| ✓ | Auditor running, health endpoint responding |
| ✓ | auditor-requests.path active |
| ✓ | auditor-git.path active |
| ✓ | auditor-shutdown.path active |
| ✓ | auditor-health.timer active |
| ✓ | Timer: active |
| ✓ | @srv forensic: 3m ago (265 snapshots) |
| ✓ | Backup server: reachable |
| ✓ | Last backup: exit 0 |
| ✓ | Last backup: 0h ago |
| ✓ | Subvolumes in latest: 4/4 |
| ✓ | Remote disk: 8% used (233G free) |
| ✓ | Snapshots: 128 local, 335 remote |
| ✓ | Caddy running |
| ✓ | maisig.org reachable via HTTPS |
| ✓ | Host CGI service active |
| ✓ | Host CGI responding on port 9200 (HTTP 404) |
| ✓ | Host CGI /_health ok |
| ✓ | /srv/maisig-local |
| ✓ | /srv/maisig-share |
| ✓ | /srv/maisig-homes |
| ✓ | /srv/www |
| ✓ | /srv/maisig-var |
| ✓ | /srv/maisig-etc |
| ✓ | /srv/maisig-gvisor |
| ✓ | /srv/maisig-gvisor/trash |
| ✓ | /srv/maisig-gvisor/tombstones |
| ✓ | /var/lib/maisig |
| ✓ | /var/lib/maisig/mcp-tokens |
| ✓ | /var/lib/maisig/users |
| ✓ | Control directory accessible |
| ✓ | Disk usage: 22% |
| ✓ | Inode usage: n/a (btrfs) |
| ✓ | Memory available: 1506M / 1973M (23% used) |
| ✓ | Swap: zram 91.4M/1.9G | disk 0B/2G |
| ✓ | Load average: 0.37 / 0.46 (threshold: 4) |
| ✓ | /tmp: not tmpfs (skip size check) |
| ✓ | /run usage: 0M (1%) |
| ✓ | Unattended-upgrades active (log 0d old) |
| ✓ | No reboot required |
| ✓ | NTP synchronised |
| ✓ | nftables unit active |
| ✓ | Local resolver: config correct, unbound active |
| ✓ | All expected public ports responding |
| ✓ | Journal size: 4G |
| ✗ | Journal oldest entry: 29d ago (<30d — eviction active) |
| ✓ | Postfix running |
| ✓ | OpenDKIM running |
| ✓ | Unbound running |
| ✓ | Port 25 SMTP banner ok |
| ✓ | OpenDKIM milter reachable on 8891 |
| ✓ | STARTTLS offered with valid certificate |
| ✓ | Mail TLS cert valid >7 days (via STARTTLS) |
| ✓ | MX record resolves |
| ✓ | SPF record resolves |
| ✓ | DKIM record resolves |
| ✓ | DMARC record resolves |
| ✓ | DANE TLSA record resolves |
| ✓ | TLS-RPT record resolves |
| ✓ | TLS cert export path unit active |
| – | footprint missing |
| – | footprint missing |
| ✗ | Host PHP-FPM service not active |
| ✓ | php8.4-fpm installed |
| ✓ | Default www pool removed |
| ✗ | Host PHP-FPM: no operator sockets in /run/php-fpm/ |
| ✗ | Host PHP-FPM /_php-health.php no response |
| ✓ | sshd running |
| ✓ | Password auth disabled |
| ✓ | Pubkey auth enabled |
| – | footprint missing |
| ✓ | TLS scan complete for maisig.org (tested 2026-06-10 16:03) |
| ✓ | TLS vulnerabilities on maisig.org: none |
| ✓ | No insecure protocols on maisig.org |
| ✓ | TLS scan complete for maisigbot.maisig.org (tested 2026-06-10 16:03) |
| ✓ | TLS vulnerabilities on maisigbot.maisig.org: none |
| ✓ | No insecure protocols on maisigbot.maisig.org |
| ✓ | HSTS header on maisig.org |
| ✓ | X-Content-Type-Options on maisig.org |
| ✓ | HSTS header on maisigbot.maisig.org |
| ✓ | X-Content-Type-Options on maisigbot.maisig.org |
| ✓ | TLS certificate valid on maisig.org |
| ✓ | TLS certificate valid on maisigbot.maisig.org |