# Security Hardening Assessment — Hoffmann Infrastructure **Date:** 2026-04-21 **Requested by:** Matt (The Director) **Assessors:** Socrates (Backend/Infrastructure), Wadsworth (General Systems/Coordination) --- ## Executive Summary This document assesses the current security posture of the Hoffmann home infrastructure and outlines hardening requirements across three layers: **Host/OS**, **Network/Access**, and **Application/Data**. Given the sovereign nature of this deployment (self-hosted AI systems, personal data processing), the recommended posture balances **zero-trust principles** with **operational sustainability**. --- ## Current Architecture Overview | Component | Host | Network | Exposure | |-----------|------|---------|----------| | OpenClaw Gateway | Beelink (titanium-butler) | Tailscale + localhost:18789 | Internal only | | Family Assistant | Beelink (titanium-butler) | Tailscale, localhost Radicale | Internal + Cloudflare Worker (email) | | Local AI Inference | Gaming PC (3080 Ti) | Tailscale 100.104.147.116 | Internal only | | ChromaDB/Radicale | Beelink | localhost:5232, Tailscale | Private network only | | Cloudflare Worker | Cloudflare Edge | Public internet | Email webhook only | **Key characteristics:** - Tailscale mesh network for all inter-host communication - No public-facing services (except Cloudflare Worker for email routing) - Token-based authentication for OpenClaw - htpasswd (bcrypt) for Radicale CalDAV - App passwords preferred over OAuth refresh tokens --- ## Layer 1: Host/OS Hardening ### 1.1 Current State Assessment **Beelink (titanium-butler):** - Ubuntu 24.04 LTS (good — LTS with 5-year support) - Systemd services: radicale.service, hoffdesk-webhook.service (active) - No evidence of automatic security updates configured - Disk encryption status: **Unknown** — requires verification - Backup: Daily tar to local + Gaming PC via Tailscale SSH (sovereign backup) **Gaming PC (inference node):** - Windows (assumed, given 3080 Ti gaming setup) - Tailscale for network access - Ollama server on localhost:11434 - Status: **Needs assessment** — this is a gap ### 1.2 Required Hardening Actions #### Critical (Do First) | Priority | Action | Component | Effort | Risk | |----------|--------|-----------|--------|------| | 1 | Enable automatic security updates | Beelink | Low | Minimal | | 2 | Verify disk encryption (LUKS) | Beelink | Low | None | | 3 | Secure Ollama endpoint (bind to localhost only) | Gaming PC | Low | Minimal | | 4 | Create service account for Family Assistant | Beelink | Low | Low | | 5 | File permissions audit (600 for secrets) | All hosts | Low | None | #### Important (Do Soon) | Priority | Action | Component | Effort | Risk | |----------|--------|-----------|--------|------| | 6 | Fail2ban for SSH (if SSH enabled) | Beelink | Low | Low | | 7 | UFW firewall rules (deny incoming default, allow Tailscale) | Beelink | Low | Low | | 8 | Audit systemd service sandboxing (PrivateTmp, NoNewPrivileges) | Beelink | Low | Low | | 9 | Log rotation for command-logger.jsonl | Beelink | Low | None | | 10 | Windows security baseline (if applicable) | Gaming PC | Medium | Low | #### Deferred (Post-v1.0) - SELinux/AppArmor profiles for custom services - Kernel live patching (canonical-livepatch) - HIDS (AIDE or similar) --- ## Layer 2: Network/Access Hardening ### 2.1 Current State Assessment **Strengths:** - Tailscale provides mTLS mesh networking - No exposed SSH ports to public internet - Cloudflare Worker acts as email→webhook proxy (no direct email server exposure) - Gateway bound to 127.0.0.1:18789 (localhost-only) **Gaps:** - Radicale CalDAV exposed on 0.0.0.0:5232 (necessary for mobile CalDAV sync?) - No network segmentation between services - Unknown if Tailscale ACLs restrict inter-device access - No DDoS protection (not critical for home use) ### 2.2 Required Hardening Actions #### Critical | Priority | Action | Effort | Risk | |----------|--------|--------|------| | 1 | Restrict Radicale to Tailscale IPs only (or localhost + reverse proxy) | Low | Medium* | | 2 | Audit Tailscale ACLs — verify principle of least privilege | Low | Low | | 3 | Verify Cloudflare Worker token rotation | Low | None | *Risk: Could break mobile CalDAV sync if not done carefully. #### Important | Priority | Action | Effort | Risk | |----------|--------|--------|------| | 4 | Implement Tailscale device approval for new nodes | Low | Low | | 5 | Review Tailscale exit nodes/ subnets for data exfiltration paths | Low | Low | | 6 | DNS-over-HTTPS (DoH) on all hosts | Low | None | --- ## Layer 3: Application/Data Hardening ### 3.1 OpenClaw/Gateway Security **Current:** - Token authentication enabled - RedactSensitive: "tools" configured - Dreaming, command-logger hooks active - Active Memory disabled (performance issue, not security) **Required:** | Priority | Action | Effort | |----------|--------|--------| | 1 | Run `openclaw security audit --deep` | Low | | 2 | Review and tighten OpenClaw file permissions (`--fix`) | Low | | 3 | Verify gateway.bind is strictly localhost | None | | 4 | Audit fallback model chain for unexpected API key exposure | Low | | 5 | Review agent session isolation (prevent cross-contamination) | Low | ### 3.2 Family Assistant Security **Current:** - Secrets in `~/.openclaw/.env` and `scripts/.env` (chmod 600 assumed) - Google Calendar API replaced with Radicale (reduced OAuth scope) - Service account JSON in `~/.openclaw/secrets/` (needs verification) **Required:** | Priority | Action | Effort | |----------|--------|--------| | 1 | Verify all .env files are chmod 600 and gitignored | Low | | 2 | Audit ChromaDB persistence for PII exposure | Low | | 3 | Implement request rate limiting on webhook endpoint | Medium | | 4 | Add circuit breaker for Radicale auth failures (3 consecutive → pause + alert) | Medium | | 5 | Review LLM prompt injection vectors (email→calendar parsing) | Low | ### 3.3 Data Protection | Priority | Action | Effort | |----------|--------|--------| | 1 | Verify backup encryption (at rest and in transit) | Low | | 2 | Implement backup integrity verification (checksums/test restores) | Medium | | 3 | Document data retention policy (ChromaDB, email cache, logs) | Low | | 4 | PII scrubbing audit (confirm no plaintext PII in logs) | Low | --- ## Risk Tolerance Profile Recommendation Based on the sovereign home-lab context, I recommend **"Home/Workstation Balanced with Zero-Trust Overlay"**: - **Firewall:** Default deny incoming, explicit allow for required services - **Updates:** Automatic security updates enabled - **Access:** Tailscale-only for management, no public-facing admin interfaces - **Backups:** Encrypted, tested, with retention policies - **Monitoring:** Security audit alerts → Matt's DM (already configured) --- ## Implementation Roadmap ### Phase 1: Critical (This Week) 1. Run `openclaw security audit --deep` on Beelink 2. Enable automatic security updates on Beelink 3. Verify disk encryption status 4. Secure Ollama endpoint on Gaming PC 5. Verify all .env files are chmod 600 ### Phase 2: Important (Next 2 Weeks) 6. Restrict Radicale to Tailscale-only access 7. Audit Tailscale ACLs 8. Configure UFW on Beelink 9. Implement log rotation 10. Create dedicated service account for Family Assistant ### Phase 3: Hardening (Ongoing) 11. Backup integrity verification 12. systemd service sandboxing 13. Application-level rate limiting 14. Circuit breaker for auth failures --- ## Cross-Agent Coordination Notes **Socrates (Backend/Infrastructure):** - Primary owner of host/OS hardening (Phase 1-2) - Will execute `openclaw security audit --deep` and report findings - Responsible for systemd service hardening and UFW configuration **Wadsworth (General Systems/Coordination):** - Primary owner of process coordination and scheduling - Should verify backup integrity and retention policies - Responsible for cross-agent security event routing **Daedalus (Frontend):** - Should verify no secrets in frontend build artifacts - Review any client-side storage for PII --- ## Open Questions for Wadsworth 1. What's the current backup verification process? Do we test restores? 2. Are Tailscale ACLs currently restricting inter-device access, or is it default allow? 3. What's the status of command-logger.jsonl rotation? 4. Should we schedule periodic `openclaw security audit` via cron? --- ## Appendices ### A. Commands Reference ```bash # OpenClaw security audit openclaw security audit --deep openclaw security audit --fix # Ubuntu automatic updates sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades # Check disk encryption sudo cryptsetup status # UFW basic rules sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow from 100.64.0.0/10 # Tailscale sudo ufw enable # File permissions chmod 600 ~/.openclaw/.env ~/.openclaw/scripts/.env chmod 600 ~/.openclaw/secrets/*.json # Log rotation (add to /etc/logrotate.d/) /home/hoffmann_admin/.openclaw/command-logger.jsonl { daily rotate 7 compress delaycompress missingok notifempty } ``` ### B. Verification Checklist - [ ] `openclaw security audit --deep` passes with no critical findings - [ ] Automatic security updates enabled on Beelink - [ ] Disk encryption verified (LUKS active) - [ ] All .env files chmod 600 - [ ] Radicale bound to Tailscale IPs only - [ ] UFW active with appropriate rules - [ ] Backup integrity verified (test restore completed) - [ ] Log rotation configured - [ ] Ollama on Gaming PC bound to localhost - [ ] Tailscale ACLs audited --- **Document status:** Draft — awaiting Wadsworth assessment and Matt's priority confirmation. **Socrates Assessment:** Backend infrastructure hardening is straightforward and low-risk. The bigger concern is operational sustainability — ensuring backups work, updates don't break services, and alerting is meaningful rather than noisy. The sovereign nature of this deployment means we trade cloud-managed security for direct control — that's the right trade for this context, but it requires discipline on monitoring and maintenance.