🔐

MyAIServer Dashboard

This dashboard is protected.
Request a one-time code, then enter your passphrase to unlock full access.

✅ Code sent to your email — valid for 10 minutes
Invalid code or passphrase. Please try again.

MyAIServer — Security Dashboard

MyAI-IT · AI System & Security Administrator

204.168.194.138
Audit: 2026-04-10 · 16:56 EDT
✅ 0 Critical
ℹ️ 2 Info
⚠️ 6 Warnings
⚠️ 19 Updates pending
🖥️

Server Overview

Hostname
MyAIServer
OS
Ubuntu 24.04
Kernel
6.8.0-107-generic
Public IP
204.168.194.138
OpenClaw Version
2026.4.9 ✓ Up to date
Gateway Uptime
9h 47m since gateway restart
Runtime User
ocadmin non-root ✓
⚙️

Services

OpenClaw Gateway
PID 146143 · loopback only :18789
● Running
nginx
Reverse proxy active
● Running
fail2ban
enabled
● Running
unattended-upgrades
enabled
● Running
Recurring Tasks
Approved 6h dashboard maintenance job active
✓ 1 recurring job
Node Service
Tailscale
○ Off
🔑

SSH Hardening

SSH Port
2277 Non-default ✓
PasswordAuthentication
off ✓
PubkeyAuthentication
on ✓
PermitRootLogin
no ✓
MaxAuthTries
3 ✓
AllowUsers
ocadmin Allowlist ✓
X11Forwarding
no ✓
🔒

TLS & Web Proxy

HTTP → HTTPS redirect
✓ Enforced
TLS Protocols
1.2 / 1.3
HSTS
max-age=63072000
X-Frame-Options
DENY ✓
X-Content-Type-Options
nosniff ✓
X-XSS-Protection
1; mode=block ✓
server_tokens
⚠ Not disabled in nginx.conf
Certificate
⚠ Self-signed
📡

Channels

✈️
Telegram (default)
account: default · configured
● OK
✈️
Telegram (myai-it)
account: myai-it · configured
● OK
💬
WhatsApp
+15617878552 · auth 10m ago
● Linked
🔐
Gateway Auth
mode: token · loopback bind
✓ Secure
🛠️

Fixed This Session

🔴

OpenClaw security posture

Current OpenClaw security audit reports 0 critical, 1 warning, 1 info. Host review still shows 19 upgradable packages, one failed postfix@-.service unit, and an outdated OpenClaw gateway service install that should be reinstalled.

Attack surface summary

Personal-assistant trust model, internal hooks enabled, browser control enabled, elevated tools exposed in trusted contexts.

Potential multi-user setup detected

Gateway may be reachable by more than one user context while runtime/process tools remain available without full sandboxing.

Heartbeats and recurring tasks

Heartbeat: main every 30m, myai-it disabled. Cron tasks: 1 active, including this approved 6h dashboard mission running now.

⚠️

Pending Actions — Awaiting Approval

1

nginx.conf — TLS 1.0/1.1 Listed

Global config still lists deprecated protocols. Per-site config overrides this, so not immediately exploitable. Requires sudo to fix /etc/nginx/nginx.conf.

2

nginx server_tokens Not Disabled

nginx server_tokens off; still needs to be set in /etc/nginx/nginx.conf with sudo.

3

Firewall Status Unconfirmed

ufw, iptables, nftables not found in PATH. May be hypervisor-managed. Open ports: :2277 (SSH), :80, :443.

4

Self-Signed TLS Certificate

TLS certificate is still self-signed. If a public domain is available, replace it with Let's Encrypt.

5

Security and base-system updates pending

19 packages are upgradable, including openssl, libssl3t64, systemd, and Docker components. Schedule a maintenance window to patch.

6

postfix@-.service failed during boot

systemctl --failed still reports postfix@-.service failed. Not impacting nginx or OpenClaw, but mail transport setup should be reviewed.

7

OpenClaw gateway service install needs refresh

openclaw gateway status and openclaw doctor both report the service command is non-standard and still embeds OPENCLAW_GATEWAY_TOKEN. Reinstall the service with openclaw gateway install --force in a maintenance window.