Claude Code Plugins

Community-maintained marketplace

Feedback

vps-checkup

@jMerta/codex-skills
67
0

SSH into an Ubuntu VPS (Docker) for a read-only health/security/update report (UFW + fail2ban) and propose fixes; apply updates/restarts only with explicit confirmation.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name vps-checkup
description SSH into an Ubuntu VPS (Docker) for a read-only health/security/update report (UFW + fail2ban) and propose fixes; apply updates/restarts only with explicit confirmation. Use when the user wants a read-only VPS health/security check.

VPS checkup (Ubuntu + Docker)

Goal

  • Produce a clear, read-only health/security/update report for an Ubuntu VPS running Docker.
  • Propose safe, minimal fixes; do not apply changes or restart anything unless the user explicitly confirms.

Inputs to ask for (if missing)

  • SSH target host alias (from ~/.ssh/config on Windows: $HOME\\.ssh\\config) or user@ip.
  • Confirm sudo access and whether running apt update is allowed (it modifies package lists).
  • Required open ports (e.g., 22, 80, 443) and any non-standard SSH port.
  • Where deployments live: confirm if Docker Compose is used on the VPS (common), and whether compose files are in a known path.
  • If the local ssh client or required tools are missing, tell the user and ask whether to install them or provide command output manually.

Workflow (checklist)

  1. Connect safely
    • Keep a second SSH session open before any SSH/firewall changes.
    • Record identity/time/host: whoami, hostname -f, date -Is, uptime.
  2. Collect a read-only baseline (system)
    • OS/kernel: lsb_release -a (or cat /etc/os-release), uname -a.
    • CPU/mem/disk: top snapshot, free -h, df -hT, lsblk.
    • Services: systemctl --failed, journalctl -p 3 -xb --no-pager (use sudo if needed).
  3. Check security posture (read-only)
    • SSH: prefer sudo sshd -T (fallback to sudo cat /etc/ssh/sshd_config + sshd_config.d/).
    • Firewall: sudo ufw status verbose (and sudo ufw status numbered).
    • Fail2ban: sudo fail2ban-client status (+ status sshd if present).
    • Listening ports: ss -tulpn (use sudo if needed).
  4. Check update posture (read-only by default)
    • If user allows: run sudo apt update to ensure accurate results.
    • Then collect: apt list --upgradable, ubuntu-security-status (if available), and /var/run/reboot-required presence.
    • Check unattended upgrades: systemctl status unattended-upgrades --no-pager and /var/log/unattended-upgrades/.
  5. Check Docker health (read-only)
    • Daemon status: systemctl status docker --no-pager, docker info.
    • Containers: docker ps, unhealthy/restarting containers, recent restarts, and docker stats --no-stream.
    • Disk usage: docker system df and large log growth indicators.
    • Compose overview: docker compose ls (then inspect key projects as needed).
  6. Produce the report + recommendations
    • Use references/report-template.md.
    • Use references/ubuntu-docker-checkup-commands.md for a copy/paste command set.
    • Rank findings by severity and explicitly list what requires confirmation (updates, firewall changes, SSH changes, restarts, pruning, reboot).
  7. Apply fixes (ONLY with explicit confirmation)
    • Do not run apt upgrade, change UFW rules, change SSH auth, prune Docker, restart services/containers, or reboot unless the user says to.

Safety gates (non-negotiable)

  • No restarts (Docker/system services) unless the user explicitly asks for restart.
  • No SSH/firewall changes unless you have a backup access path (second session open) and the user confirms the plan.
  • Never paste secrets (tokens, private keys) into chat or logs.

Deliverable

Provide:

  • A read-only report using references/report-template.md.
  • A prioritized list of recommended fixes and which ones require explicit confirmation.
  • The exact commands run (or requested if the user ran them manually).