34 lines
1.1 KiB
Markdown
34 lines
1.1 KiB
Markdown
# Caddy (192.168.0.2) — Security Baseline
|
|
Established: 2026-02-22
|
|
|
|
## Root SSH Authorized Keys
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+9hJSfMkbe68VPbkRmaW/sFFmd3+QBmisJYLY+S6Cj james@forge
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvQUpzuHN/+4xIS5dZSUY1Me7c17EhHRJdP5TkrfD39 claude@macbook
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4vdTyAAgy6PTsTLy64zQ8HwB3n3N3HQ3VfpLnItN7f johan@ubuntu2404
|
|
|
|
## Expected Users (uid>=1000)
|
|
nobody:65534 (system)
|
|
johan:1000
|
|
stijn:1001 (/var/www/flourishevents — web service account, nologin equivalent)
|
|
|
|
## Expected Listening Ports
|
|
- 22 (SSH)
|
|
- 80/443 (Caddy reverse proxy)
|
|
- 40021 (vsftpd passive FTP)
|
|
- 2019 (Caddy admin API — localhost)
|
|
- 53 (systemd-resolved — localhost)
|
|
|
|
## SSH Hardening
|
|
- PasswordAuthentication: no ✅
|
|
- PermitRootLogin: without-password ✅
|
|
- PubkeyAuthentication: yes ✅
|
|
|
|
## Known Firewall State
|
|
UFW: ACTIVE ✅
|
|
Rules: SSH (LIMIT from LAN), 80/443 (ALLOW), 40021 (ALLOW), 40000-40010 (ALLOW — FTP passive)
|
|
|
|
## Known Issues at Baseline
|
|
- fail2ban not active
|
|
- vsftpd running (FTP) — known for flourishevents site
|
|
- User `stijn` exists (/var/www/flourishevents) — web service account
|