Security Baseline — Live USB Boot Checklist
23.jun.2026 | OSA audit → live USB alignment
Cross-reference of security checks that should pass on every booted
Clawdie USB. Derived from the OSA security audit on 23.jun.2026.
Boot-time checks
SSH hardening
| Check |
Command |
Expected |
| Password auth disabled |
grep PasswordAuth /etc/ssh/sshd_config |
PasswordAuthentication no |
| Root login disabled |
grep PermitRoot /etc/ssh/sshd_config |
PermitRootLogin no |
| Key-only auth |
grep PubkeyAuth /etc/ssh/sshd_config |
PubkeyAuthentication yes |
Service accounts
| Check |
Command |
Expected |
| colibri user exists |
pw usershow colibri |
uid 3002, shell /usr/sbin/nologin or /bin/sh with restrict |
| colibri password locked |
pw usershow colibri | grep '*' |
* (asterisk = locked) |
| colibri in clawdie group |
id colibri |
includes clawdie group |
| SSH key restricted |
cat /var/db/colibri/.ssh/authorized_keys |
command="colibri-mcp-ssh",restrict,no-pty,... |
| Home dir owned by colibri |
ls -la /var/db/colibri/ |
colibri:colibri on the directory itself |
MCP socket
| Check |
Command |
Expected |
| Socket exists |
ls /var/run/colibri/colibri.sock |
exists |
| Restricted to clawdie group |
ls -la /var/run/colibri/colibri.sock |
srwxrwx--- clawdie:clawdie |
Firewall (pf)
| Check |
Command |
Expected |
| Default deny |
sudo pfctl -sr |
block drop all as final rule |
| Only http/https public |
sudo pfctl -sr | grep vtnet0 |
only ports 80, 443 (and optionally 22) |
| SSH Tailscale-only (optional) |
sudo pfctl -sr | grep ssh |
no vtnet0 ssh rule, only tailscale0 |
Listening ports
| Check |
Command |
Expected |
| No unexpected listeners |
sudo sockstat -l |
nginx (80/443), colibri (socket), sshd |
| Dashboard Tailscale-only |
sudo sockstat -l | grep 9119 |
Hermes dashboard — should be on localhost or tailscale0 |
| No 0.0.0.0 bindings |
sudo sockstat -l | grep '*' |
only nginx 80/443 (public web), nothing else |
MCP access test
| Check |
Command |
Expected |
| Local MCP works |
colibri-mcp tools |
lists tools |
| SSH MCP from colibri user |
ssh -i mother-mcp colibri@localhost 'tools' |
lists tools (single-word invocation only) |
| colibri_external_mcp_servers |
via MCP tool |
shows registered external servers |
External MCP servers
| Check |
Command |
Expected |
| Config exists |
cat /usr/local/etc/colibri/external-mcp.json |
valid JSON with servers |
| COLIBRI_MCP_EXTERNAL_CALL |
grep EXTERNAL_CALL /usr/local/etc/colibri/provider.env |
COLIBRI_MCP_EXTERNAL_CALL=1 |
| geodesic-dome-mcp installed |
ls /usr/local/bin/geodesic-dome-mcp |
exists, executable |
| build-colibri.sh installed |
ls /usr/local/bin/build-colibri.sh |
exists, executable |
| node-register-mcp installed |
ls /usr/local/bin/node-register-mcp |
exists, executable |
| colibri-mcp-ssh wrapper |
ls /usr/local/bin/colibri-mcp-ssh |
exists, executable |
OSA-specific exceptions (production)
| Exception |
Reason |
| Password auth enabled on vtnet0 |
User preference for OSA access during development |
| SSH port 22 on public interface |
OSA is the mother node, needs public SSH for now |
| Port 9119 on 0.0.0.0 |
Hermes dashboard, pf-limited to Tailscale on vtnet0 |
These exceptions should NOT be present on a booted USB — the USB is a
single-user operator station, not a public server.
Tests performed on OSA (23.jun.2026)
- ✅ SSH MCP from colibri user:
ssh -i mother-mcp colibri@localhost 'tools' — works
- ✅ Home dir ownership fixed:
chown colibri:colibri /var/db/colibri
- ✅ MCP socket permissions:
srwxrwx--- clawdie:clawdie
- ✅ pf firewall: default deny, only http/https/ssh on vtnet0
- ✅ colibri authorized_keys: restrict + no-pty + forced command
- ✅ COLIBRI_MCP_EXTERNAL_CALL=1 in provider.env
- ✅ external-mcp.json: mother-build + geodesic-dome registered
- ⚠️ Port 9119 (Hermes dashboard) bound to 0.0.0.0 — pf limits to Tailscale
Sam & Claude
61683eeb42