# Security Baseline — Live USB Boot Checklist 23.jun.2026 | OSA audit → live USB alignment Cross-reference of security checks that should pass on every booted Clawdie USB. Derived from the OSA security audit on 23.jun.2026. ## Boot-time checks ### SSH hardening | Check | Command | Expected | | ---------------------- | ---------------------------------------- | --------------------------- | | Password auth disabled | `grep PasswordAuth /etc/ssh/sshd_config` | `PasswordAuthentication no` | | Root login disabled | `grep PermitRoot /etc/ssh/sshd_config` | `PermitRootLogin no` | | Key-only auth | `grep PubkeyAuth /etc/ssh/sshd_config` | `PubkeyAuthentication yes` | ### Service accounts | Check | Command | Expected | | ------------------------- | ------------------------------------------ | -------------------------------------------------------------- | | colibri user exists | `pw usershow colibri` | uid 3002, shell `/usr/sbin/nologin` or `/bin/sh` with restrict | | colibri password locked | `pw usershow colibri \| grep '*'` | `*` (asterisk = locked) | | colibri in clawdie group | `id colibri` | includes `clawdie` group | | SSH key restricted | `cat /var/db/colibri/.ssh/authorized_keys` | `command="colibri-mcp-ssh",restrict,no-pty,...` | | Home dir owned by colibri | `ls -la /var/db/colibri/` | `colibri:colibri` on the directory itself | ### MCP socket | Check | Command | Expected | | --------------------------- | -------------------------------------- | ---------------------------- | | Socket exists | `ls /var/run/colibri/colibri.sock` | exists | | Restricted to clawdie group | `ls -la /var/run/colibri/colibri.sock` | `srwxrwx--- clawdie:clawdie` | ### Firewall (pf) | Check | Command | Expected | | ----------------------------- | ------------------------------- | -------------------------------------- | | Default deny | `sudo pfctl -sr` | `block drop all` as final rule | | Only http/https public | `sudo pfctl -sr \| grep vtnet0` | only ports 80, 443 (and optionally 22) | | SSH Tailscale-only (optional) | `sudo pfctl -sr \| grep ssh` | no vtnet0 ssh rule, only tailscale0 | ### Listening ports | Check | Command | Expected | | ------------------------ | ------------------------------- | ------------------------------------------------------- | | No unexpected listeners | `sudo sockstat -l` | nginx (80/443), colibri (socket), sshd | | Dashboard Tailscale-only | `sudo sockstat -l \| grep 9119` | Hermes dashboard — should be on localhost or tailscale0 | | No 0.0.0.0 bindings | `sudo sockstat -l \| grep '*'` | only nginx 80/443 (public web), nothing else | ### MCP access test | Check | Command | Expected | | ---------------------------- | --------------------------------------------- | ----------------------------------------- | | Local MCP works | `colibri-mcp tools` | lists tools | | SSH MCP from colibri user | `ssh -i mother-mcp colibri@localhost 'tools'` | lists tools (single-word invocation only) | | colibri_external_mcp_servers | via MCP tool | shows registered external servers | ### External MCP servers | Check | Command | Expected | | --------------------------- | -------------------------------------------------------- | ----------------------------- | | Config exists | `cat /usr/local/etc/colibri/external-mcp.json` | valid JSON with servers | | COLIBRI_MCP_EXTERNAL_CALL | `grep EXTERNAL_CALL /usr/local/etc/colibri/provider.env` | `COLIBRI_MCP_EXTERNAL_CALL=1` | | geodesic-dome-mcp installed | `ls /usr/local/bin/geodesic-dome-mcp` | exists, executable | | build-colibri.sh installed | `ls /usr/local/bin/build-colibri.sh` | exists, executable | | node-register-mcp installed | `ls /usr/local/bin/node-register-mcp` | exists, executable | | colibri-mcp-ssh wrapper | `ls /usr/local/bin/colibri-mcp-ssh` | exists, executable | ## OSA-specific exceptions (production) | Exception | Reason | | ------------------------------- | --------------------------------------------------- | | Password auth enabled on vtnet0 | User preference for OSA access during development | | SSH port 22 on public interface | OSA is the mother node, needs public SSH for now | | Port 9119 on 0.0.0.0 | Hermes dashboard, pf-limited to Tailscale on vtnet0 | These exceptions should NOT be present on a booted USB — the USB is a single-user operator station, not a public server. ## Tests performed on OSA (23.jun.2026) - ✅ SSH MCP from colibri user: `ssh -i mother-mcp colibri@localhost 'tools'` — works - ✅ Home dir ownership fixed: `chown colibri:colibri /var/db/colibri` - ✅ MCP socket permissions: `srwxrwx--- clawdie:clawdie` - ✅ pf firewall: default deny, only http/https/ssh on vtnet0 - ✅ colibri authorized_keys: restrict + no-pty + forced command - ✅ COLIBRI_MCP_EXTERNAL_CALL=1 in provider.env - ✅ external-mcp.json: mother-build + geodesic-dome registered - ⚠️ Port 9119 (Hermes dashboard) bound to 0.0.0.0 — pf limits to Tailscale