38 lines
1.2 KiB
Markdown
38 lines
1.2 KiB
Markdown
# James-Old (192.168.1.17) — Security Baseline
|
|
Established: 2026-03-01
|
|
|
|
## SSH Authorized Keys (johan)
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4vdTyAAgy6PTsTLy64zQ8HwB3n3N3HQ3VfpLnItN7f johan@ubuntu2404
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvQUpzuHN/+4xIS5dZSUY1Me7c17EhHRJdP5TkrfD39 claude@macbook
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+9hJSfMkbe68VPbkRmaW/sFFmd3+QBmisJYLY+S6Cj james@forge
|
|
|
|
## Expected Users (uid>=1000)
|
|
nobody:65534 (system)
|
|
johan:1000
|
|
scanner:1001 (SMB scanner share)
|
|
snapd-range-524288-root:524288 (snap)
|
|
snap_daemon:584788 (snap)
|
|
|
|
## Expected Listening Ports
|
|
- 22 (SSH)
|
|
- 21 (FTP — vsftpd, known)
|
|
- 139/445 (Samba)
|
|
- 3389 (RDP — flagged for review, origin unknown)
|
|
- 8030 (message-bridge — all interfaces)
|
|
- 8080 (signal-cli)
|
|
- 9200 (dashboard)
|
|
- 18789 (OpenClaw)
|
|
- 19898 (Spacebot/Andrew)
|
|
|
|
## SSH Hardening
|
|
- Could not verify with user-level access (sshd -T requires root or sudoers)
|
|
|
|
## Known Firewall State
|
|
- UFW: not verified (user-level only access)
|
|
- LAN-only machine — limited external exposure
|
|
|
|
## Known Issues at Baseline
|
|
- Port 3389 (RDP) origin unknown — needs investigation
|
|
- fail2ban status not verified
|
|
- SSH hardening not directly verified
|