One-command security hardening that implements many enterprise-grade protections (DISA STIG + CIS) while allowing the user to decide the level of protection / use trade-off. This enables casual use and more strict.

Version 4.2 - Critical Fixes for Module(s) Execution - Tested WORKING on Debian 13

• Enables your firewall (UFW) - but keeps Steam, Discord, KDE Connect working
• Hardens SSH - prevents brute force attacks if you use remote access
• Blocks repeated failed logins - automatic IP banning with Fail2Ban
• Installs antivirus - ClamAV (yes, Linux can get malware)
• Secures the kernel - protection against memory exploits and attacks
• Sets up file integrity monitoring - alerts you if system files change
• Enforces strong passwords - because "password123" is still too common
• Enables automatic security updates - patches critical bugs while you sleep
• Configures audit logging - forensics and evidence if something happens
• Applies kernel hardening - makes exploits far harder to pull off
• Secures boot process - protects against physical attacks
• Removes unnecessary packages - smaller attack surface

Extensive documentation in the Readme.