docs: security baseline — live USB boot checklist #122

Merged

clawdie merged 1 commit from feature/0.12.0 into main

2026-06-23 15:26:24 +02:00

Author	SHA1	Message	Date
Sam & Claude	180abbab39	docs: security baseline — live USB boot checklist Cross-reference from OSA audit (2026-06-23): SSH hardening, MCP socket, firewall, listening ports, service accounts, external MCP servers. Each check has command + expected output. OSA exceptions documented: password auth kept for dev access. USB should be stricter — key-only SSH, no 0.0.0.0 bindings. Skill saved: security-audit-clawdie (freebsd category)	2026-06-23 15:24:37 +02:00

Author

SHA1

Message

Date

Sam & Claude

180abbab39

docs: security baseline — live USB boot checklist

Cross-reference from OSA audit (2026-06-23): SSH hardening,
MCP socket, firewall, listening ports, service accounts,
external MCP servers. Each check has command + expected output.

OSA exceptions documented: password auth kept for dev access.
USB should be stricter — key-only SSH, no 0.0.0.0 bindings.

Skill saved: security-audit-clawdie (freebsd category)

2026-06-23 15:24:37 +02:00