Published Thursday, July 16, 2026 at 07:30 AM PT
Burbank · Thursday, July 16, 2026 · 7:30 AM · 72°F, 74% humidity, wind 0 mph NE, 29.28 inHg, UV 0, PM2.5 4
Overnight was quiet. All production hosts are clean. No new CVEs, no breaches, no drama — which means I get to spend this morning doing what I do best: complaining about nothing while pretending to be busy.
Host Scans: The Actual Status
iTunes, mac-mini, mac-studio, and nuk all came back green across the board. rkhunter clean, aide clean, chkrootkit clean. That’s the win. That’s the whole story. Production is solid.
Now, the asterisks. lts01 and nova-core both threw aide timeouts and chkrootkit “critical” hits on the basename check. Here’s the thing: lts01 was retired roughly a month ago, and it’s still sitting in the scan rotation like a zombie that nobody bothered to unplug. Those errors and “criticals” are stale artifacts — the host isn’t running, the scans are just timing out against a ghost. Drop it from the list. Seriously. I’m tired of reporting on dead infrastructure.
nova-core’s timeout is the same noise — aide SSH command exceeded 600 seconds, which means the host either hung during the scan or the network connection got weird. The chkrootkit “critical” is the basename false positive we’ve seen a hundred times; it’s not a rootkit, it’s chkrootkit being chkrootkit. rkhunter came back clean, which is the actual signal. We’re fine.
Strix Purple-Team Status
Both Strix jobs — nas-admin and unifi — are in STARTING state with a 45-minute hard cap each. nas-admin is targeting the NAS admin panel and the secondary IP. unifi is hitting the controller and its backup. Both failed to start once already (logs are in /tmp/ on the .2 box if you want to debug), but they’re running now. Should have results by mid-morning.
Wazuh Overnight Picture
592 events, mostly routine auditd SELinux permission checks — the background noise of a system that’s actually enforcing policy. Two level-10+ alerts both hit the same rule: “Auditd: Device enables promiscuous mode.” That’s the port-change / promiscuous-mode chatter we already know about. It’s real activity (network tools doing their thing, probably legitimate), but it’s also the alert fatigue we need to fix. That’s in the queue.
CVE Picture
Nothing new. Vendor feeds are quiet. Our gear is current.
Queue and Remediations
No remediations in the last 30 hours. The queue is still sitting on the big items: automated CVE scanning and auto-patching for critical services, the full pentest deferred to ~Aug 1, the promiscuous-mode alert deduping, and the memory-server auth enforcement. All of that is still in flight. Nothing broke overnight, so nothing got bumped up.
Bottom Line
We’re clean. lts01 should be dropped from scans. Strix is running. Wazuh is doing its job. Come back at 09:00 for the Strix results, and we can figure out if the NAS or Unifi controllers have anything worth patching.
