johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/memory/security-baselines/caddy.md

1.1 KiB
Raw Blame History

Caddy (192.168.0.2) — Security Baseline

Established: 2026-02-22

Root SSH Authorized Keys

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+9hJSfMkbe68VPbkRmaW/sFFmd3+QBmisJYLY+S6Cj james@forge ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvQUpzuHN/+4xIS5dZSUY1Me7c17EhHRJdP5TkrfD39 claude@macbook ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4vdTyAAgy6PTsTLy64zQ8HwB3n3N3HQ3VfpLnItN7f johan@ubuntu2404

Expected Users (uid>=1000)

nobody:65534 (system) johan:1000 stijn:1001 (/var/www/flourishevents — web service account, nologin equivalent)

Expected Listening Ports

  • 22 (SSH)
  • 80/443 (Caddy reverse proxy)
  • 40021 (vsftpd passive FTP)
  • 2019 (Caddy admin API — localhost)
  • 53 (systemd-resolved — localhost)

SSH Hardening

  • PasswordAuthentication: no
  • PermitRootLogin: without-password
  • PubkeyAuthentication: yes

Known Firewall State

UFW: ACTIVE Rules: SSH (LIMIT from LAN), 80/443 (ALLOW), 40021 (ALLOW), 40000-40010 (ALLOW — FTP passive)

Known Issues at Baseline

  • fail2ban not active
  • vsftpd running (FTP) — known for flourishevents site
  • User stijn exists (/var/www/flourishevents) — web service account