Findings
⚠ Port 22 (SSH (standard)) — open (unexpected!)
✓ Port 80 (HTTP) — open (expected)
✓ Port 443 (HTTPS) — open (expected)
✓ SSL/TLS: TLSv1.3 — cipher: TLS_AES_256_GCM_SHA384
✓ Certificate: Let's Encrypt — expires Apr 15 14:44:29 2026 GMT
⚠ Header Strict-Transport-Security — MISSING (recommended: max-age=31536000)
✓ Header X-Content-Type-Options: nosniff
✓ Header X-Frame-Options: SAMEORIGIN
⚠ Header Content-Security-Policy — MISSING (recommended: default-src 'self')
✓ Header Referrer-Policy: strict-origin-when-cross-origin
ℹ Server header reveals: nginx/1.29.5
⚠ /etc/shadow — permissions 640 root:shadow (too open)
⚠ /root/.ssh/authorized_keys — permissions 644 root:root (too open)
✓ /thoughts-private.txt — permissions 644 root:root
Listening Services
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1627,fd=6))
LISTEN 0 511 *:80 *:* users:(("apache2",pid=9073,fd=6),("apache2",pid=9072,fd=6),("apache2",pid=9070,fd=6),("apache2",pid=9069,fd=6),("apache2",pid=9068,fd=6),("apache2",pid=1658,fd=6))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1627,fd=7))
LISTEN 0 511 *:443 *:* users:(("apache2",pid=9073,fd=4),("apache2",pid=9072,fd=4),("apache2",pid=9070,fd=4),("apache2",pid=9069,fd=4),("apache2",pid=9068,fd=4),("apache2",pid=1658,fd=4))
LISTEN 0 4096 *:10050 *:* users:(("zabbix_agent2",pid=1762,fd=7))