I have UFW installed, and I have enabled all the services I am using through that. I have setup Fail2Ban, disabled ssh password login, as well as root login. I use SSH-keys with a password on it. I do everything through sudo. Currently I am running MariaDB server, spigot 1.14.4 server, and Apache2. I also have another machine acting as a NAS for personal backups running FreeNAS. For the MariaDB server, every plugin has its own user and database, and root login is disabled (except through sudo). Is there any more that I can do? I want to make sure it is locked down as much as possible.