Releases: superchaospc/new-vps-harden
Release list
v0.3.2
Ubuntu Noble cloud image compatibility release.\n\nChanges:\n- Write hardening settings to /etc/ssh/sshd_config.d/00-hardening.conf so cloud image drop-ins such as 00-permit-root-password-auth.conf cannot override password/root login hardening.\n- Exclude and clean up the legacy 99-hardening.conf created by older releases.\n- README documents the Ubuntu Noble drop-in priority behavior.
v0.3.1
Rerun safety fix.\n\nChanges:\n- Preserve the target SSH port when rerunning the script, even if that port was only declared by the previous hardening drop-in.\n- Move UFW allow until after sshd validation/restart/listening checks pass, so failed SSH changes do not leave unused UFW rules.
v0.3.0
Safety hardening release.\n\nChanges:\n- Avoid duplicate Port lines when existing sshd config already declares a port.\n- Back up and restore the hardening drop-in if sshd validation or restart fails.\n- Use fail2ban backend = systemd for modern Debian/Ubuntu images.\n- Automatically allow the new SSH port in UFW when UFW is active.\n- Poll for sshd listening ports after restart instead of sleeping once.\n- Require Bash 4+.\n- Match listening sockets more strictly against the sshd process.
v0.2.0
Port auto-detection release.\n\nChanges:\n- When no port is provided, detect the current SSH ports first.\n- If SSH still listens on port 22, add the default high port 52222.\n- If SSH already uses a non-22 port, keep the current port and only apply the remaining hardening.\n- When changing ports, keep the existing port as a temporary fallback.\n- Configure fail2ban to watch the actual listening SSH ports.
v0.1.0
Initial release of new-vps-harden.\n\nHighlights:\n- Harden SSH for new Debian/Ubuntu VPS instances.\n- Disable password authentication and restrict root password login.\n- Add a high SSH port while temporarily keeping port 22 open.\n- Install and restart fail2ban with an sshd jail.\n- Validate effective sshd settings before reporting success.