chocolate
Hello, My first question is whether your server connected to internet to install packages directly? If yes, all packages installation can be easily done using script.
Coming to other points -
1. I have created a script for Redhat OS using CIS benchmark standards, most of your security requirement falls in the same category.
2. Are you using Openssh? Then your SSH requirement is done using parameters "PermitRootLogin" and "port" in the sshd_config file.
3. You need to pass me the ssh-key which need to be updated in the authorized_key file to setup "Password Less" login.
4. ufw firewall can configured using script
5. Fail2ban is new to me - but if is only install, that can be managed.
If Interested, please contact me or ping me.
It will take 3 - 5 days to incorporate these tasks in a script and test.
I don't have an Ubuntu 16.04, so I will download and install and test my script before handing over to you.
Please note - I am new to freelance, so I don't have a reference to provide you.