Last updated: 2026-05-17.

What this site is

stackharden.com publishes infrastructure hardening guides, audit scripts, and compliance-mapped checklists for sysadmins and small agencies. Content reflects our best understanding at the date each page was written or last reviewed.

What this site is not

  • Authoritative. Linux distributions, package versions, kernel releases, third-party services, and security guidance all change continuously. A guide accurate when published may be partly inaccurate now.
  • A substitute for testing. Every script and configuration here must be tested on a representative non-production system before being applied to production. Operating systems, package versions, and local configurations differ in ways that affect outcomes — sometimes destructively.
  • Legal or audit advice. NIS2, ISO 27001, and GDPR references on this site are written to be accurate and useful for infrastructure work, but they are not legal advice. Use them as input to a formal assessment, not as the assessment itself.
  • A warranty. Content is provided “as is”, without warranty of any kind. The authors and Data Vision IT Consulting Limited accept no liability for loss or damage arising from use of, or reliance on, any material on this site.

How to use the content responsibly

  • Read first. Every script’s source is rendered inline on its page — audit before downloading or running.
  • Test on staging first. Run hardening changes on a non-production copy of the target system, verify outcomes, then roll forward.
  • Snapshot before changing. On a VPS, take a provider snapshot before applying any baseline. Restoring a snapshot is cheaper than diagnosing what an unexpected configuration change broke.
  • Match the OS version. Each guide names the OS and software version it was tested on (for example, Ubuntu 24.04 LTS, PostgreSQL 16.x). Behaviour on a different version can vary subtly or significantly — verify on yours.
  • Check freshness. Where a guide’s “Tested on” header is more than 12 months old, treat the content as a starting point and verify against current upstream documentation before acting.

Reporting issues

If you find an error, an out-of-date recommendation, or something materially misleading, please get in touch — contact addresses are in the privacy notice. For security issues in scripts hosted on this site, use the security address listed there.