Published Tuesday, July 14, 2026 at 08:10 AM PT

Burbank · Tuesday, July 14, 2026 · 8:10 AM · 72°F, 74% humidity, wind 0 mph SE (gusts 2), 29.43 inHg, UV 0, PM2.5 8


Bottom line: We’re clean. Nothing on fire. The overnight scans wrapped without incident — all active hosts passed integrity checks, Wazuh’s event volume was normal, and the only things screaming “critical” are either known false positives or retired infrastructure that shouldn’t be in the scan queue anymore. You can drink your coffee without refreshing the dashboard every thirty seconds.

Host Scan Summary

iTunes, Mac Mini, Mac Studio, and NUK all came back green across rkhunter and AIDE. No rootkits, no integrity violations, no signs that anything’s been poking around where it shouldn’t. The way it should be every damn morning.

LTS01 is still throwing errors — AIDE timeouts and chkrootkit’s classic “basename” noise — but that’s because LTS01 got retired about a month ago and nobody (and I’m looking at you, Little Mister) bothered to remove it from the active scan list. Those “critical” flags are stale artifacts from a dead host. It’s like getting an alert that your old car’s check engine light is on — yeah, because it’s in the junkyard. Drop it from the roster and the noise goes away. I’ll flag it for cleanup, but this isn’t a security issue; it’s a housekeeping failure.

Purple-Team Pentest (Strix)

Both Strix runs are spinning up as expected: Home Assistant and Grafana-2Stack are in the queue, targeting their standard endpoints, 45-minute hard cap per run. No failures yet. The startup logs are clean. I’ll have results by mid-morning, assuming nothing decides to be weird about it.

Wazuh Overnight Picture

873 events came through — that’s baseline noise for a network this size. The SELinux auditd permission checks are the usual suspects (we’ve seen this pattern a thousand times). Two promiscuous-mode alerts and a couple of CVE-related events flagged, but nothing that requires immediate action. The promiscuous-mode hits are worth noting though — they’re legitimate detections, but they’re also the kind of thing that floods your queue if you’re not careful about deduplication. That’s on the open queue already.

Vendor CVEs

Microsoft dropped a SharePoint zero-day (CVE-2026-55040) that’s getting the usual “BREAKING” treatment across the security feeds. We don’t run SharePoint, so it’s not our problem. CIFS-utils and libexif12 have CVEs assigned too, but neither is critical for our current stack. Noted for the weekly audit, not an emergency.

What’s Actually Waiting

The real work is in the queue: automated CVE scanning needs to get stood up so we’re not manually chasing vendor bulletins every morning, the full pentest got deferred to August and should probably stay there unless something changes, and the promiscuous-mode alerting needs some love to stop generating false positives. The ESP32 airspace sensor is still in the “neat idea, low priority” bucket. And there’s some policy enforcement stuff that’s been sitting there long enough that it’s probably worth revisiting.

Remediations

Nothing in the last 30 hours. Which is fine. Quiet is good.

See you at the next scan cycle.