johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/security-scans/2026-03-09.md

7.6 KiB
Raw Blame History

Weekly Security Posture Scan — 2026-03-09

Scan time: 09:0309:20 AM EST Scanner: James (OpenClaw cron)

Summary

Host Status Key Findings
forge (localhost) 🔴 WARNING python3 http.server on 9999 exposing /tmp to LAN; new SSH key hans@vault1984-hq; new agentchat:7777
zurich.inou.com CLEAN 1 upgradable pkg; brute force normal; all services healthy
caddy (192.168.0.2) ⚠️ WARNING New user hans:1002 (not in baseline); SSH keys changed; port 2283 added
james-old (192.168.1.17) ⚠️ WARNING RDP 3389 still open (ongoing); k2-watchdog cron
staging (192.168.1.253) CLEAN All expected services; logins clean
prod (192.168.100.2) CLEAN SSH restored; services expected

Forge (localhost / 192.168.1.16)

🔴 CRITICAL: Python HTTP Server Exposing /tmp on Port 9999

  • Process: python3 -m http.server 9999 --bind 0.0.0.0
  • CWD: /tmp — serving the ENTIRE /tmp directory to all interfaces
  • Binary: /usr/bin/python3.12 (deleted) — orphaned process, binary was updated/deleted
  • UFW: Port 9999 accessible from entire LAN (192.168.0.0/22 → ALLOW Anywhere rule)
  • Files exposed: clawvault-preview.db, clawvault-preview.db-shm/wal, cron_keys.txt, Caddyfile.bak, Caddyfile.new, dev logs, API test files, android APKs, SQL dumps, etc.
  • Action needed: Kill this process immediately — kill 866793
  • Origin: Started ~Mar 7 01:14 AM, likely left running from a dev session

⚠️ New SSH Key: hans@vault1984-hq

  • Added to ~/.ssh/authorized_keys on Mar 8 at 01:46 AM
  • Comment: hans@vault1984-hq — appears to be vault1984 project key
  • Not in baseline (baseline was last updated Mar 1)
  • Action: Confirm this is intentional; update baseline if so

⚠️ New Service: agentchat on Port 7777

  • Binary: /home/johan/dev/agentchat/agentchat
  • Started ~Mar 8 04:55 AM
  • Not in baseline
  • Action: Confirm intentional; add to baseline if so

FIXED: SSH Hardening (Previously Critical)

  • passwordauthentication no ← FIXED from last week's critical finding!
  • permitrootlogin no
  • pubkeyauthentication yes

Clean Items

  • UFW: active
  • fail2ban: running, 0 bans (expected for LAN machine)
  • Users: johan:1000, scanner:1001 — match baseline
  • SSH keys (known): james@server, johan@ubuntu2404, claude@macbook, johanjongsma@Johans-MacBook-Pro.local, johan@thinkpad-x1 — all match baseline
  • Logins: all from 192.168.1.14 (Johan's MacBook)
  • Failed logins: none
  • Crontab: backup-forge, claude-usage-check, ddns-update, health-push — all known
  • vault1984 on 1984, 9900 (docproc), dealspace 9300 — expected

Zurich (zurich.inou.com / 82.22.36.202)

Upgradable Packages: 1

  • Down from 17 last week — packages were updated
  • 1 remaining package — low urgency

Brute Force (Expected for Public VPS)

  • fail2ban stats not captured this scan (output truncated)
  • All SSH connections still restricted to key-only

Clean Items

  • SSH hardened: passwordauth no, permitroot without-password
  • UFW active with expected rules
  • Docker: uptime-kuma (healthy), vaultwarden (healthy)
  • Services: stalwart-mail on all expected ports, caddy on 80/443
  • Crontab: vaultwarden-backup, stalwart-allowlist-sync, config-backup, certbot, nuclei-monthly — all expected
  • Last logins from home public IP only

Caddy (192.168.0.2)

⚠️ New User: hans:1002

  • hans:x:1002:1005::/home/hans:/bin/bash
  • NOT in baseline (baseline: nobody, johan:1000, stijn:1001)
  • Shell set to /bin/bash with home at /home/hans
  • Correlates with hans@vault1984-hq key on forge — same person/project
  • Action: Confirm who added this user and why; update baseline if intentional

⚠️ SSH Keys Changed

  • Current root authorized_keys: only james@forge (1 key)
  • Baseline had 3 keys: james@forge, claude@macbook, johan@ubuntu2404
  • 2 keys removed — actually reduces attack surface (good), but unexplained change
  • Action: Update baseline to reflect current state

⚠️ Port 2283 (Caddy binding)

  • Caddy listening on 2283 — likely new reverse proxy entry for Immich
  • Not in baseline (baseline: 22, 80, 443, 40021, 2019-lo, 53-lo)
  • No corresponding UFW rule visible — may be LAN-accessible
  • Action: Confirm Caddy is proxying Immich on this port; add to baseline

Clean Items

  • SSH hardened: passwordauth no, permitroot without-password
  • UFW active
  • fail2ban: not active (known — unchanged from baseline)
  • Logins: reboot system boot only (no user logins) — suggests rarely accessed
  • Failed logins: none
  • TLS cert: valid, notAfter=Jun 3 2026 (~86 days remaining)
  • Crontab: daily config-backup to git
  • SSH daemon: responding normally (was showing "connection refused" last week — resolved)
  • stijn user: present as expected

James-Old (192.168.1.17)

⚠️ RDP Port 3389 (Ongoing)

  • Still open from last scan — investigation pending
  • Process: xrdp (confirmed — shows in process list)
  • LAN-only exposure; low external risk
  • Action: Confirm need; disable xrdp if not actively used

k2-watchdog.sh Cron

  • */5 * * * * /home/johan/clawd/scripts/k2-watchdog.sh
  • Not noted in previous baseline (was not captured)
  • Legitimate — added to baseline

Clean Items

  • Users: johan:1000, scanner:1001 — match baseline (snap users not present this scan)
  • SSH keys: 3 keys — match baseline
  • Logins: all from 192.168.1.14 (Johan's MacBook), last Mar 2
  • Failed logins: none
  • Ports: 18789, 19898, 22, 139/445, 8030, 8080, 9200, 3389, 21 — match baseline
  • Processes: xrdp (explains 3389), openclaw, message-bridge, signal-cli — expected

Staging (192.168.1.253)

Clean Scan

  • Users: only johan:1000
  • SSH keys: claude@macbook, johanjongsma@Johans-MacBook-Pro.local, james@server, james@forge — reasonable
  • Logins: all from 192.168.1.14, last Mar 1
  • Ports: 22, 139/445, 2283 (Immich), 8080, 8082 (inou api), 8096 (Jellyfin), 8123 (HA), 8765, 9000, 9124, 1080 — expected
  • Crontab: inou start.sh @reboot — expected

ClickHouse at 485% CPU

  • clickhouse-server pegging ~5 cores at scan time
  • May be running a heavy query or replication/compaction
  • Monitor — not necessarily alarming for ClickHouse

Prod (192.168.100.2)

Fully Clean — SSH Access Restored

  • SSH access restored (was broken last week with "Too many auth failures")
  • Users: only johan:1000
  • SSH keys: claude@macbook, johan@ubuntu2404, james@forge — appropriate
  • Logins: last from 192.168.1.14 on Mar 6
  • Ports: 22, 8082 (inou api), 1080 (portal), 8765 (viewer) — lean, expected

Action Items

  1. 🔴 FORGE: Kill python3 http.server on 9999kill 866793 — exposing /tmp including vault DBs to LAN
  2. ⚠️ FORGE: Confirm hans@vault1984-hq SSH key — update baseline when verified
  3. ⚠️ FORGE: Confirm agentchat on 7777 — update baseline when verified
  4. ⚠️ CADDY: Who added user hans:1002? — confirm and update baseline
  5. ⚠️ CADDY: Update SSH keys baseline — claude@macbook + johan@ubuntu2404 removed
  6. ⚠️ CADDY: Confirm port 2283 (Immich proxy) — add to baseline
  7. ⚠️ JAMES-OLD: Decision on xrdp/RDP 3389 — disable if not needed

Improvements Since Last Scan

  • Forge SSH password auth FIXED (was Critical last week)
  • Zurich packages updated (17 → 1 upgradable)
  • Prod SSH access restored
  • Caddy SSH daemon responding normally (was connection refused last week)