Services
Engagement
A calm, audit-friendly plan

Share your environment + goals. We’ll propose a minimal baseline, then iterate module-by-module.

scan first backup-first rollback
Resources
Calm ops — fewer surprises, better visibility, cleaner history.
Bring your environment details — we’ll propose a minimal plan.
Contact →
Hitsukaya • Doragon Framework

Build systems that stay stable, simple, and secure.

Hardened Linux ops with a modular framework: SELinux, firewall profiles, Fail2Ban jails, secure defaults, and clean dashboards — built to scale from solo VPS to enterprise-grade environments.
Hitsukaya builds security-focused tooling and infrastructure patterns — from hardened server baselines to composable Laravel-first UI — designed for production reliability and auditability.

STABILITY SIMPLICITY SECURE BY ARCHITECTURE
Focus areas
Linux hardening Fail2Ban / firewall Systemd timers SELinux / Sftp Toggle on/off

Built for AlmaLinux/RHEL-like environments • DevOps-ready • Audit-friendly defaults

Built for
AlmaLinux / RHEL-like
Principle
Secure by Architecture
doragon@hitsukaya • CLI
live
DORAGON FRAMEWORK
Built for
Built for AlmaLinux/RHEL-like environments • DevOps-ready • Audit-friendly defaults
Principle
Attack surface Reduced
Default policies Strict
Ops workflow Modular
Quick install
Bash • AlmaLinux / RHEL-like
curl -fsSL https://hitsukaya.com/doragon/install.sh -o install-doragon.sh | bash install-doragon.sh
✓ No telemetry ✓ No external dependencies ✓ Reversible changes
Doragon Framework is open source
View on GitHub →
Technical depth

How Doragon works

Doragon applies a consistent baseline, verifies service posture, and produces auditable reports. No opaque automation — just clear modules and predictable outputs.

Step 1
Detect

Identify platform capabilities (systemd, SELinux, Fail2Ban, firewall).

Step 2
Enforce

Apply baseline policies and safe defaults via modular operations.

Step 3
Report

Generate a security score + logs you can audit and archive.

Flow
doragon
  ├─ doragon status - Check quality review
  ├─ harden/*      (apply baseline)
  ├─ services/*    (verify services)
  └─ report/*      (score + output)
      
Security model

Secure by architecture

Doragon is designed to stay predictable and auditable. It avoids opaque automation and favors explicit configuration, clear modules, and rollback-friendly operations.

Principles

  • Least privilege by default
  • Auditable configuration and outputs
  • Minimal moving parts
  • Backup-first changes

Non-goals

  • No magic “one-click fix everything”
  • No hidden remote execution layer
  • No intrusive always-on agent (by default)
  • No destructive changes without confirmation
Security

Responsible Disclosure

If you discover a security vulnerability related to Doragon or the Hitsukaya infrastructure, please report it responsibly. We take security issues seriously and aim to respond promptly.

  • Provide a clear description of the issue
  • Include reproduction steps if possible
  • Avoid public disclosure before coordination
security@hitsukaya.com
Architecture

Designed for predictable operations

Doragon is a modular infrastructure framework operated through a CLI interface. The framework provides system checks, hardening modules, and reporting capabilities, while the CLI acts as the operational entry point for administrators.

System architecture
┌─────────────────────────┐
│     Operator / Admin    │
│     SSH / terminal      │
└─────────────┬───────────┘
              │
              │ doragon commands
              ▼
┌─────────────────────────┐
│     CLI Interface       │
│  status • doctor • run  │
│  report • diagnose      │
└─────────────┬───────────┘
              │
              │ invokes framework
              ▼
┌─────────────────────────────────────────┐
│           Doragon Framework             │
│                                         │
│  modules      checks      services      │
│  security     network     reporting     │
│  helpers      configs     utilities     │
└───────────────┬─────────────────────────┘
                │
                │ interacts with system
                ▼
┌─────────────────────────────────────────┐
│            RHEL-like Host               │
│                                         │
│  systemd • SELinux • logs               │
│  Fail2Ban • firewall • services         │
│  system configuration & state           │
└─────────────────────────────────────────┘

    (Observability Layer - Optional)

┌─────────────────────────┐
│   Doragon Control Panel │
│                         │
│  security score         │
│  activity timeline      │
│  reports & history      │
└─────────────────────────┘
                    

Core idea

Doragon separates operational access from framework logic. The CLI exposes the framework capabilities while modules remain modular, auditable, and predictable.

Inputs / outputs

  • Inputs: configuration profiles, service state, logs
  • Outputs: system status, security score, audit reports

Panel boundary

The control panel focuses on observability and reporting. Core hardening logic remains inside the framework and CLI modules to keep operations transparent.

CLI

Operate from the command line

Doragon is operated through a clean CLI interface designed for predictable infrastructure operations and auditable system checks.

System status
$ doragon status

Security score: 92
Fail2Ban: active
Firewall: active
SELinux: enforcing
Diagnostics
$ doragon doctor

Checking services...
Checking SELinux...
Checking Fail2Ban...

System health: OK
Generate report
$ doragon report

Collecting logs...
Analyzing services...
Generating audit report...

Report ready
Operator-first design

Hardening you can audit.

Doragon is a modular infrastructure security framework operated through a CLI. It enforces strict defaults, keeps changes reversible, and produces reports meant to be archived.

RHEL-like systemd SELinux Fail2Ban
  • Coverage SSH / HTTP / DB protections (Fail2Ban profiles & filters)
  • Posture strict defaults, minimal surface, least privilege
  • Audit status + score + reports designed for review and history
Integrates with
common infra primitives
Nginx
PHP-FPM
SELinux
Fail2Ban
systemd
Logrotate
Principle
Secure by Architecture strict defaults, minimal surface, backup-first changes.
Boundary
The CLI owns hardening logic. The panel (MVP) focuses on observability and history.
Capabilities

Security posture, executed via CLI.

Doragon is a modular hardening & operations toolkit for RHEL-like hosts. Changes are explicit, reversible, and designed for audit-friendly outputs.

What Doragon provides
modules + reports
  • Fail2Ban coverage
    SSH + web patterns (Nginx auth/error, app scans) with visible jails, bans, and safe unban workflows.
  • Firewall baseline
    A reduced attack surface by default: explicit ports, predictable rules, and clear status output.
  • SELinux & permissions hygiene
    Guardrails for production posture: consistent policy checks and permission sanity to avoid “silent drift”.
  • Services & health visibility
    Operational status for core services (web / db / cache) + system health (uptime, load, disk, memory).
  • SSH / SFTP controls
    Admin-friendly toggles and checks designed to be reversible, with backups before changes.
  • SFTP access control
    Manage SFTP access safely using a dedicated Doragon configuration. Access rules are defined in /etc/doragon/sftp.conf, keeping SSH configuration clean while maintaining reversible, backup-first updates.
  • Diagnose + reports
    Diagnostics that summarize posture and generate audit-ready reports for archiving and review.
Everything is driven by config and produces readable output — no hidden automation.
Operational contract
Config-first a predictable baseline driven by /etc/doragon.
Backup-first changes before any write, keep rollback paths clear.
Audit-friendly outputs status + score + reports designed for review, not screenshots.
Clear boundaries hardening stays in the CLI; the panel focuses on observability and history.
Compatibility
RHEL-like systemd SELinux Fail2Ban Nginx Logrotate
Supported: AlmaLinux / Rocky Linux. FreeBSD support planned.
Panel (MVP)
Coming soon: security score, WARN/CRIT counts, Fail2Ban activity, service health, and jobs history with downloadable reports.
status • score • history
Start with the baseline, then add modules as your needs grow.
CLI preview

Calm output. Clear posture.

Doragon prints operator-friendly output designed for terminals and audit trails. Commands are explicit, changes are reversible, and reports are built for archiving.

Style
Readable
Outputs
Auditable
Noise
Minimal
doragon@terminal

          
Tip: outputs are designed to be archived per server.
Docs →

Driven by /etc/doragon/doragon.conf (e.g. DORAGON_PROFILE=WebServer).
Quick verify
60 seconds
Posture
$ doragon status
Bans
$ doragon f2b status
Dry run
$ doragon diagnose --dry-run
Solo profile is optimized for quick reads and safe defaults.
Handoff checklist
review-friendly
  • Run a report per host and archive it consistently.
  • Keep the same profile + modules across environments.
  • Use stable naming for outputs (host + date).
  • Prefer readable diffs over ad-hoc changes.
Example: doragon report → archive per host (e.g. hitsukaya-2026-03-05.txt).
Hardening guardrails
Posture

Defaults bias toward least privilege and reduced surface. Changes remain explicit and reversible.

Emphasis: strict baseline, fewer surprises.
Audit outputs
Audit

Stable structure for score/WARN/CRIT and reports so evidence can be archived and compared over time.

Emphasis: archive-ready evidence.
Enterprise contract
predictable • reversible
  • Config-first baseline driven by /etc/doragon.
  • Backup-first changes rollback stays obvious before any write.
  • No hidden automation hardening logic remains in CLI modules.
  • Panel boundary panel (MVP) is observability + history.
Archive tip: doragon report per host for consistent evidence.
Start with a profile, then add modules only when needed.
Same baseline philosophy — strict defaults, minimal surface, backup-first changes.
Modules

Pick the pieces. Keep the root clean.

Small, auditable modules. Reversible changes. No hidden automation.

No modules match your search. Try a different keyword.
FAQ

Clear answers, no marketing fog.

Security-first products need clarity. Here’s what Hitsukaya and Doragon are — and what they are not.

clarity audit reversible
Principle
“Secure by Architecture”

The baseline is opinionated, but not opaque. You should always be able to understand what changed, why it changed, and how to roll it back.

Default stance
Minimal exposure
Workflow
Scan → dry-run → apply
Design
Calm operator UX
Still have questions?
Reach out with your environment details and goals.

HITSUKAYA