y

# Create non-root user

adduser deployer && usermod -aG sudo deployer

# Basic firewall

sudo apt install ufw

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw allow ssh

sudo ufw enable

# Fail2ban with defaults

sudo apt install fail2ban

sudo systemctl enable fail2ban

# Disable root password login

sudo passwd -l root

```

Then: Set up SSH keys, disable password authentication, and configure proper backups as soon as possible.

Use this checklist for every new VPS:

• [ ] Update all packages
• [ ] Enable automatic security updates
• [ ] Create non-root user with sudo
• [ ] Set up SSH key authentication
• [ ] Disable password authentication
• [ ] Disable root login
• [ ] Configure firewall (UFW)
• [ ] Install Fail2ban
• [ ] Disable unnecessary services
• [ ] Set up off-server backups

The Problem

Most VPS instances have the same critical mistakes:

1. Not updating the system - Running known-vulnerable software
2. Logging in as root - One typo can destroy everything
3. Using password authentication - Passwords can be brute-forced
4. No firewall - Every port accessible to the internet
5. No brute-force protection - Bots hammering login attempts 24/7
6. Running unnecessary services - More attack surface
7. No backups - Can't recover from compromise

The Solution

These skills fix all of these issues systematically:

• Auto-updates: Patches known vulnerabilities automatically
• SSH hardening: Keys instead of passwords, no root access
• Firewall: Default deny, whitelist required services only
• Fail2ban: Three strikes and you're banned for an hour
• Backups: Quick recovery if something goes wrong

Each skill includes:

```

skill-name/

├── SKILL.md # Main skill documentation with YAML frontmatter

├── scripts/ # Executable setup/automation scripts

│ └── setup-*.sh # Automated configuration scripts

└── references/ # Detailed reference documentation

└── *.md # In-depth guides and troubleshooting

```

If you prefer to implement these manually without AI assistance, each skill's scripts/ directory contains ready-to-run bash scripts:

```bash

# Run any setup script

sudo bash secure-server-setup/auto-updates/scripts/setup-auto-updates.sh

sudo bash secure-server-setup/ssh-hardening/scripts/setup-ssh-hardening.sh

sudo bash secure-server-setup/firewall-configuration/scripts/setup-firewall.sh

sudo bash secure-server-setup/fail2ban-setup/scripts/setup-fail2ban.sh

sudo bash secure-server-setup/backup-strategy/scripts/backup-full.sh

```

• Agent Skills Standard: [agentskills.io](https://agentskills.io/)
• Skills Marketplace: [skills.sh](https://skills.sh/)
• Vercel Skills FAQ: [Agent Skills Explained](https://vercel.com/blog/agent-skills-explained-an-faq)

Contributions are welcome! To suggest improvements:

1. Open an issue to discuss your idea
2. Fork this repository
3. Create a feature branch
4. Submit a pull request

All skills must follow the [Agent Skills Standard](https://agentskills.io/specification).

MIT License - see [LICENSE](LICENSE) file for details.

Security practices based on:

• Original Twitter thread by [@brankopetric00](https://x.com/brankopetric00/status/2017283246254436501)
• Industry standard hardening guidelines
• OWASP security recommendations
• Real-world VPS deployment experience
• CIS Benchmarks for Linux

These skills implement defense in depth - multiple layers of security working together. No single measure is perfect, but combined they significantly reduce your attack surface.

Most attackers are lazy. They're looking for default passwords, unpatched software, and misconfigured services. Make your server slightly harder than the next one, and they'll move on.

---

Remember: Security is not a one-time setup. Regular updates, monitoring, and testing are essential for maintaining a secure server.