# Linux Security Audit Report

- Run dir: `/home/wangyin/linux-security-audit/reports/gpu42-20260610-010008`
- Generated: 2026-06-10T05:51:50.528186+00:00
- Host: `gpu42` (x86_64)

## Module summary

| Module | Status | Summary |
|---|---|---|
| sensitive-info-scan | warn | 5260 unique findings (744 actionable, 4516 likely-FP). critical=66 high=133 medium=80 low=465 info=0 |

## sensitive-info-scan

**critical**:66 **high**:133 **medium**:80 **low**:465 **likely_fp**:4516 **total_unique**:5260

Top findings (20 of 5260):

- [critical] **private_key** - `/root/.ssh/id_rsa:1` score=16.0 entropy=3.66 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$)
- [critical] **private_key** - `/home/jenkins/.ssh/id_rsa:1` score=16.0 entropy=3.66 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$)
- [critical] **pem-private-key** - `/root/.ssh/id_rsa:1` score=14.5 entropy=1.58 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$);very short secret
- [critical] **pem-private-key** - `/home/jenkins/.ssh/id_rsa:1` score=14.5 entropy=1.58 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$);very short secret
- [critical] **private_key** - `/etc/ssl/private/ssl-cert-snakeoil.key:1` score=12.0 entropy=3.53 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **pem-private-key** - `/etc/ssl/private/ssl-cert-snakeoil.key:1` score=12.0 entropy=3.2 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/client-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/client-key-verify-san.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/crl-client-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/crl-server-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/expired-client-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/expired-ca-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/crl-client-revoked-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/expired-server-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key-verify-san.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key-verify-fail.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key-sha512.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key-verify-pass.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/rsa_private_key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/home/jenkins/anaconda3/mysql-test/std_data/server-key.pem:1` score=12.0 entropy=3.66 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$

Notes:
- Severity is heuristic; review high/critical first.
- `is_likely_fp` items are kept for audit but should be skimmed, not actioned blindly.