clawd/memory/security-baselines/james-old.md

# James-Old (192.168.1.17) — Security Baseline
Established: 2026-02-22

## SSH Authorized Keys (johan)
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4vdTyAAgy6PTsTLy64zQ8HwB3n3N3HQ3VfpLnItN7f johan@ubuntu2404
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvQUpzuHN/+4xIS5dZSUY1Me7c17EhHRJdP5TkrfD39 claude@macbook
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+9hJSfMkbe68VPbkRmaW/sFFmd3+QBmisJYLY+S6Cj james@forge

## Expected Users (uid>=1000)
nobody:65534 (system)
johan:1000
snapd-range-524288-root:524288 (snap service — system)
snap_daemon:584788 (snap service — system)
scanner:1001 (SANE scanner service — system, nologin shell)

## Expected Listening Ports
- 22 (SSH)
- 21 (FTP — known)
- 139/445 (Samba)
- 3389 (RDP — xrdp, known)
- 3350 (xrdp-sesman — localhost)
- 8025 (message-center — localhost)
- 8030 (message-bridge — all interfaces)
- 9200 (dashboard)
- 1143 (Proton Bridge IMAP — localhost)
- 1025 (Proton Bridge SMTP — localhost)

## Known Firewall State
UFW: INACTIVE — ⚠️ no host firewall

## Known Issues at Baseline
- UFW inactive (known deficiency — retired machine)
- fail2ban not active
- RDP (3389) exposed — known, used for remote desktop
- 53 pending apt updates