Security — ServerKit Documentation

Network and Host Hardening

ServerKit provides visual management of UFW and firewalld firewalls, Fail2ban brute-force protection, ModSecurity v3 with OWASP CRS Web Application Firewall policies, SSH authorized key management, and IP allowlist/blocklist controls. Lynis system security audits can be run directly from the dashboard.

Malware and Integrity

ClamAV scans host files and directories with quarantine and history. File integrity monitoring baselines critical paths and reports changes. WordPress sites benefit from core and plugin checksum verification. Container images can be scanned for CVEs with Anchore grype/syft, generating SBOMs and deploy gates.

Authentication and Access

ServerKit uses JWT authentication with role-based access control, workspaces, per-resource grants, and audit logging. Additional factors include TOTP 2FA with backup codes, WebAuthn/passkeys, and SSO through Google, GitHub, generic OpenID Connect, and SAML 2.0.

SSL and Monitoring

Let's Encrypt certificates are provisioned and renewed automatically with expiry checks and a TLS 1.2+/AEAD cipher floor. Anomaly detection watches for auth failures, new IPs, blocked IPs, and replay attacks, dispatching alerts through email, Slack, Discord, Telegram, or webhooks.