41 lines
1.4 KiB
Markdown
41 lines
1.4 KiB
Markdown
# Forge (192.168.1.16) — Security Baseline
|
|
Established: 2026-02-22
|
|
|
|
## SSH Authorized Keys (johan)
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4TEk5EWIwLM3+/pU/H5qxZQlNUvIcxj72bYhYOZeQZ james@server
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4vdTyAAgy6PTsTLy64zQ8HwB3n3N3HQ3VfpLnItN7f johan@ubuntu2404
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICvQUpzuHN/+4xIS5dZSUY1Me7c17EhHRJdP5TkrfD39 claude@macbook
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIpdYKhUPal5p9oI6kN85PAB7oZ+j0P2+xCzvt1rord6 johanjongsma@Johans-MacBook-Pro.local
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5hDM45kOB8jxk+M4Kk9in9bpwZ90sSZsPBMbzJRkbF johan@thinkpad-x1
|
|
|
|
## Expected Users (uid>=1000)
|
|
nobody:65534 (system)
|
|
johan:1000
|
|
|
|
## Expected Listening Ports
|
|
- 22 (SSH)
|
|
- 21 (vsftpd — known, ⚠️ review if needed)
|
|
- 139/445 (Samba)
|
|
- 8030 (message-bridge — all interfaces)
|
|
- 8080 (signal-cli — all interfaces)
|
|
- 8090 (OCR service — all interfaces)
|
|
- 9200 (james-dashboard)
|
|
- 9201 (docsys)
|
|
- 9202 (Fully dashboard)
|
|
- 9300 (dealroom)
|
|
- 9877/9878 (node)
|
|
- 9900 (docproc)
|
|
- 18789 (openclaw-gateway — all interfaces)
|
|
- 18792 (openclaw browser — localhost)
|
|
- 11434 (ollama — localhost)
|
|
- 8025 (message-center — localhost)
|
|
- 13001 (SSH tunnel to zurich:3001 — localhost)
|
|
|
|
## Known Firewall State
|
|
UFW: NOT INSTALLED — ⚠️ no host firewall (relying on router/network controls)
|
|
|
|
## Known Issues at Baseline
|
|
- UFW not installed (known deficiency)
|
|
- fail2ban not active
|
|
- vsftpd running on port 21 — needs review
|