Kastell
Your infrastructure, fortified.
English | Türkçe
Why Kastell?
Server security is fragmented. Lynis scans but doesn't fix. OpenSCAP is powerful but complex. Custom scripts work until they don't -- and nobody maintains them. Each tool has its own output format, its own update cycle, its own learning curve.
Kastell takes a different approach: one CLI that audits, fixes, hardens, and monitors. Scan your server, apply safe fixes, lock it down to production standards, and keep watching -- all with the same tool.
AI-native from day one. Kastell ships with a built-in MCP server, so Claude, Cursor, or any MCP-compatible AI agent can manage your servers directly. Go from a prompt to production hardening in seconds.
You don't need four separate tools to secure a server.
Quick Start
# Interactive mode -- no commands to memorize
npx kastell
Running kastell without any arguments launches an interactive search menu with a gradient ASCII banner and quick-start examples. Browse actions by emoji-categorized groups, type to filter results instantly, and configure options step by step -- no need to remember any command names or flags.
██╗ ██╗ ██████╗ ███████╗████████╗███████╗██╗ ██╗
██║ ██╔╝ ██╔══██╗ ██╔════╝╚══██╔══╝██╔════╝██║ ██║
█████╔╝ ███████║ ███████╗ ██║ █████╗ ██║ ██║
██╔═██╗ ██╔══██║ ╚════██║ ██║ ██╔══╝ ██║ ██║
██║ ██╗ ██║ ██║ ███████║ ██║ ███████╗███████╗███████╗
╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝ ╚═╝ ╚══════╝╚══════╝╚══════╝
KASTELL v2.2.4 · Your infrastructure, fortified.
$ kastell init --template production → deploy a new server
$ kastell status --all → check all servers
$ kastell secure setup → harden SSH + fail2ban
$ kastell maintain --all → full maintenance cycle
? What would you like to do?
Server Management
❯ Deploy a new server
Add an existing server
List all servers
...
Security
Harden SSH & fail2ban
Manage firewall (UFW)
...
Each action includes sub-options (server mode, template, log source, port number, etc.) and a <- Back option to return to the main menu at any point.
If you already know the commands, you can still use them directly:
kastell init # Deploy a new server
kastell status my-server # Check server status
kastell backup --all # Backup all servers
Kastell handles server provisioning, SSH key setup, firewall configuration, and platform installation automatically.
What Makes Kastell Different?
| Problem | Solution |
|---|---|
| Broke your server with an update? | Pre-update snapshot protection via maintain |
| No idea if your server is healthy? | Built-in monitoring, health checks, and doctor diagnostics |
| Security is an afterthought? | Firewall, SSH hardening, SSL, and security audits built-in |
| Backups? Maybe someday... | One-command backup & restore with manifest tracking |
| Managing multiple servers? | --all flag across backup, maintain, status, and health |
| Existing server not tracked? | kastell add brings any server under management |
| Don't want to memorize commands? | Just run kastell -- interactive menu guides you |