# Linux Security Audit Report

- Run dir: `/home/wangyin/linux-security-audit/reports/sault01-20260610-013253`
- Generated: 2026-06-11T01:03:21.657722+00:00
- Host: `sault01` (x86_64)

## Module summary

| Module | Status | Summary |
|---|---|---|
| sensitive-info-scan | warn | 12078 unique findings (7649 actionable, 4429 likely-FP). critical=14 high=1017 medium=131 low=6487 info=0 |

## sensitive-info-scan

**critical**:14 **high**:1017 **medium**:131 **low**:6487 **likely_fp**:4429 **total_unique**:12078

Top findings (20 of 12078):

- [critical] **private_key** - `/root/.ssh/id_rsa:1` score=16.0 entropy=3.66 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$)
- [critical] **private_key** - `/home/jenkins/.ssh/id_rsa:1` score=16.0 entropy=3.66 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$)
- [critical] **pem-private-key** - `/root/.ssh/id_rsa:1` score=14.5 entropy=1.58 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$);very short secret
- [critical] **pem-private-key** - `/home/jenkins/.ssh/id_rsa:1` score=14.5 entropy=1.58 sensitive path: (?:^|/)id_(rsa|ed25519|ecdsa|dsa)(?:\.|$);very short secret
- [critical] **pem-private-key** - `/etc/ssl/private/ssl-cert-snakeoil.key:1` score=12.0 entropy=3.2 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/etc/ssl/private/ssl-cert-snakeoil.key:1` score=12.0 entropy=3.53 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **pem-private-key** - `/data2/mysql/data/client-key.pem:1` score=12.0 entropy=3.2 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/data2/mysql/data/client-key.pem:1` score=12.0 entropy=3.53 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/data2/mysql/data/ca-key.pem:1` score=12.0 entropy=3.53 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **pem-private-key** - `/data2/mysql/data/ca-key.pem:1` score=12.0 entropy=3.2 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/data2/mysql/data/private_key.pem:1` score=12.0 entropy=3.53 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **pem-private-key** - `/data2/mysql/data/private_key.pem:1` score=12.0 entropy=3.2 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **private_key** - `/data2/mysql/data/server-key.pem:1` score=12.0 entropy=3.53 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [critical] **pem-private-key** - `/data2/mysql/data/server-key.pem:1` score=12.0 entropy=3.2 sensitive path: \.pem$|\.key$|\.p12$|\.pfx$|\.jks$
- [high] **private_key** - `/etc/ssh/ssh_host_ecdsa_key:1` score=8.0 entropy=3.59
- [high] **private_key** - `/etc/ssh/ssh_host_ed25519_key:1` score=8.0 entropy=3.83
- [high] **private_key** - `/etc/ssh/ssh_host_rsa_key:1` score=8.0 entropy=3.66
- [high] **private_key** - `/etc/ssh/ssh_host_dsa_key:1` score=8.0 entropy=3.73
- [high] **private_key** - `/home/nfs/.prng/.l/session-output-ssh-jenkins@8.92.9.192:22-1774664634.log:3410` score=8.0 entropy=3.83
- [high] **private_key** - `/home/nfs/.prng/.l/session-output-ssh-jenkins@8.92.9.192:22-1774662030.log:2078` score=8.0 entropy=3.66

Notes:
- Severity is heuristic; review high/critical first.
- `is_likely_fp` items are kept for audit but should be skimmed, not actioned blindly.