# Linux Security Audit Report

- Run dir: `/home/wangyin/linux-security-audit/reports/ascend56-20260609-223201`
- Generated: 2026-06-10T03:29:55.345968+00:00
- Host: `ascend56` (aarch64)

## Module summary

| Module | Status | Summary |
|---|---|---|
| sensitive-info-scan | warn | 5210 unique findings (756 actionable, 4454 likely-FP). critical=62 high=31 medium=77 low=586 info=0 |

## sensitive-info-scan

**critical**:62 **high**:31 **medium**:77 **low**:586 **likely_fp**:4454 **total_unique**:5210

Top findings (20 of 5210):

- [critical] **private_key** - `/home/jenkins/.ssh/id_rsa:1` score=16.0 entropy=3.83 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$)
- [critical] **pem-private-key** - `/home/jenkins/.ssh/id_rsa:1` score=14.5 entropy=2.52 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$);very short secret
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/client-key-verify-san.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/client-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/crl-client-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/crl-server-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/crl-client-revoked-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/expired-ca-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/expired-server-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/expired-client-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key-verify-fail.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key-sha512.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/rsa_private_key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key-verify-pass.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key-verify-san.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server8k-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/pkgs/mysql-5.7.24-h3140d82_2/mysql-test/std_data/client-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/pkgs/mysql-5.7.24-h3140d82_2/mysql-test/std_data/client-key-verify-san.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/pkgs/mysql-5.7.24-h3140d82_2/mysql-test/std_data/crl-client-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$

Notes:
- Severity is heuristic; review high/critical first.
- `is_likely_fp` items are kept for audit but should be skimmed, not actioned blindly.