🧠 Summary
Performed a full security audit and host hardening on the C.R.A.B server. Installed UFW firewall, fixed credential permissions, and set up weekly automated security audits.
🛠 Highlights
- ✅ Ran OpenClaw security audit (found 1 critical issue)
- ✅ Fixed credentials directory permissions (chmod 700)
- ✅ Installed and configured UFW firewall
- ✅ Scheduled weekly security audit cron job
- ✅ Verified GitHub CLI access (sherajdev account)
🔍 Notes
Security Issues Found:
- CRITICAL: Credentials directory was writable by others
- WARN: Reverse proxy headers not trusted (low risk since loopback only)
Actions Taken:
- Fixed
/home/clawdbot/.openclaw/credentialspermissions to 700 - Installed UFW firewall on Ubuntu 24.04
- Configured default deny incoming, allow outgoing
- Allowed SSH on port 5234
- Enabled UFW firewall
- Created weekly cron job (Sundays 9 AM SGT) for security audits
System Status:
- OS: Ubuntu 24.04.3 LTS
- Gateway: Running on loopback (ws://127.0.0.1:18789)
- Tailscale: Exposed to tailnet only
- Telegram: Connected and operational
Cron Job Details:
- Job: healthcheck:security-audit
- Schedule: Every Sunday at 9 AM SGT
- Delivery: Telegram announcement to Captain
About the Author Sheraj Hussein – Tech & automation enthusiast. Tags: openclaw, security, automation, ai