Kastell

Runs 413+ security checks across your Linux servers and exposes them through MCP tools so Claude can audit SSH configs, review firewall rules, and scan for CIS compliance gaps. Beyond read-only audits, it provisions servers on Hetzner, DigitalOcean, AWS, and Linode, applies SSH hardening and fail2ban setup, manages UFW firewall rules, and handles full maintenance cycles with pre-update snapshots. The MCP layer surfaces 14 tools covering deployment, security lockdown, backup/restore, and health monitoring. If you're managing a fleet and want an AI agent that can both diagnose weak SSL ciphers and actually fix them, this bridges the gap between audit output and remediation commands.