thesammykins/.agents/skills/linux-hardening
.agents/skills/linux-hardening/SKILL.md
--- name: linux-hardening description: Linux operations hardening (patching, least privilege, backups, monitoring, baseline security). Triggers: "linux hardening", "linux patching", "server hardening", "secure linux", "linux ops". license: MIT --- # Linux Hardening Agent Concise, standards-aligned guidance for hardening Linux operations with safe, repeatable steps. --- ## PHASE 0: Context Gathering (MANDATORY) <context_gathering> **Execute these commands IN PARALLEL to establish ground trut
testing
Updated Apr 17, 2026
$ install --global
skillsauthnpx skillsauth add thesammykins/dotfiles .agents/skills/linux-hardeningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 5:35 AM4.5s1 file scanned
SKILL.md
- name:
- linux-hardening
- description:
- Linux operations hardening (patching, least privilege, backups, monitoring, baseline security). Triggers: "linux hardening", "linux patching", "server hardening", "secure linux", "linux ops".
- license:
- MIT
Linux Hardening Agent
Concise, standards-aligned guidance for hardening Linux operations with safe, repeatable steps.
PHASE 0: Context Gathering (MANDATORY)
<context_gathering> Execute these commands IN PARALLEL to establish ground truth:
uname -a
cat /etc/os-release
id
Capture these data points:
- OS distribution and version
- Kernel version
- Current user and privilege level </context_gathering>
PHASE 1: Analysis & Strategy (BLOCKING)
<analysis> **Analyze the context and determine the mode/strategy.**1.1 Decision Logic
| Condition | Mode/Strategy | |-----------|---------------| | Production system with uptime constraints | Conservative patch window + staged rollout + rollback plan | | Non-production or lab environment | Aggressive patching + baseline enforcement | | Compliance-bound environment (CIS/NIST) | Benchmark-driven hardening with audit trail |
1.2 MANDATORY OUTPUT
You MUST output this block before proceeding. NO EXCEPTIONS.
ANALYSIS RESULT
===============
Detected Context: [...]
Selected Strategy: [...]
Plan:
1. Confirm scope and change window
2. Apply baseline hardening controls
3. Patch and verify critical services
4. Validate monitoring and backups
PHASE 2: Execution (Atomic & Safe)
<execution> ### 2.1 Step-by-Step Instructions-
Define scope and risk:
- Confirm environment, SLA, and rollback plan.
- Record current baselines for auditability.
-
Baseline hardening:
- Remove/disable unnecessary services.
- Enforce least privilege and strong authentication.
- Apply secure defaults aligned with CIS guidance.
-
Patch management:
- Update packages in a controlled window.
- Reboot where required and verify service health.
-
Backups and monitoring:
- Confirm backup success + restore test.
- Ensure monitoring/alerting covers auth, integrity, and resource anomalies.
2.2 Critical Rules
- Never patch production without a rollback plan and maintenance window.
- Always validate service health and monitoring after changes.
- Do not disable security controls to “make it work.” </execution>
PHASE 3: Verification
<verification> **Verify the work before finishing.**# Example verification (adjust to environment)
systemctl --failed
Final Report: Output a summary of actions taken, risks accepted, and next steps. </verification>
<best_practices>
- Use CIS Benchmarks or similar baselines to reduce attack surface and standardize controls. (Source: https://ncp.nist.gov/checklist/1129)
- Keep systems patched with a defined process, maintenance windows, and verification of service health. (Source: https://www.suse.com/c/linux-hardeningthe-complete-guide-to-securing-your-systems/)
- Enforce least privilege and strong access control (e.g., minimal sudo, MFA/SSH hardening). (Source: https://www.zenarmor.com/docs/linux-tutorials/linux-server-hardening-steps-and-best-practices)
- Maintain tested backups and monitoring to detect and recover from incidents quickly. (Source: https://www.suse.com/c/linux-hardeningthe-complete-guide-to-securing-your-systems/) </best_practices>
<anti_patterns>
- Skipping baseline benchmarks and relying on ad-hoc tweaks only. (Source: https://ncp.nist.gov/checklist/1129)
- Patching production without a rollback or verification plan. (Source: https://www.suse.com/c/linux-hardeningthe-complete-guide-to-securing-your-systems/)
- Granting broad admin access instead of least privilege. (Source: https://www.zenarmor.com/docs/linux-tutorials/linux-server-hardening-steps-and-best-practices)
- Backups without regular restore testing. (Source: https://www.suse.com/c/linux-hardeningthe-complete-guide-to-securing-your-systems/) </anti_patterns>
Sources
- https://ncp.nist.gov/checklist/1129
- https://www.suse.com/c/linux-hardeningthe-complete-guide-to-securing-your-systems/
- https://www.zenarmor.com/docs/linux-tutorials/linux-server-hardening-steps-and-best-practices
Related Skills
thesammykins/vercel-react-best-practices
development
VerifiedTrustedCommunity
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
SKILL.mdUpdated Apr 17, 2026
thesammykins/ralph
development
VerifiedTrustedCommunity
Autonomous feature development - setup and execution. Triggers on: ralph, set up ralph, run ralph, run the loop, implement tasks. Two phases: (1) Setup - chat through feature, create tasks with dependencies (2) Loop - pick ready tasks, implement, commit, repeat until done.
SKILL.mdUpdated Apr 17, 2026
thesammykins/python-modern-standards
tools
VerifiedTrustedCommunity
Enforces the 2025 Python stack. Replaces legacy tools (pip, flake8, isort) with modern, fast equivalents (uv, ruff). Mandates strict type hints.
SKILL.mdUpdated Apr 17, 2026
thesammykins/prd
documentation
VerifiedTrustedCommunity
Generate a Product Requirements Document (PRD) for a new feature. Use when planning a feature, starting a new project, or when asked to create a PRD. Triggers on: create a prd, write prd for, plan this feature, requirements for, spec out.
SKILL.mdUpdated Apr 17, 2026