Skip to content

Security Posture

All critical security issues resolved.

Resolved

  • UFW active (deny incoming), EPMD removed
  • NAT mode in wsl.conf (intentional β€” set by harden.sh)
  • Discord bot token rotated Apr 2026 (~/.hermes/.env, chmod 600)
  • File permissions 600 on: ~/.hermes/.env, ~/.hermes/config.yaml, project .env files
  • WSL auto-start via wsl-startup.vbs in Windows Startup folder
  • hermes-gateway.service enabled (preset: enabled)
  • appendWindowsPath=false in wsl.conf (intentional)

Intentional Decisions

  • Docker group membership kept β€” Adam needs Docker access for assistant tools
  • NAT mode preferred over mirrored for WSL networking

Remaining (Windows-only)

  • Windows auto-logon registry keys need admin PowerShell (HKLM inaccessible from WSL)
  • Keys: AutoAdminLogon=1, DefaultUserName="Dell 5520", DefaultDomainName="DESKTOP-G4VGIC6", DefaultPassword=""

Monitoring

  • Daily 7am cron runs security-audit skill (job 074b4cdc3ed7)
  • DevicePasswordLessBuildVersion=2 in registry hides netplwiz checkbox (user removed Windows password instead)

Rule

Never store secrets in filesystem memory. Use .env with 600 perms.

  • [[Bio Bridge]]
  • [[Hermes Infrastructure]]
  • [[LLM Judge Standard]]