kastell

Kastell

Your infrastructure, fortified.

English | Türkçe

Why Kastell?

Server security is fragmented. Lynis scans but doesn't fix. OpenSCAP is powerful but complex. Custom scripts work until they don't -- and nobody maintains them. Each tool has its own output format, its own update cycle, its own learning curve.

Kastell takes a different approach: one CLI that audits, fixes, hardens, and monitors. Scan your server, apply safe fixes, lock it down to production standards, and keep watching -- all with the same tool.

AI-native from day one. Kastell ships with a built-in MCP server, so Claude, Cursor, or any MCP-compatible AI agent can manage your servers directly. Go from a prompt to production hardening in seconds.

You don't need four separate tools to secure a server.

Quick Start

# Interactive mode -- no commands to memorize
npx kastell

Running kastell without any arguments launches an interactive search menu with a gradient ASCII banner and quick-start examples. Browse actions by emoji-categorized groups, type to filter results instantly, and configure options step by step -- no need to remember any command names or flags.

 ██╗  ██╗  ██████╗  ███████╗████████╗███████╗██╗     ██╗
 ██║ ██╔╝  ██╔══██╗ ██╔════╝╚══██╔══╝██╔════╝██║     ██║
 █████╔╝   ███████║ ███████╗   ██║   █████╗  ██║     ██║
 ██╔═██╗   ██╔══██║ ╚════██║   ██║   ██╔══╝  ██║     ██║
 ██║  ██╗  ██║  ██║ ███████║   ██║   ███████╗███████╗███████╗
 ╚═╝  ╚═╝  ╚═╝  ╚═╝ ╚══════╝   ╚═╝   ╚══════╝╚══════╝╚══════╝

  KASTELL  v2.3.0  ·  Your infrastructure, fortified.

  $ kastell init --template production  → deploy a new server
  $ kastell status --all                → check all servers
  $ kastell secure setup                → harden SSH + fail2ban
  $ kastell maintain --all              → full maintenance cycle

? What would you like to do?
   Server Management
❯    Deploy a new server
     Add an existing server
     List all servers
     ...
   Security
     Harden SSH & fail2ban
     Manage firewall (UFW)
     ...

Each action includes sub-options (server mode, template, log source, port number, etc.) and a <- Back option to return to the main menu at any point.

If you already know the commands, you can still use them directly:

kastell init                    # Deploy a new server
kastell status my-server        # Check server status
kastell backup --all            # Backup all servers

Kastell handles server provisioning, SSH key setup, firewall configuration, and platform installation automatically.

What Makes Kastell Different?

Problem	Solution
Broke your server with an update?	Pre-update snapshot protection via maintain
No idea if your server is healthy?	Built-in monitoring, health checks, and doctor diagnostics
Security is an afterthought?	Firewall, SSH hardening, SSL, and security audits built-in
Backups? Maybe someday...	One-command backup & restore with manifest tracking
Managing multiple servers?	--all flag across backup, maintain, status, and health
Existing server not tracked?	kastell add brings any server under management
Don't want to memorize commands?	Just run kastell -- interactive menu guides you

Kastell vs Alternatives