================================================================================ SAFENET LA 01 - FILESYSTEM VERIFICATION SNAPSHOT Open Source Security, Inc. - https://git.opensourcesecurity.net/opensourcesecurity/safenet ================================================================================ Generated: 2026-04-26 08:00:01 EST Hostname: oss-safenet-la-01 Uptime: 3 weeks, 3 days, 10 hours, 50 minutes Kernel: 6.8.0-107-generic This file is automatically generated daily at 6:00 AM EST. Compare against: https://git.opensourcesecurity.net/opensourcesecurity/safenet ================================================================================ FILE CHECKSUMS (SHA-256) ================================================================================ Verify these hashes match the files published on Forgejo. Only configuration files are checksummed. Private keys, customer data, and log files are excluded. /etc/wireguard/wg0.conf [Interface only] 1d48ce5384ee792a197e0cdd89a1008755c15493c525e19c95b6a21e6a5d163b /etc/unbound/unbound.conf 8808b474175ff8eeebecbf407f9091fd73f65c4a43a6ee212e8ae2d9f80778f8 /etc/unbound/unbound.conf.d/safenet.conf b287d67330315ffad22d8ab64ec7ad1343f60ddeb16f0bae0261658e99d011e4 /etc/unbound/unbound.conf.d/oss-blocklist.conf 1e130c6525e64ef83a586acb2d0330c33520ef7a49a0939b2a74d4ee7485a7c1 /etc/unbound/unbound.conf.d/streaming-blocks.conf 4624c1206a27c453a80645c291bf45314e69ff367993e2090e6f6bc8873e5c5b /etc/nginx/sites-available/status.la01.oss-vpn.net d6da1f1768758eededaa538f09445c4ea53d4c6278ae674fd966f1769dc205ef /etc/nginx/nginx.conf 48c6a4ec1e1fd28ccf968490f07e34a1d7f755793b2108a3ed8670b1ee2a0aa2 /etc/iptables/rules.v4 76c4b1c78ae02b910ce0f51fdc9bddd52d5333962a934ef6960ca887da48739d /etc/iptables/rules.v6 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 /etc/iptables/ipsets 4f37694513ae973f02085942b8ea7ab904ebc2f261cb55eae7f93e49a746d5e0 /etc/fail2ban/jail.local f5d0283fb94e496baec21d050027e621200b1238665d66f4d338d32b299d258a /etc/ssh/sshd_config d381c10685e63cb4c55bf3c2fc243d3092e3f9dc0a337aba03a2b69b3c97bf77 /etc/sysctl.conf 97c5b93ecd5329df5318b981bbf78117a8bbc1c3644603dc65d0226fc54a340a /opt/oss-blocklists/scripts/update-safenet-dns.sh 193ab810603e75892c4f08124532de290dfe53e32c093b643720d35978f5e70b /opt/oss-blocklists/scripts/update-safenet-ips.sh 8675f1bc4a2d640af52b7c4dba65f771761759b985aeafad3052b7307d7b0428 /opt/oss-blocklists/scripts/whitelist-manager.sh 3144992ab1e6b5549d4172d47a254cd99148b03e6442f48772f3cf8cd3e8453f /var/www/status/index.html 27b705d2bb61de9c7d16d09fb0b6aa42c5a31853e21cfba44a55bb71c7ac83c0 /var/www/admin/index.html 0642b499ef773b292819315f8bda275ee8a42150a759b69a73628f6d314d81f4 ================================================================================ DIRECTORY STRUCTURE ================================================================================ Tree output excludes: private keys, customer data, log file contents. File names are shown but contents are not exposed. --- /etc/wireguard --- /etc/wireguard `-- wg0.conf --- /etc/unbound --- /etc/unbound |-- unbound.conf `-- unbound.conf.d |-- oss-blocklist.conf |-- remote-control.conf |-- root-auto-trust-anchor-file.conf |-- safenet.conf `-- streaming-blocks.conf --- /etc/nginx/sites-available --- /etc/nginx/sites-available |-- default `-- status.la01.oss-vpn.net --- /etc/nginx/sites-enabled --- /etc/nginx/sites-enabled `-- status.la01.oss-vpn.net -> /etc/nginx/sites-available/status.la01.oss-vpn.net --- /etc/iptables --- /etc/iptables |-- ipsets |-- rules.v4 `-- rules.v6 --- /etc/systemd/system --- /etc/systemd/system |-- chronyd.service -> /usr/lib/systemd/system/chrony.service |-- cloud-final.service.wants | `-- snapd.seeded.service -> /usr/lib/systemd/system/snapd.seeded.service |-- cloud-init.target.wants | |-- cloud-config.service -> /usr/lib/systemd/system/cloud-config.service | |-- cloud-final.service -> /usr/lib/systemd/system/cloud-final.service | |-- cloud-init-hotplugd.socket -> /usr/lib/systemd/system/cloud-init-hotplugd.socket | |-- cloud-init-local.service -> /usr/lib/systemd/system/cloud-init-local.service | `-- cloud-init.service -> /usr/lib/systemd/system/cloud-init.service |-- dbus-org.freedesktop.ModemManager1.service -> /usr/lib/systemd/system/ModemManager.service |-- dbus-org.freedesktop.resolve1.service -> /usr/lib/systemd/system/systemd-resolved.service |-- dbus-org.freedesktop.thermald.service -> /usr/lib/systemd/system/thermald.service |-- display-manager.service.wants | `-- gpu-manager.service -> /usr/lib/systemd/system/gpu-manager.service |-- emergency.target.wants | `-- grub-initrd-fallback.service -> /usr/lib/systemd/system/grub-initrd-fallback.service |-- final.target.wants | `-- snapd.system-shutdown.service -> /usr/lib/systemd/system/snapd.system-shutdown.service |-- getty.target.wants | `-- getty@tty1.service -> /usr/lib/systemd/system/getty@.service |-- graphical.target.wants | `-- udisks2.service -> /usr/lib/systemd/system/udisks2.service |-- hibernate.target.wants | `-- grub-common.service -> /usr/lib/systemd/system/grub-common.service |-- hybrid-sleep.target.wants | `-- grub-common.service -> /usr/lib/systemd/system/grub-common.service |-- ip6tables.service -> /usr/lib/systemd/system/netfilter-persistent.service |-- iptables.service -> /usr/lib/systemd/system/netfilter-persistent.service |-- iscsi.service -> /usr/lib/systemd/system/open-iscsi.service |-- mdmonitor.service.wants | |-- mdcheck_continue.timer -> /usr/lib/systemd/system/mdcheck_continue.timer | |-- mdcheck_start.timer -> /usr/lib/systemd/system/mdcheck_start.timer | `-- mdmonitor-oneshot.timer -> /usr/lib/systemd/system/mdmonitor-oneshot.timer |-- multi-user.target.wants | |-- acct.service -> /usr/lib/systemd/system/acct.service | |-- apport.service -> /usr/lib/systemd/system/apport.service | |-- chrony.service -> /usr/lib/systemd/system/chrony.service | |-- console-setup.service -> /usr/lib/systemd/system/console-setup.service | |-- cron.service -> /usr/lib/systemd/system/cron.service | |-- dmesg.service -> /usr/lib/systemd/system/dmesg.service | |-- e2scrub_reap.service -> /lib/systemd/system/e2scrub_reap.service | |-- fail2ban.service -> /usr/lib/systemd/system/fail2ban.service | |-- grub-common.service -> /usr/lib/systemd/system/grub-common.service | |-- grub-initrd-fallback.service -> /usr/lib/systemd/system/grub-initrd-fallback.service | |-- lxd-installer.socket -> /usr/lib/systemd/system/lxd-installer.socket | |-- ModemManager.service -> /usr/lib/systemd/system/ModemManager.service | |-- netdata.service -> /usr/lib/systemd/system/netdata.service | |-- netfilter-persistent.service -> /usr/lib/systemd/system/netfilter-persistent.service | |-- networkd-dispatcher.service -> /usr/lib/systemd/system/networkd-dispatcher.service | |-- nginx.service -> /usr/lib/systemd/system/nginx.service | |-- open-vm-tools.service -> /usr/lib/systemd/system/open-vm-tools.service | |-- pollinate.service -> /usr/lib/systemd/system/pollinate.service | |-- postfix.service -> /usr/lib/systemd/system/postfix.service | |-- remote-fs.target -> /usr/lib/systemd/system/remote-fs.target | |-- rsyslog.service -> /usr/lib/systemd/system/rsyslog.service | |-- safenet-admin.service -> /etc/systemd/system/safenet-admin.service | |-- secureboot-db.service -> /usr/lib/systemd/system/secureboot-db.service | |-- snapd.apparmor.service -> /usr/lib/systemd/system/snapd.apparmor.service | |-- snapd.autoimport.service -> /usr/lib/systemd/system/snapd.autoimport.service | |-- snapd.core-fixup.service -> /usr/lib/systemd/system/snapd.core-fixup.service | |-- snapd.recovery-chooser-trigger.service -> /usr/lib/systemd/system/snapd.recovery-chooser-trigger.service | |-- snapd.seeded.service -> /usr/lib/systemd/system/snapd.seeded.service | |-- snapd.service -> /usr/lib/systemd/system/snapd.service | |-- ssl-cert.service -> /usr/lib/systemd/system/ssl-cert.service | |-- sysstat.service -> /usr/lib/systemd/system/sysstat.service | |-- systemd-networkd.service -> /lib/systemd/system/systemd-networkd.service | |-- thermald.service -> /usr/lib/systemd/system/thermald.service | |-- ua-reboot-cmds.service -> /usr/lib/systemd/system/ua-reboot-cmds.service | |-- ubuntu-advantage.service -> /usr/lib/systemd/system/ubuntu-advantage.service | |-- unattended-upgrades.service -> /usr/lib/systemd/system/unattended-upgrades.service | |-- unbound.service -> /usr/lib/systemd/system/unbound.service | |-- vnstat.service -> /usr/lib/systemd/system/vnstat.service | |-- wg-control.service -> /etc/systemd/system/wg-control.service | `-- wg-quick@wg0.service -> /usr/lib/systemd/system/wg-quick@.service |-- network-online.target.wants | `-- systemd-networkd-wait-online.service -> /lib/systemd/system/systemd-networkd-wait-online.service |-- oem-config.service.wants | `-- gpu-manager.service -> /usr/lib/systemd/system/gpu-manager.service |-- open-vm-tools.service.requires | `-- vgauth.service -> /usr/lib/systemd/system/vgauth.service |-- paths.target.wants | |-- apport-autoreport.path -> /usr/lib/systemd/system/apport-autoreport.path | `-- tpm-udev.path -> /usr/lib/systemd/system/tpm-udev.path |-- rescue.target.wants | `-- grub-initrd-fallback.service -> /usr/lib/systemd/system/grub-initrd-fallback.service |-- safenet-admin.service |-- sleep.target.wants | `-- grub-initrd-fallback.service -> /usr/lib/systemd/system/grub-initrd-fallback.service |-- sockets.target.wants | |-- apport-forward.socket -> /usr/lib/systemd/system/apport-forward.socket | |-- dm-event.socket -> /usr/lib/systemd/system/dm-event.socket | |-- iscsid.socket -> /usr/lib/systemd/system/iscsid.socket | |-- multipathd.socket -> /usr/lib/systemd/system/multipathd.socket | |-- snapd.socket -> /usr/lib/systemd/system/snapd.socket | |-- ssh.socket -> /usr/lib/systemd/system/ssh.socket | |-- systemd-networkd.socket -> /lib/systemd/system/systemd-networkd.socket | `-- uuidd.socket -> /usr/lib/systemd/system/uuidd.socket |-- sshd-keygen@.service.d | `-- disable-sshd-keygen-if-cloud-init-active.conf |-- ssh.service.requires | `-- ssh.socket -> /usr/lib/systemd/system/ssh.socket |-- suspend.target.wants | `-- grub-common.service -> /usr/lib/systemd/system/grub-common.service |-- suspend-then-hibernate.target.wants | `-- grub-common.service -> /usr/lib/systemd/system/grub-common.service |-- sysinit.target.wants | |-- apparmor.service -> /usr/lib/systemd/system/apparmor.service | |-- blk-availability.service -> /usr/lib/systemd/system/blk-availability.service | |-- finalrd.service -> /usr/lib/systemd/system/finalrd.service | |-- keyboard-setup.service -> /usr/lib/systemd/system/keyboard-setup.service | |-- lvm2-lvmpolld.socket -> /usr/lib/systemd/system/lvm2-lvmpolld.socket | |-- lvm2-monitor.service -> /usr/lib/systemd/system/lvm2-monitor.service | |-- multipathd.service -> /usr/lib/systemd/system/multipathd.service | |-- open-iscsi.service -> /usr/lib/systemd/system/open-iscsi.service | |-- setvtrgb.service -> /usr/lib/systemd/system/setvtrgb.service | |-- systemd-pstore.service -> /usr/lib/systemd/system/systemd-pstore.service | `-- systemd-resolved.service -> /usr/lib/systemd/system/systemd-resolved.service |-- syslog.service -> /usr/lib/systemd/system/rsyslog.service |-- sysstat.service.wants | |-- sysstat-collect.timer -> /usr/lib/systemd/system/sysstat-collect.timer | `-- sysstat-summary.timer -> /usr/lib/systemd/system/sysstat-summary.timer |-- timers.target.wants | |-- apport-autoreport.timer -> /usr/lib/systemd/system/apport-autoreport.timer | |-- apt-daily.timer -> /lib/systemd/system/apt-daily.timer | |-- apt-daily-upgrade.timer -> /lib/systemd/system/apt-daily-upgrade.timer | |-- apt-show-versions.timer -> /usr/lib/systemd/system/apt-show-versions.timer | |-- certbot.timer -> /usr/lib/systemd/system/certbot.timer | |-- dailyaidecheck.timer -> /usr/lib/systemd/system/dailyaidecheck.timer | |-- dpkg-db-backup.timer -> /lib/systemd/system/dpkg-db-backup.timer | |-- e2scrub_all.timer -> /lib/systemd/system/e2scrub_all.timer | |-- fstrim.timer -> /lib/systemd/system/fstrim.timer | |-- fwupd-refresh.timer -> /usr/lib/systemd/system/fwupd-refresh.timer | |-- logrotate.timer -> /usr/lib/systemd/system/logrotate.timer | |-- lynis.timer -> /usr/lib/systemd/system/lynis.timer | |-- man-db.timer -> /usr/lib/systemd/system/man-db.timer | |-- motd-news.timer -> /lib/systemd/system/motd-news.timer | |-- snapd.snap-repair.timer -> /usr/lib/systemd/system/snapd.snap-repair.timer | |-- ua-timer.timer -> /usr/lib/systemd/system/ua-timer.timer | |-- update-notifier-download.timer -> /usr/lib/systemd/system/update-notifier-download.timer | `-- update-notifier-motd.timer -> /usr/lib/systemd/system/update-notifier-motd.timer |-- unbound.service.wants | `-- unbound-resolvconf.service -> /usr/lib/systemd/system/unbound-resolvconf.service |-- vmtoolsd.service -> /usr/lib/systemd/system/open-vm-tools.service `-- wg-control.service --- /opt/oss-blocklists --- /opt/oss-blocklists |-- logs |-- output | |-- dns | `-- ip |-- scripts | |-- generate-security-reports.sh | |-- update-safenet-dns.sh | |-- update-safenet-ips.sh | `-- whitelist-manager.sh `-- sources --- /opt/oss-scripts --- /opt/oss-scripts `-- generate-server-tree.sh --- /var/www/oss-blocklists --- /var/www/oss-blocklists `-- verify |-- aide-report.txt |-- index.html |-- lynis-report.txt |-- meta.json |-- rkhunter-report.txt |-- server-snapshot.txt `-- warrant-canary.txt --- /var/www/status --- /var/www/status |-- index.html `-- vpn-count.txt --- /var/www/admin --- /var/www/admin |-- index.html |-- index.html.bak |-- index.html.bak2 |-- index.html.bak-20260301 `-- peer-stats.json ================================================================================ SERVICE STATUS ================================================================================ WireGuard (wg0): active Unbound DNS: active nginx: active fail2ban: active Netdata: active DNS Blocklist: 1939948 domains IP Blocklist: 70998 addresses ================================================================================ VERIFICATION INSTRUCTIONS ================================================================================ 1. Review the checksums and directory structure above 2. Source repo: https://git.opensourcesecurity.net/opensourcesecurity/safenet 3. For live verification, contact OSS support: support@opensourcesecurity.net SafeNet operates on "verify, don't trust" - every claim is inspectable. ================================================================================