[2025-08-22 22:32:22] [INFO] Starting comprehensive system audit on lenovo420 [2025-08-22 22:32:22] [INFO] Output directory: /tmp/system_audit_lenovo420_20250822_223222 [2025-08-22 22:32:22] [INFO] Script version: 2.0 [2025-08-22 22:32:22] [INFO] Validating environment and dependencies... [2025-08-22 22:32:22] [WARN] Optional tool not found: podman [2025-08-22 22:32:22] [WARN] Optional tool not found: vnstat [2025-08-22 22:32:22] [INFO] Environment validation completed [2025-08-22 22:32:22] [INFO] Running with root privileges [2025-08-22 22:32:22] [INFO] Running module: collect_system_info ==== SYSTEM INFORMATION ==== --- Basic System Details --- Hostname: lenovo420 FQDN: lenovo420 IP Addresses: 192.168.50.66 192.168.50.69 100.98.144.95 172.20.0.1 172.21.0.1 172.23.0.1 172.17.0.1 172.18.0.1 172.22.0.1 Date/Time: Fri Aug 22 10:32:22 PM EDT 2025 Uptime: 22:32:22 up 15:36, 1 user, load average: 0.06, 0.26, 0.39 Load Average: 0.06 0.26 0.39 1/509 664511 Architecture: x86_64 Kernel: 6.14.0-28-generic Distribution: Ubuntu 24.04.3 LTS Kernel Version: #28~24.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Jul 25 10:47:01 UTC 2 --- Hardware Information --- Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 36 bits physical, 48 bits virtual Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Vendor ID: GenuineIntel BIOS Vendor ID: Intel(R) Corporation Model name: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz BIOS Model name: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz None CPU @ 2.5GHz BIOS CPU family: 205 CPU family: 6 Model: 42 Thread(s) per core: 2 Core(s) per socket: 2 Socket(s): 1 Stepping: 7 CPU(s) scaling MHz: 93% CPU max MHz: 3200.0000 CPU min MHz: 800.0000 BogoMIPS: 4983.37 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm epb pti ssbd ibrs ibpb stibp xsaveopt dtherm ida arat pln pts md_clear flush_l1d L1d cache: 64 KiB (2 instances) L1i cache: 64 KiB (2 instances) L2 cache: 512 KiB (2 instances) L3 cache: 3 MiB (1 instance) NUMA node(s): 1 NUMA node0 CPU(s): 0-3 Vulnerability Gather data sampling: Not affected Vulnerability Ghostwrite: Not affected Vulnerability Indirect target selection: Not affected Vulnerability Itlb multihit: KVM: Mitigation: VMX unsupported Vulnerability L1tf: Mitigation; PTE Inversion Vulnerability Mds: Mitigation; Clear CPU buffers; SMT vulnerable Vulnerability Meltdown: Mitigation; PTI Vulnerability Mmio stale data: Unknown: No mitigations Vulnerability Reg file data sampling: Not affected Vulnerability Retbleed: Not affected Vulnerability Spec rstack overflow: Not affected Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Vulnerability Spectre v2: Mitigation; Retpolines; IBPB conditional; IBRS_FW; STIBP conditional; RSB filling; PBRSB-eIBRS Not affected; BHI Not affected Vulnerability Srbds: Not affected Vulnerability Tsx async abort: Not affected total used free shared buff/cache available Mem: 15Gi 1.4Gi 11Gi 2.2Mi 2.7Gi 14Gi Swap: 3.7Gi 0B 3.7Gi Filesystem Size Used Avail Use% Mounted on tmpfs 1.6G 1.7M 1.6G 1% /run /dev/sda2 468G 30G 416G 7% / tmpfs 7.8G 324K 7.8G 1% /dev/shm tmpfs 5.0M 12K 5.0M 1% /run/lock efivarfs 56K 19K 33K 36% /sys/firmware/efi/efivars /dev/sda1 1.1G 6.2M 1.1G 1% /boot/efi /dev/sdb1 117G 2.1M 111G 1% /mnt/sdb tmpfs 1.6G 132K 1.6G 1% /run/user/1000 //192.168.50.229/pictures 17T 2.8T 14T 17% /mnt/omv_immich_pics //192.168.50.229/immich 17T 2.8T 14T 17% /mnt/omv_immich_smb 192.168.50.107:/export/t420_backup 7.3T 306G 7.0T 5% /mnt/omv-backup overlay 468G 30G 416G 7% /var/lib/docker/overlay2/4cad63c70a53404193aced3da9d8fe330cb9e0a9938ef1a4016bfac90099dba3/merged overlay 468G 30G 416G 7% /var/lib/docker/overlay2/cc14f7164c79ede3d689254e40d118fb130eddb68ba1101e10d6ad2de7d2c070/merged overlay 468G 30G 416G 7% /var/lib/docker/overlay2/3c6688e6e5511e85599e0b5f71924539e1738d587cf48a8e8054444a6af57549/merged overlay 468G 30G 416G 7% /var/lib/docker/overlay2/3433eb860df705d53faf849691eabd1d0c82505c222b48ffc58ca04461c3764c/merged overlay 468G 30G 416G 7% /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 476.9G 0 disk ├─sda1 8:1 0 1G 0 part /boot/efi └─sda2 8:2 0 475.9G 0 part / sdb 8:16 0 119.2G 0 disk └─sdb1 8:17 0 119.2G 0 part /mnt/sdb 00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM Controller (rev 09) 00:01.0 PCI bridge: Intel Corporation Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port (rev 09) 00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09) 00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04) 00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (Lewisville) (rev 04) 00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 04) 00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 04) 00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 (rev b4) 00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 2 (rev b4) 00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4 (rev b4) 00:1c.4 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 5 (rev b4) 00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 04) 00:1f.0 ISA bridge: Intel Corporation QM67 Express Chipset LPC Controller (rev 04) 00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset Family 6 port Mobile SATA AHCI Controller (rev 04) 00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller (rev 04) 01:00.0 VGA compatible controller: NVIDIA Corporation GF119M [Quadro NVS 4200M] (rev a1) 01:00.1 Audio device: NVIDIA Corporation GF119 HDMI Audio Controller (rev a1) 03:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE 802.11b/g/n WiFi Adapter (rev 01) 0d:00.0 System peripheral: Ricoh Co Ltd PCIe SDXC/MMC Host Controller (rev 05) 0d:00.3 FireWire (IEEE 1394): Ricoh Co Ltd R5C832 PCIe IEEE 1394 Controller (rev 04) Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 003: ID 17ef:1003 Lenovo Integrated Smart Card Reader Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub [2025-08-22 22:32:23] [INFO] Running module: collect_network_info ==== NETWORK INFORMATION ==== --- Network Interfaces --- 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s25: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:21:cc:ba:42:65 brd ff:ff:ff:ff:ff:ff inet 192.168.50.66/24 brd 192.168.50.255 scope global noprefixroute enp0s25 valid_lft forever preferred_lft forever 3: wlp3s0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 60:d8:19:c5:59:f8 brd ff:ff:ff:ff:ff:ff inet 192.168.50.69/24 brd 192.168.50.255 scope global dynamic noprefixroute wlp3s0 valid_lft 28647sec preferred_lft 28647sec 4: tailscale0: mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 100.98.144.95/32 scope global tailscale0 valid_lft forever preferred_lft forever 5: br-4b4f41534d72: mtu 1500 qdisc noqueue state UP group default link/ether 66:6a:1c:cd:00:ca brd ff:ff:ff:ff:ff:ff inet 172.20.0.1/16 brd 172.20.255.255 scope global br-4b4f41534d72 valid_lft forever preferred_lft forever 6: docker_gwbridge: mtu 1500 qdisc noqueue state DOWN group default link/ether c6:d9:8a:d2:be:85 brd ff:ff:ff:ff:ff:ff inet 172.21.0.1/16 brd 172.21.255.255 scope global docker_gwbridge valid_lft forever preferred_lft forever 7: br-7a25a14fd4a2: mtu 1500 qdisc noqueue state UP group default link/ether aa:42:85:27:f6:45 brd ff:ff:ff:ff:ff:ff inet 172.23.0.1/16 brd 172.23.255.255 scope global br-7a25a14fd4a2 valid_lft forever preferred_lft forever 8: docker0: mtu 1500 qdisc noqueue state UP group default link/ether ea:3c:46:d4:04:15 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 9: br-a5423f4f5dbc: mtu 1500 qdisc noqueue state DOWN group default link/ether 4a:5e:06:31:6e:76 brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a5423f4f5dbc valid_lft forever preferred_lft forever 10: br-248549b3cdb3: mtu 1500 qdisc noqueue state UP group default link/ether 5e:52:c0:84:f5:67 brd ff:ff:ff:ff:ff:ff inet 172.22.0.1/16 brd 172.22.255.255 scope global br-248549b3cdb3 valid_lft forever preferred_lft forever 11: veth917d4d4@if2: mtu 1500 qdisc noqueue master br-7a25a14fd4a2 state UP group default link/ether 56:a3:1b:a4:dc:8f brd ff:ff:ff:ff:ff:ff link-netnsid 0 13: veth70e48c6@if2: mtu 1500 qdisc noqueue master docker0 state UP group default link/ether c2:6a:6d:db:b1:92 brd ff:ff:ff:ff:ff:ff link-netnsid 2 14: vetha855178@if2: mtu 1500 qdisc noqueue master br-4b4f41534d72 state UP group default link/ether a6:a4:a2:8d:63:14 brd ff:ff:ff:ff:ff:ff link-netnsid 3 15: vethdfadbad@if2: mtu 1500 qdisc noqueue master docker0 state UP group default link/ether d6:3c:01:9a:f6:03 brd ff:ff:ff:ff:ff:ff link-netnsid 4 16: veth89f8fb0@if2: mtu 1500 qdisc noqueue master br-248549b3cdb3 state UP group default link/ether ca:26:3b:d8:0a:6b brd ff:ff:ff:ff:ff:ff link-netnsid 5 default via 192.168.50.1 dev enp0s25 proto static metric 100 default via 192.168.50.1 dev wlp3s0 proto dhcp src 192.168.50.69 metric 600 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 172.18.0.0/16 dev br-a5423f4f5dbc proto kernel scope link src 172.18.0.1 linkdown 172.20.0.0/16 dev br-4b4f41534d72 proto kernel scope link src 172.20.0.1 172.21.0.0/16 dev docker_gwbridge proto kernel scope link src 172.21.0.1 linkdown 172.22.0.0/16 dev br-248549b3cdb3 proto kernel scope link src 172.22.0.1 172.23.0.0/16 dev br-7a25a14fd4a2 proto kernel scope link src 172.23.0.1 192.168.50.0/24 dev enp0s25 proto kernel scope link src 192.168.50.66 metric 100 192.168.50.0/24 dev wlp3s0 proto kernel scope link src 192.168.50.69 metric 600 # resolv.conf(5) file generated by tailscale # For more info, see https://tailscale.com/s/resolvconf-overwrite # DO NOT EDIT THIS FILE BY HAND -- CHANGES WILL BE OVERWRITTEN nameserver 100.100.100.100 search tail6ca08d.ts.net tailscale.com lan Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* udp UNCONN 0 0 127.0.0.1:8125 0.0.0.0:* udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* udp UNCONN 0 0 127.0.0.1:680 0.0.0.0:* udp UNCONN 0 0 0.0.0.0:41641 0.0.0.0:* udp UNCONN 0 0 0.0.0.0:42133 0.0.0.0:* udp UNCONN 0 0 0.0.0.0:34044 0.0.0.0:* udp UNCONN 0 0 [::]:52462 [::]:* udp UNCONN 0 0 [::]:5353 [::]:* udp UNCONN 0 0 *:7443 *:* udp UNCONN 0 0 [::]:48486 [::]:* udp UNCONN 0 0 *:56684 *:* udp UNCONN 0 0 [::]:111 [::]:* udp UNCONN 0 0 [::]:41641 [::]:* tcp LISTEN 0 4096 0.0.0.0:10300 0.0.0.0:* tcp LISTEN 0 4096 127.0.0.1:8125 0.0.0.0:* tcp LISTEN 0 4096 0.0.0.0:9001 0.0.0.0:* tcp LISTEN 0 4096 0.0.0.0:9080 0.0.0.0:* tcp LISTEN 0 64 0.0.0.0:41849 0.0.0.0:* tcp LISTEN 0 4096 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 4096 0.0.0.0:111 0.0.0.0:* tcp LISTEN 0 4096 0.0.0.0:42387 0.0.0.0:* tcp LISTEN 0 4096 127.0.0.1:19999 0.0.0.0:* tcp LISTEN 0 100 127.0.0.1:25 0.0.0.0:* tcp LISTEN 0 4096 100.98.144.95:32803 0.0.0.0:* tcp LISTEN 0 64 [::]:43687 [::]:* tcp LISTEN 0 4096 [::]:44487 [::]:* tcp LISTEN 0 4096 [::]:22 [::]:* tcp LISTEN 0 4096 [::]:111 [::]:* tcp LISTEN 0 4096 *:7443 *:* Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("orb",pid=827,fd=10)) udp UNCONN 0 0 127.0.0.1:8125 0.0.0.0:* users:(("netdata",pid=1269,fd=330)) udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=606,fd=5),("systemd",pid=1,fd=257)) udp UNCONN 0 0 127.0.0.1:680 0.0.0.0:* users:(("rpc.statd",pid=2200,fd=5)) udp UNCONN 0 0 0.0.0.0:41641 0.0.0.0:* users:(("tailscaled",pid=992,fd=17)) udp UNCONN 0 0 0.0.0.0:42133 0.0.0.0:* users:(("rpc.statd",pid=2200,fd=8)) udp UNCONN 0 0 0.0.0.0:34044 0.0.0.0:* udp UNCONN 0 0 [::]:52462 [::]:* users:(("rpc.statd",pid=2200,fd=10)) udp UNCONN 0 0 [::]:5353 [::]:* users:(("orb",pid=827,fd=11)) udp UNCONN 0 0 *:7443 *:* users:(("orb",pid=827,fd=12)) udp UNCONN 0 0 [::]:48486 [::]:* udp UNCONN 0 0 *:56684 *:* users:(("orb",pid=827,fd=25)) udp UNCONN 0 0 [::]:111 [::]:* users:(("rpcbind",pid=606,fd=7),("systemd",pid=1,fd=259)) udp UNCONN 0 0 [::]:41641 [::]:* users:(("tailscaled",pid=992,fd=16)) tcp LISTEN 0 4096 0.0.0.0:10300 0.0.0.0:* users:(("docker-proxy",pid=2995,fd=7)) tcp LISTEN 0 4096 127.0.0.1:8125 0.0.0.0:* users:(("netdata",pid=1269,fd=340)) tcp LISTEN 0 4096 0.0.0.0:9001 0.0.0.0:* users:(("docker-proxy",pid=3055,fd=7)) tcp LISTEN 0 4096 0.0.0.0:9080 0.0.0.0:* users:(("docker-proxy",pid=3029,fd=7)) tcp LISTEN 0 64 0.0.0.0:41849 0.0.0.0:* tcp LISTEN 0 4096 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1004,fd=3),("systemd",pid=1,fd=121)) tcp LISTEN 0 4096 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=606,fd=4),("systemd",pid=1,fd=256)) tcp LISTEN 0 4096 0.0.0.0:42387 0.0.0.0:* users:(("rpc.statd",pid=2200,fd=9)) tcp LISTEN 0 4096 127.0.0.1:19999 0.0.0.0:* users:(("netdata",pid=1269,fd=6)) tcp LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=1895,fd=13)) tcp LISTEN 0 4096 100.98.144.95:32803 0.0.0.0:* users:(("tailscaled",pid=992,fd=32)) tcp LISTEN 0 64 [::]:43687 [::]:* tcp LISTEN 0 4096 [::]:44487 [::]:* users:(("rpc.statd",pid=2200,fd=11)) tcp LISTEN 0 4096 [::]:22 [::]:* users:(("sshd",pid=1004,fd=4),("systemd",pid=1,fd=122)) tcp LISTEN 0 4096 [::]:111 [::]:* users:(("rpcbind",pid=606,fd=6),("systemd",pid=1,fd=258)) tcp LISTEN 0 4096 *:7443 *:* users:(("orb",pid=827,fd=13)) Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 101050 1895 0 0 0 0 0 0 101050 1895 0 0 0 0 0 0 enp0s25: 286060248 1063469 0 1 0 0 0 344236 81649499 438415 0 0 0 0 0 0 wlp3s0: 25241828 120668 0 3392 0 0 0 0 674396 2213 0 0 0 0 0 0 tailscale0: 153150127 2127190 0 0 0 0 0 0 153729984 2128902 0 0 0 0 0 0 br-4b4f41534d72: 84 3 0 0 0 0 0 0 596638 1872 0 2 0 0 0 0 docker_gwbridge: 0 0 0 0 0 0 0 0 0 0 0 1875 0 0 0 0 br-7a25a14fd4a2: 2029 16 0 0 0 0 0 0 598639 1887 0 2 0 0 0 0 docker0: 15710593 15744 0 0 0 0 0 0 3364003 17113 0 3 0 0 0 0 br-a5423f4f5dbc: 0 0 0 0 0 0 0 0 0 0 0 1875 0 0 0 0 br-248549b3cdb3: 554381 3205 0 0 0 0 0 0 1818456 5379 0 2 0 0 0 0 veth917d4d4: 2253 16 0 0 0 0 0 0 598639 1887 0 0 0 0 0 0 veth70e48c6: 5606 71 0 0 0 0 0 0 642981 2885 0 0 0 0 0 0 vetha855178: 126 3 0 0 0 0 0 0 596638 1872 0 0 0 0 0 0 vethdfadbad: 15885881 14732 0 0 0 0 0 0 3397233 17988 0 0 0 0 0 0 veth89f8fb0: 599251 3205 0 0 0 0 0 0 1818456 5379 0 0 0 0 0 0 Interface: enp0s25 Speed: 1000Mb/s Duplex: Full Link detected: yes Interface: wlp3s0 Link detected: yes Interface: tailscale0 Speed: Unknown! Duplex: Full Link detected: yes Interface: br-4b4f41534d72 Speed: 10000Mb/s Duplex: Unknown! (255) Link detected: yes Interface: docker_gwbridge Speed: Unknown! Duplex: Unknown! (255) Link detected: no Interface: br-7a25a14fd4a2 Speed: 10000Mb/s Duplex: Unknown! (255) Link detected: yes Interface: docker0 Speed: 10000Mb/s Duplex: Unknown! (255) Link detected: yes Interface: br-a5423f4f5dbc Speed: Unknown! Duplex: Unknown! (255) Link detected: no Interface: br-248549b3cdb3 Speed: 10000Mb/s Duplex: Unknown! (255) Link detected: yes Interface: veth917d4d4@if2 Interface: veth70e48c6@if2 Interface: vetha855178@if2 Interface: vethdfadbad@if2 Interface: veth89f8fb0@if2 vnstat not installed --- Firewall Status --- Status: inactive Chain INPUT (policy ACCEPT) target prot opt source destination ts-input 0 -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER-FORWARD 0 -- 0.0.0.0/0 0.0.0.0/0 ts-forward 0 -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (6 references) target prot opt source destination ACCEPT 6 -- 0.0.0.0/0 172.17.0.4 tcp dpt:9001 ACCEPT 6 -- 0.0.0.0/0 172.23.0.2 tcp dpt:80 ACCEPT 6 -- 0.0.0.0/0 172.17.0.3 tcp dpt:10300 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-BRIDGE (1 references) target prot opt source destination DOCKER 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER 0 -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-CT (1 references) target prot opt source destination ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED Chain DOCKER-FORWARD (1 references) target prot opt source destination DOCKER-CT 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-1 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER-BRIDGE 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-2 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-2 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-2 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-2 0 -- 0.0.0.0/0 0.0.0.0/0 DOCKER-ISOLATION-STAGE-2 0 -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-ISOLATION-STAGE-2 (6 references) target prot opt source destination DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 DROP 0 -- 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) target prot opt source destination Chain ts-forward (1 references) target prot opt source destination MARK 0 -- 0.0.0.0/0 0.0.0.0/0 MARK xset 0x40000/0xff0000 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 mark match 0x40000/0xff0000 DROP 0 -- 100.64.0.0/10 0.0.0.0/0 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 Chain ts-input (1 references) target prot opt source destination ACCEPT 0 -- 100.98.144.95 0.0.0.0/0 RETURN 0 -- 100.115.92.0/23 0.0.0.0/0 DROP 0 -- 100.64.0.0/10 0.0.0.0/0 ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 ACCEPT 17 -- 0.0.0.0/0 0.0.0.0/0 udp dpt:41641 [2025-08-22 22:32:23] [INFO] Running module: collect_container_info ==== CONTAINER INFORMATION ==== --- Docker Information --- Docker version 28.3.3, build 980b856 Client: Docker Engine - Community Version: 28.3.3 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.26.1 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.39.1 Path: /usr/libexec/docker/cli-plugins/docker-compose Server: Containers: 9 Running: 5 Paused: 0 Stopped: 4 Images: 8 Server Version: 28.3.3 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog CDI spec directories: /etc/cdi /var/run/cdi Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da runc version: v1.2.5-0-g59923ef init version: de40ad0 Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 6.14.0-28-generic Operating System: Ubuntu 24.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 15.51GiB Name: lenovo420 ID: c05c5aad-e416-4682-80e9-9645e82163bf Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: ::1/128 127.0.0.0/8 Live Restore Enabled: false CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f98c54046fb5 portainer/agent:latest "./agent" 2 days ago Up 16 hours 0.0.0.0:9001->9001/tcp portainer_agent 704876598a27 linuxserver/duckdns:latest "/init" 11 days ago Up 16 hours duckdns c338f607b273 dalehumby/openwakeword-rhasspy "python3 -u detect.p…" 2 weeks ago Restarting (1) 42 seconds ago openwakeword 3adb056a4df2 rhasspy/wyoming-whisper "bash /run.sh --mode…" 2 weeks ago Up 16 hours 0.0.0.0:10300->10300/tcp wyoming-whisper e2c00abd1192 eclipse-mosquitto:latest "/docker-entrypoint.…" 2 weeks ago Exited (0) 3 days ago mosquitto f10bb67d4491 iib0011/omni-tools:latest "/docker-entrypoint.…" 3 weeks ago Up 16 hours 0.0.0.0:9080->80/tcp omni-tools 1498684e581c 9f786420f676 "./agent" 4 weeks ago Created portainer_agent.zmu0r2vqwlgmnlwgjrip6085w.3oxnmdnh51b8rdfzxbcpzf57n 2d6d1c4f83dd filebrowser/filebrowser:latest "tini -- /init.sh --…" 4 weeks ago Restarting (1) 43 seconds ago sad_moser d269ab80f8a5 containrrr/watchtower "/watchtower --clean…" 3 months ago Up 16 hours (healthy) 8080/tcp watchtower-watchtower-1 REPOSITORY TAG IMAGE ID CREATED SIZE portainer/agent latest e1090181a1bf 3 days ago 138MB linuxserver/duckdns latest 5ffaa03b018d 11 days ago 35.3MB iib0011/omni-tools latest 7d602f56a5bf 3 weeks ago 85.4MB filebrowser/filebrowser latest 5cffd496f05f 4 weeks ago 22MB eclipse-mosquitto latest 42292b8c6592 6 weeks ago 10.3MB rhasspy/wyoming-whisper latest 07c182a447fb 8 months ago 562MB containrrr/watchtower latest e7dd50d07b86 21 months ago 14.7MB dalehumby/openwakeword-rhasspy latest 1cd12359962d 2 years ago 641MB NETWORK ID NAME DRIVER SCOPE a1b3d1597912 bridge bridge local 59e6c60c3bcd docker_gwbridge bridge local 248549b3cdb3 duckdns_network bridge local 08ebc182bcd2 host host local 088f1ef0e2cd none null local 7a25a14fd4a2 omnitools_default bridge local a5423f4f5dbc porainer-agent_default bridge local 4b4f41534d72 watchtower_default bridge local DRIVER VOLUME NAME local 0a7442ab01a2d7992dad77a9b74a38021e48a96635b214f97eb46b626aae8103 local 2d4a49251ab08abfcdb80a6d7cdfb335b7cda1b7d4e7ee1a7f84a4641b46de16 local 7b7b1cbb90636432be2d6d5b28b533254bae2d63bdaccd57b03fa3c7d577085e local 890112767db1aca83faf31461b6f2142af9d9b1b5cf0ac172ec2e6600a07c27b local bbf0315555dbaa76dde0e8f6d666e54db7c8ad42bba6c0a198203945d30d1be5 local c3f792d6fa811027c724a4ed4bbb029b64b8ac0c2c81150baea556f7638f59da local d73ba3ca93d5eb004f269eadc9aced0c158a2807a5981415cbcb1830f20c3c90 local dc913ee5a837413a55bc0b6c5493c487c2ce112938a37df929731421b22b43d2 /home/jon/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/sqlx-0.8.6/tests/docker-compose.yml /home/jon/docker/porainer-agent/docker-compose.yml portainer_agent portainer/agent:latest 0.0.0.0:9001->9001/tcp watchtower-watchtower-1 containrrr/watchtower 8080/tcp CONTAINER CPU % MEM USAGE / LIMIT NET I/O f98c54046fb5 0.00% 70.14MiB / 15.51GiB 3.4MB / 15.9MB 704876598a27 0.01% 15.51MiB / 15.51GiB 1.82MB / 599kB c338f607b273 0.00% 0B / 0B 0B / 0B 3adb056a4df2 0.00% 170.4MiB / 15.51GiB 643kB / 5.61kB f10bb67d4491 0.00% 11.89MiB / 15.51GiB 599kB / 2.25kB 2d6d1c4f83dd 0.00% 0B / 0B 0B / 0B d269ab80f8a5 0.00% 16.29MiB / 15.51GiB 597kB / 126B Docker Socket Permissions: srw-rw---- 1 root docker 0 Aug 22 06:55 /var/run/docker.sock [2025-08-22 22:32:31] [INFO] Running module: collect_software_info ==== SOFTWARE INFORMATION ==== --- Installed Packages --- Installed Debian/Ubuntu packages: Package list saved to packages_dpkg.txt (2243 packages) Available Security Updates: --- Running Services --- UNIT LOAD ACTIVE SUB DESCRIPTION containerd.service loaded active running containerd container runtime cron.service loaded active running Regular background program processing daemon dbus.service loaded active running D-Bus System Message Bus docker.service loaded active running Docker Application Container Engine fail2ban.service loaded active running Fail2Ban Service getty@tty1.service loaded active running Getty on tty1 kerneloops.service loaded active running Tool to automatically collect and submit kernel crash signatures netdata.service loaded active running Netdata, X-Ray Vision for your infrastructure! networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd NetworkManager.service loaded active running Network Manager orb.service loaded active running Orb Sensor polkit.service loaded active running Authorization Manager postfix@-.service loaded active running Postfix Mail Transport Agent (instance -) rpc-statd.service loaded active running NFS status monitor for NFSv2/3 locking. rpcbind.service loaded active running RPC bind portmap service rsyslog.service loaded active running System Logging Service rtkit-daemon.service loaded active running RealtimeKit Scheduling Policy Service ssh.service loaded active running OpenBSD Secure Shell server systemd-journald.service loaded active running Journal Service systemd-journald@netdata.service loaded active running Journal Service for Namespace netdata systemd-logind.service loaded active running User Login Management systemd-resolved.service loaded active running Network Name Resolution systemd-timesyncd.service loaded active running Network Time Synchronization systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files tailscaled.service loaded active running Tailscale node agent unattended-upgrades.service loaded active running Unattended Upgrades Shutdown user@1000.service loaded active running User Manager for UID 1000 wpa_supplicant.service loaded active running WPA supplicant Legend: LOAD → Reflects whether the unit definition was properly loaded. ACTIVE → The high-level unit activation state, i.e. generalization of SUB. SUB → The low-level unit activation state, values depend on unit type. 28 loaded units listed. UNIT FILE STATE PRESET accounts-daemon.service enabled enabled anacron.service enabled enabled apparmor.service enabled enabled apport.service enabled enabled blueman-mechanism.service enabled enabled bluetooth.service enabled enabled cloud-config.service enabled enabled cloud-final.service enabled enabled cloud-init-local.service enabled enabled cloud-init.service enabled enabled console-setup.service enabled enabled containerd.service enabled enabled cron.service enabled enabled dmesg.service enabled enabled docker.service enabled enabled e2scrub_reap.service enabled enabled fail2ban.service enabled enabled getty@.service enabled enabled gnome-remote-desktop.service enabled enabled gpu-manager.service enabled enabled group-admin-daemon.service enabled enabled grub-common.service enabled enabled grub-initrd-fallback.service enabled enabled kerneloops.service enabled enabled keyboard-setup.service enabled enabled netdata.service enabled enabled networkd-dispatcher.service enabled enabled networking.service enabled enabled NetworkManager-dispatcher.service enabled enabled NetworkManager-wait-online.service enabled enabled NetworkManager.service enabled enabled openvpn.service enabled enabled orb.service enabled enabled postfix.service enabled enabled power-profiles-daemon.service enabled enabled rpcbind.service enabled enabled rsyslog.service enabled enabled secureboot-db.service enabled enabled setvtrgb.service enabled enabled ssh.service enabled enabled ssl-cert.service enabled enabled sssd.service enabled enabled switcheroo-control.service enabled enabled sysstat.service enabled enabled systemd-pstore.service enabled enabled systemd-resolved.service enabled enabled systemd-timesyncd.service enabled enabled tailscaled.service enabled enabled ua-reboot-cmds.service enabled enabled ubuntu-advantage.service enabled enabled ufw.service enabled enabled unattended-upgrades.service enabled enabled wpa_supplicant.service enabled enabled 53 unit files listed. --- Running Processes --- USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND netdata 1269 5.2 2.9 1302652 480844 ? Ssl 06:56 49:17 /usr/sbin/netdata -P /run/netdata/netdata.pid -D orb 827 4.8 0.4 2352380 69012 ? Ssl 06:55 45:08 /usr/bin/orb sensor netdata 4421 3.7 0.0 99824 8768 ? Sl 06:56 35:00 /usr/libexec/netdata/plugins.d/apps.plugin 1 root 992 3.5 0.4 1320956 65860 ? Ssl 06:55 33:23 /usr/sbin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port=41641 root 831 2.3 0.0 18524 8944 ? Ss 06:55 21:49 /usr/lib/systemd/systemd-logind root 664441 2.3 0.1 41392 26844 ? S 22:32 0:00 /usr/bin/python3 /home/jon/.ansible/tmp/ansible-tmp-1755916343.826615-1099188-252615267208741/AnsiballZ_command.py root 1186 2.0 0.5 2870956 93472 ? Ssl 06:56 19:04 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock netdata 4415 0.9 0.6 1351616 110284 ? Sl 06:56 9:17 /usr/libexec/netdata/plugins.d/go.d.plugin 1 jon 663947 0.8 0.0 18240 8528 ? S 22:32 0:00 sshd: jon@notty root 664465 0.7 0.0 10600 4004 ? S 22:32 0:00 bash /tmp/linux_system_audit.sh root 998 0.4 0.3 2320072 54612 ? Ssl 06:55 3:47 /usr/bin/containerd netdata 4413 0.3 0.0 203960 6860 ? Sl 06:56 2:57 /usr/libexec/netdata/plugins.d/systemd-journal.plugin 1 root 1198 0.3 0.3 91240 50204 ? Ss 06:56 2:56 /usr/lib/systemd/systemd-journald netdata netdata 4387 0.3 0.0 87976 5868 ? Sl 06:56 2:51 /usr/libexec/netdata/plugins.d/debugfs.plugin 1 root 56 0.2 0.0 0 0 ? S 06:55 2:25 [irq/9-acpi] root 18 0.2 0.0 0 0 ? I 06:55 1:57 [rcu_preempt] message+ 822 0.1 0.0 10396 5508 ? Ss 06:55 1:51 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 985 0.1 0.3 1258580 62500 ? Ssl 06:55 1:48 /usr/bin/python3 /usr/bin/fail2ban-server -xf start root 663861 0.1 0.0 17232 10468 ? Ss 22:31 0:00 sshd: jon [priv] systemd-+-NetworkManager---3*[{NetworkManager}] |-agetty |-containerd---14*[{containerd}] |-containerd-shim-+-nginx---4*[nginx] | `-11*[{containerd-shim}] |-containerd-shim-+-agent---6*[{agent}] | `-11*[{containerd-shim}] |-containerd-shim-+-bash---python3---7*[{python3}] | `-11*[{containerd-shim}] |-containerd-shim-+-s6-svscan-+-s6-supervise---s6-linux-init-s | | |-s6-supervise---busybox---sh---sleep | | |-s6-supervise | | `-s6-supervise---s6-ipcserverd | `-11*[{containerd-shim}] |-containerd-shim-+-watchtower---7*[{watchtower}] | `-11*[{containerd-shim}] |-cron |-dbus-daemon |-dockerd-+-docker-proxy---8*[{docker-proxy}] | |-docker-proxy---6*[{docker-proxy}] | |-docker-proxy---7*[{docker-proxy}] | `-21*[{dockerd}] |-fail2ban-server---4*[{fail2ban-server}] |-2*[kerneloops] |-master-+-pickup | |-qmgr | `-showq |-netdata-+-spawn-plugins-+-NETWORK-VIEWER-+-spawn-setns | | | `-6*[{NETWORK-VIEWER}] | | |-apps.plugin---2*[{apps.plugin}] | | |-bash | | |-debugfs.plugin---{debugfs.plugin} | | |-ebpf.plugin---5*[{ebpf.plugin}] | | |-go.d.plugin---12*[{go.d.plugin}] | | |-nfacct.plugin | | `-sd-jrnl.plugin---7*[{sd-jrnl.plugin}] | `-75*[{netdata}] |-networkd-dispat |-orb---15*[{orb}] |-polkitd---3*[{polkitd}] |-python3---python3---python3---bash-+-pstree | `-tee |-rpc.statd |-rpcbind |-rsyslogd---3*[{rsyslogd}] |-rtkit-daemon---2*[{rtkit-daemon}] |-sshd---sshd---sshd |-systemd-+-(sd-pam) | |-dbus-daemon | |-2*[pipewire---2*[{pipewire}]] | |-pipewire-pulse---2*[{pipewire-pulse}] | `-wireplumber---5*[{wireplumber}] |-2*[systemd-journal] |-systemd-logind |-systemd-resolve |-systemd-timesyn---{systemd-timesyn} |-systemd-udevd |-tailscaled---11*[{tailscaled}] |-unattended-upgr---{unattended-upgr} `-wpa_supplicant [2025-08-22 22:32:32] [INFO] Running module: collect_security_info ==== SECURITY ASSESSMENT ==== --- User Accounts --- root:x:0:0:root:/root:/bin/bash jon:x:1000:1000:Jon:/home/jon:/bin/bash orb:x:997:986::/home/orb:/bin/sh root sudo:x:27:jon jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) jon pts/0 100.81.202.21 Fri Aug 22 22:32 - 22:32 (00:00) wtmp begins Wed May 7 20:41:33 2025 --- SSH Configuration --- 2025-08-19T07:10:58.979370-04:00 lenovo420 sshd[2047973]: Failed password for jon from 100.96.2.115 port 56054 ssh2 2025-08-19T07:11:02.079755-04:00 lenovo420 sshd[2047973]: Failed password for jon from 100.96.2.115 port 56054 ssh2 2025-08-19T07:14:58.595287-04:00 lenovo420 sshd[6352]: Failed password for jon from 100.96.2.115 port 48812 ssh2 2025-08-19T07:15:02.184822-04:00 lenovo420 sshd[6352]: Failed password for jon from 100.96.2.115 port 48812 ssh2 2025-08-19T18:26:15.796821-04:00 lenovo420 sudo: jon : PWD=/home/jon ; USER=root ; COMMAND=/usr/bin/grep 'Failed password' /var/log/auth.log 2025-08-19T18:57:37.429172-04:00 lenovo420 sudo: jon : PWD=/home/jon ; USER=root ; COMMAND=/usr/bin/grep 'Failed password' /var/log/auth.log --- File Permissions and SUID --- /home/jon/.var/app/com.bitwarden.desktop/config/Bitwarden/data.json /var/lib/docker/overlay2/72c9e50e115143a3d9ebe49381adc1728dcd35216fbf2d35947ccc52b8eae955/diff/usr/bin/chsh /var/lib/docker/overlay2/72c9e50e115143a3d9ebe49381adc1728dcd35216fbf2d35947ccc52b8eae955/diff/usr/bin/chage /var/lib/docker/overlay2/72c9e50e115143a3d9ebe49381adc1728dcd35216fbf2d35947ccc52b8eae955/diff/usr/bin/chfn /var/lib/docker/overlay2/72c9e50e115143a3d9ebe49381adc1728dcd35216fbf2d35947ccc52b8eae955/diff/usr/bin/gpasswd /var/lib/docker/overlay2/72c9e50e115143a3d9ebe49381adc1728dcd35216fbf2d35947ccc52b8eae955/diff/usr/bin/expiry /var/lib/docker/overlay2/72c9e50e115143a3d9ebe49381adc1728dcd35216fbf2d35947ccc52b8eae955/diff/usr/bin/passwd /var/lib/docker/overlay2/72c9e50e115143a3d9ebe49381adc1728dcd35216fbf2d35947ccc52b8eae955/diff/usr/sbin/unix_chkpwd /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/usr/bin/passwd /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/usr/bin/chsh /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/usr/bin/chage /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/usr/bin/chfn /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/usr/bin/gpasswd /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/usr/bin/expiry /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/usr/sbin/unix_chkpwd /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/package/admin/s6-overlay-helpers-0.1.2.0/command/s6-overlay-suexec /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/usr/bin/chsh /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/usr/bin/chage /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/usr/bin/newgrp /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/usr/bin/chfn /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/usr/bin/gpasswd /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/usr/bin/expiry /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/usr/bin/passwd /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/bin/su /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/bin/mount /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/bin/umount /var/lib/docker/overlay2/28fcfae0c19647c603b812ade99fea3e66750375616c7f45acee27ce857a898a/diff/sbin/unix_chkpwd /var/lib/docker/overlay2/76aaea0718c919ebde88a897cb5516e918bb914af3524d3288d143713d33ed7a/diff/usr/bin/ssh-agent /var/lib/docker/overlay2/76aaea0718c919ebde88a897cb5516e918bb914af3524d3288d143713d33ed7a/diff/usr/lib/openssh/ssh-keysign /var/lib/docker/overlay2/d88ccc9bc080e7133f80803d5ff24eeb3c37d35e5f1bff34e275930064a1fcdc/diff/package/admin/s6-overlay-helpers-0.1.2.0/command/s6-overlay-suexec /var/lib/docker/overlay2/cc14f7164c79ede3d689254e40d118fb130eddb68ba1101e10d6ad2de7d2c070/merged/usr/bin/chsh WARNING: Potentially dangerous SUID binary found: /bin/su WARNING: Potentially dangerous SUID binary found: /usr/bin/sudo WARNING: Potentially dangerous SUID binary found: /usr/bin/passwd WARNING: Potentially dangerous SUID binary found: /usr/bin/chfn WARNING: Potentially dangerous SUID binary found: /usr/bin/chsh WARNING: Potentially dangerous SUID binary found: /usr/bin/gpasswd WARNING: Potentially dangerous SUID binary found: /usr/bin/newgrp WARNING: Potentially dangerous SUID binary found: /usr/bin/mount WARNING: Potentially dangerous SUID binary found: /usr/bin/umount /var/metrics /var/tmp /var/crash /var/lib/docker/overlay2/3c6688e6e5511e85599e0b5f71924539e1738d587cf48a8e8054444a6af57549/merged/var/tmp /var/lib/docker/overlay2/3c6688e6e5511e85599e0b5f71924539e1738d587cf48a8e8054444a6af57549/merged/tmp /var/lib/docker/overlay2/6d71e91ced5c89534020e2d17a2941ee52f4125842cbc2dc6950eb7a75c55d99/diff/tmp /var/lib/docker/overlay2/fea30032381ba5012f116670361a2b73b5247528f2be6676a8cfa310043dae96/diff/tmp /var/lib/docker/overlay2/fcc2da5563f36629f66f45ec638e558c35364f25ffbdfba4644e376cd40b0b72/diff/tmp /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/var/tmp /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged/tmp --- Cron Jobs --- */10 * * * * /usr/local/bin/clear_swap.sh 0 6 * * * /home/jon/borg_daily_backup.sh >> /home/jon/borg_backup.log 2>&1 total 32 drwxr-xr-x 2 root root 4096 Feb 18 2025 . drwxr-xr-x 154 root root 12288 Aug 22 06:50 .. -rw-r--r-- 1 root root 219 Nov 17 2023 anacron -rw-r--r-- 1 root root 201 Apr 8 2024 e2scrub_all -rw-r--r-- 1 root root 102 Mar 30 2024 .placeholder -rw-r--r-- 1 root root 396 Jan 9 2024 sysstat # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh # You can also override PATH, but by default, newer versions inherit it from the environment #PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.daily; } 47 6 * * 7 root test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.weekly; } 52 6 1 * * root test -x /usr/sbin/anacron || { cd / && run-parts --report /etc/cron.monthly; } # --- Shell History --- Analyzing: /home/jon/.bash_history WARNING: Pattern 'password' found in /home/jon/.bash_history WARNING: Pattern 'passwd' found in /home/jon/.bash_history WARNING: Pattern 'secret' found in /home/jon/.bash_history WARNING: Pattern 'token' found in /home/jon/.bash_history WARNING: Pattern 'key' found in /home/jon/.bash_history WARNING: Pattern 'database_url' found in /home/jon/.bash_history WARNING: Pattern 'auth' found in /home/jon/.bash_history WARNING: Pattern 'login' found in /home/jon/.bash_history Analyzing: /root/.bash_history No obvious sensitive patterns found --- Tailscale Configuration --- 100.98.144.95 lenovo420 jonpressnell@ linux - 100.118.220.45 audrey jonpressnell@ linux - 100.104.185.11 bpcp-b3722383fb jonpressnell@ windows offline 100.126.196.100 bpcp-s7g23273fb jonpressnell@ windows offline 100.81.202.21 fedora jonpressnell@ linux idle, tx 297892 rx 3358540 100.96.2.115 google-pixel-9-pro jonpressnell@ android - 100.107.248.69 ipad-10th-gen-wificellular jonpressnell@ iOS offline 100.123.118.16 jon-ser jonpressnell@ linux - 100.67.250.42 jonathan jonpressnell@ linux offline 100.99.235.80 lenovo jonpressnell@ linux - 100.78.26.112 omv800 jonpressnell@ linux - 100.65.76.70 qualcomm-go103 jonpressnell@ android offline 100.72.166.115 samsung-sm-g781u1 jonpressnell@ android offline 100.67.40.97 surface jonpressnell@ linux - 100.69.142.126 xreal-x4000 jonpressnell@ android offline # Health check: # - exit status 1 # - Tailscale can't reach the configured DNS servers. Internet connectivity may be affected. # - Tailscale failed to fetch the DNS configuration of your device: exit status 1 100.98.144.95 [2025-08-22 22:52:36] [INFO] Running module: run_vulnerability_scan ==== VULNERABILITY ASSESSMENT ==== --- Kernel Vulnerabilities --- 6.14.0-28-generic Current kernel: 6.14.0-28-generic Kernel major version: 6 Kernel minor version: 14 Risk Level: LOW Assessment: Kernel version is recent and likely secure Kernel Security Features: ASLR (Address Space Layout Randomization): ENABLED Dmesg restriction: ENABLED --- Open Ports Security Check --- [2025-08-22 22:52:36] [INFO] Running module: collect_env_info ==== ENVIRONMENT AND CONFIGURATION ==== --- Environment Variables --- SHELL=/bin/bash HOME=/root LANG=en_US.UTF-8 USER=root PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin --- Mount Points --- sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,relatime,size=8088916k,nr_inodes=2022229,mode=755,inode64) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=1625840k,mode=755,inode64) /dev/sda2 on / type ext4 (rw,relatime) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,inode64) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k,inode64) cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime) bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=2308) hugetlbfs on /dev/hugepages type hugetlbfs (rw,nosuid,nodev,relatime,pagesize=2M) debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime) mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime) configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime) fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime) /dev/sda1 on /boot/efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro) /dev/sdb1 on /mnt/sdb type ext4 (rw,relatime) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime) sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime) tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=1625836k,nr_inodes=406459,mode=700,uid=1000,gid=1000,inode64) //192.168.50.229/pictures on /mnt/omv_immich_pics type cifs (rw,nosuid,nodev,noexec,relatime,vers=3.0,sec=none,cache=strict,upcall_target=app,uid=1000,forceuid,gid=1000,forcegid,addr=192.168.50.229,file_mode=0770,dir_mode=0770,iocharset=utf8,soft,nounix,serverino,mapposix,reparse=nfs,nativesocket,symlink=native,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1,_netdev) //192.168.50.229/immich on /mnt/omv_immich_smb type cifs (rw,nosuid,nodev,noexec,relatime,vers=3.0,sec=none,cache=strict,upcall_target=app,uid=1000,forceuid,gid=1000,forcegid,addr=192.168.50.229,file_mode=0770,dir_mode=0770,iocharset=utf8,soft,nounix,serverino,mapposix,reparse=nfs,nativesocket,symlink=native,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1,_netdev) 192.168.50.107:/export/t420_backup on /mnt/omv-backup type nfs (rw,relatime,vers=3,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.50.107,mountvers=3,mountport=56632,mountproto=udp,local_lock=none,addr=192.168.50.107) overlay on /var/lib/docker/overlay2/4cad63c70a53404193aced3da9d8fe330cb9e0a9938ef1a4016bfac90099dba3/merged type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/LEY5ZYOVJYGUO2RQBP6NCQYJAS:/var/lib/docker/overlay2/l/L3HCU3FCONCQ6BM5HKHHTOTHKK:/var/lib/docker/overlay2/l/OW6GWF3GQ6EXSGD4EDAN3VJLP7:/var/lib/docker/overlay2/l/36BYLWUXNMOVP5OWTXZ5S4GMKE,upperdir=/var/lib/docker/overlay2/4cad63c70a53404193aced3da9d8fe330cb9e0a9938ef1a4016bfac90099dba3/diff,workdir=/var/lib/docker/overlay2/4cad63c70a53404193aced3da9d8fe330cb9e0a9938ef1a4016bfac90099dba3/work,nouserxattr) overlay on /var/lib/docker/overlay2/cc14f7164c79ede3d689254e40d118fb130eddb68ba1101e10d6ad2de7d2c070/merged type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/6QUDAWPMNNDTNZFW5PXWNPQL4D:/var/lib/docker/overlay2/l/5C3QJ3JFAWLYTLYMQQVKJVTM2T:/var/lib/docker/overlay2/l/D6ZJXO4K5T4RST446S2QDHP67J:/var/lib/docker/overlay2/l/NJVUIROGJ4CZPOTRZ42DPKMBMC:/var/lib/docker/overlay2/l/2MBQEPPM5FD2RB62TJ5MRLIIBY,upperdir=/var/lib/docker/overlay2/cc14f7164c79ede3d689254e40d118fb130eddb68ba1101e10d6ad2de7d2c070/diff,workdir=/var/lib/docker/overlay2/cc14f7164c79ede3d689254e40d118fb130eddb68ba1101e10d6ad2de7d2c070/work,nouserxattr) overlay on /var/lib/docker/overlay2/3c6688e6e5511e85599e0b5f71924539e1738d587cf48a8e8054444a6af57549/merged type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/UP5NZ2RDK5HYEDJFJWITQLAXQF:/var/lib/docker/overlay2/l/3KQNW5BXSY7SVCBPMRES5F5PW5:/var/lib/docker/overlay2/l/S26RI6M2G25D2JFWZKQVPHDVW5:/var/lib/docker/overlay2/l/WP3KOXN4RVIHZVQVTQ4YMHSCK2:/var/lib/docker/overlay2/l/U4EF5LRLZENSFLDUJFOP5GEFLZ:/var/lib/docker/overlay2/l/U3O7ARPAXHTJL7645KVIMYBRW4:/var/lib/docker/overlay2/l/BWQJJJPVUOPV5CSIYLHXBF33P7:/var/lib/docker/overlay2/l/MPIBXNN5G2NAKOEW6BSUIGNXLB:/var/lib/docker/overlay2/l/UH2AVCBHPVWLYETQEAJ7I6Z26C:/var/lib/docker/overlay2/l/7EPB7IEGRLNBH6QY6B4O35V5XR:/var/lib/docker/overlay2/l/XTTKGTG3DVYGRIIKVLHLJI775T:/var/lib/docker/overlay2/l/Y44YA7CEEOLXR3ABL6C66N7GRQ,upperdir=/var/lib/docker/overlay2/3c6688e6e5511e85599e0b5f71924539e1738d587cf48a8e8054444a6af57549/diff,workdir=/var/lib/docker/overlay2/3c6688e6e5511e85599e0b5f71924539e1738d587cf48a8e8054444a6af57549/work,nouserxattr) overlay on /var/lib/docker/overlay2/3433eb860df705d53faf849691eabd1d0c82505c222b48ffc58ca04461c3764c/merged type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/H724N4T5KNLHYSVUHVZG4RIFRS:/var/lib/docker/overlay2/l/4T6N2KCG7RCXIID3XIFT5LSQEN:/var/lib/docker/overlay2/l/IVG42DOBT65Y24T4KZPCVCWWCG:/var/lib/docker/overlay2/l/HS7AFPO4EL3QA2AUHKHPV3WTM3:/var/lib/docker/overlay2/l/HU6HRBBG5G527S3OXJKVQRZHRB:/var/lib/docker/overlay2/l/5GMPGTDTFCOHKYMXHXTLTUIGEB:/var/lib/docker/overlay2/l/LOF3L3XJLHYNCACDBVCPC5PP3E:/var/lib/docker/overlay2/l/LQ7CBARWX2KQVFEK5374QOEXUE:/var/lib/docker/overlay2/l/EURNPEPCDBJSO5O6R7TYA7XPZD:/var/lib/docker/overlay2/l/FRPA3NFZUY7PPNWRVZS4RFW5YL,upperdir=/var/lib/docker/overlay2/3433eb860df705d53faf849691eabd1d0c82505c222b48ffc58ca04461c3764c/diff,workdir=/var/lib/docker/overlay2/3433eb860df705d53faf849691eabd1d0c82505c222b48ffc58ca04461c3764c/work,nouserxattr) overlay on /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged type overlay (rw,relatime,lowerdir=/var/lib/docker/overlay2/l/4XWSL3TJZKQKV52Y7QUAOSEJ6Q:/var/lib/docker/overlay2/l/CHQXZJN7AB2LQPODRLVMXS3QLG:/var/lib/docker/overlay2/l/BMFO5MLWWKJARMANRH2F77LDOX:/var/lib/docker/overlay2/l/YR3BAROY35O7A3ILDGUPSPM4DF:/var/lib/docker/overlay2/l/2QOMS6W36QGWUV72RM7N4CSTGY:/var/lib/docker/overlay2/l/4GOITPAVLU66CN2YC5XVLLLA4I:/var/lib/docker/overlay2/l/2IPQZYHEMVXZJWJHWXKLEQM7LC:/var/lib/docker/overlay2/l/JALAZBZS56RVNWDALSM5WSIDHB:/var/lib/docker/overlay2/l/LF4PCBER4SGDZ2IYQ2X65XJ7UI:/var/lib/docker/overlay2/l/AYPELGPRNU7AYL7NB72PEMUFB6,upperdir=/var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/diff,workdir=/var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/work,nouserxattr) nsfs on /run/docker/netns/default type nsfs (rw) nsfs on /run/docker/netns/506dadf0fa06 type nsfs (rw) nsfs on /run/docker/netns/103d8367867a type nsfs (rw) nsfs on /run/docker/netns/b8649a1f1a7f type nsfs (rw) nsfs on /run/docker/netns/a8a2297991f6 type nsfs (rw) nsfs on /run/docker/netns/30647acfe200 type nsfs (rw) tracefs on /sys/kernel/debug/tracing type tracefs (rw,nosuid,nodev,noexec,relatime) Filesystem Size Used Avail Use% Mounted on tmpfs 1.6G 1.8M 1.6G 1% /run /dev/sda2 468G 30G 416G 7% / tmpfs 7.8G 336K 7.8G 1% /dev/shm tmpfs 5.0M 12K 5.0M 1% /run/lock efivarfs 56K 19K 33K 36% /sys/firmware/efi/efivars /dev/sda1 1.1G 6.2M 1.1G 1% /boot/efi /dev/sdb1 117G 2.1M 111G 1% /mnt/sdb tmpfs 1.6G 132K 1.6G 1% /run/user/1000 //192.168.50.229/pictures 17T 2.8T 14T 17% /mnt/omv_immich_pics //192.168.50.229/immich 17T 2.8T 14T 17% /mnt/omv_immich_smb 192.168.50.107:/export/t420_backup 7.3T 306G 7.0T 5% /mnt/omv-backup overlay 468G 30G 416G 7% /var/lib/docker/overlay2/4cad63c70a53404193aced3da9d8fe330cb9e0a9938ef1a4016bfac90099dba3/merged overlay 468G 30G 416G 7% /var/lib/docker/overlay2/cc14f7164c79ede3d689254e40d118fb130eddb68ba1101e10d6ad2de7d2c070/merged overlay 468G 30G 416G 7% /var/lib/docker/overlay2/3c6688e6e5511e85599e0b5f71924539e1738d587cf48a8e8054444a6af57549/merged overlay 468G 30G 416G 7% /var/lib/docker/overlay2/3433eb860df705d53faf849691eabd1d0c82505c222b48ffc58ca04461c3764c/merged overlay 468G 30G 416G 7% /var/lib/docker/overlay2/7f6308b0b272a768ed69198663b0dd5d748a088018befb1d8a3fd42093b98c5f/merged --- System Limits --- real-time non-blocking time (microseconds, -R) unlimited core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 62975 max locked memory (kbytes, -l) 2032296 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 62975 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited [2025-08-22 22:52:36] [INFO] Generating JSON summary ==== GENERATING SUMMARY ==== [2025-08-22 22:52:36] [Generating JSON summary...] [2025-08-22 22:52:36] [INFO] JSON summary generated successfully: /tmp/system_audit_lenovo420_20250822_223222/results.json ==== AUDIT COMPLETE ==== [2025-08-22 22:52:36] [INFO] Audit completed successfully in 1214 seconds [2025-08-22 22:52:36] [INFO] Results available in: /tmp/system_audit_lenovo420_20250822_223222 [2025-08-22 22:52:36] [INFO] Enhanced summary created: /tmp/system_audit_lenovo420_20250822_223222/SUMMARY.txt [2025-08-22 22:52:36] [INFO] Compressing audit results...