================================================================================
SAFENET CHICAGO 01 - FILESYSTEM VERIFICATION SNAPSHOT
Open Source Security, Inc. - https://git.opensourcesecurity.net/opensourcesecurity/safenet
================================================================================

Generated:  2026-03-15 03:30:01 EST
Hostname:   oss-safenet-chi-01
Uptime:     1 week, 4 days, 3 hours, 7 minutes
Kernel:     6.8.0-101-generic

This file is automatically generated daily at 5:00 AM EST.
Compare against: https://git.opensourcesecurity.net/opensourcesecurity/safenet

================================================================================
FILE CHECKSUMS (SHA-256)
================================================================================
Verify these hashes match the files published on Forgejo.
Only configuration files are checksummed. Private keys, customer data,
and log files are excluded.

/etc/wireguard/wg0.conf [Interface only]                c36adb87ba37d3c28c6712b7e314786baad2a691dff9475573a848ad82a5a73c
/etc/unbound/unbound.conf                               8808b474175ff8eeebecbf407f9091fd73f65c4a43a6ee212e8ae2d9f80778f8
/etc/unbound/unbound.conf.d/safenet.conf                74427ad48f3842e9f24fdc684fe9688a456ca74380f228514d04d139d27ad15b
/etc/unbound/unbound.conf.d/oss-blocklist.conf          8ad186de93327d579ac77758a5ad0b1e172b3095a7b833506a3bfeb1f3eeb876
/etc/unbound/unbound.conf.d/streaming-blocks.conf       4624c1206a27c453a80645c291bf45314e69ff367993e2090e6f6bc8873e5c5b
/etc/nginx/sites-available/oss-blocklist.net            6438a3122a66a1b0e0eeaa7137c12d48835ae4baf0b2b64ea40fbe5f502fcf1a
/etc/nginx/sites-available/status.oss-vpn.net           907f67140b8cdc44dfb43352abdd14037f3424bf072e07962dbed234d7e432ac
/etc/nginx/sites-available/ntfy.chi.oss-vpn.net         a244d501f9e543873f16c774e255812e2b21a25e077b4cfbcb54fd49e6d04066
/etc/nginx/nginx.conf                                   48c6a4ec1e1fd28ccf968490f07e34a1d7f755793b2108a3ed8670b1ee2a0aa2
/etc/iptables/rules.v4                                  360bebfe068d07e05cac79fb2fb9896c4bf58ab07fd2adf9ff4504554e7151c9
/etc/iptables/rules.v6                                  f4e427fd8895c4835bb28335827e7f58f30721baef2182c29702a6c948d70e3d
/etc/iptables/ipsets                                    0e04470aad6162a571550cc86f4e4312acee01cf7a152677a38487b6c4abbc62
/etc/fail2ban/jail.local                                f5d0283fb94e496baec21d050027e621200b1238665d66f4d338d32b299d258a
/etc/ssh/sshd_config                                    30d2dac64c52f2edc872cf96b77fd4de754ed70b2f7195f47396204a17c6fc33
/etc/sysctl.conf                                        97c5b93ecd5329df5318b981bbf78117a8bbc1c3644603dc65d0226fc54a340a
/opt/oss-blocklists/scripts/update-dns-blocklist.sh     c2f8b73e0e0496eb799aaed7495cdcddb3217a7d5091bfbd71b3815b4294326b
/opt/oss-blocklists/scripts/update-ip-blocklist.sh      f823fea16fc406e0b1e72361ca4703aec4a55d77f9a58d48a61c789c766acb2e
/opt/oss-blocklists/scripts/update-safenet-dns.sh       193ab810603e75892c4f08124532de290dfe53e32c093b643720d35978f5e70b
/opt/oss-blocklists/scripts/update-safenet-ips.sh       8675f1bc4a2d640af52b7c4dba65f771761759b985aeafad3052b7307d7b0428
/opt/oss-blocklists/scripts/whitelist-manager.sh        3144992ab1e6b5549d4172d47a254cd99148b03e6442f48772f3cf8cd3e8453f
/var/www/status/index.html                              b96971650115e24cc3a8b124293a8aa5907591f087a9cf53a7e5de02e3331837

================================================================================
DIRECTORY STRUCTURE
================================================================================
Tree output excludes: private keys, customer data, log file contents.
File names are shown but contents are not exposed.

--- /etc/wireguard ---
/etc/wireguard
└── wg0.conf

--- /etc/unbound ---
/etc/unbound
├── unbound.conf
└── unbound.conf.d
    ├── oss-blocklist.conf
    ├── remote-control.conf
    ├── root-auto-trust-anchor-file.conf
    ├── safenet.conf
    └── streaming-blocks.conf

--- /etc/nginx/sites-available ---
/etc/nginx/sites-available
├── default
├── ntfy.chi.oss-vpn.net
├── oss-blocklist.net
├── status.oss-vpn.net
└── status.oss-vpn.net.bak

--- /etc/nginx/sites-enabled ---
/etc/nginx/sites-enabled
├── default -> /etc/nginx/sites-available/default
├── ntfy.chi.oss-vpn.net -> /etc/nginx/sites-available/ntfy.chi.oss-vpn.net
├── oss-blocklist.net -> /etc/nginx/sites-available/oss-blocklist.net
└── status.oss-vpn.net -> /etc/nginx/sites-available/status.oss-vpn.net

--- /etc/iptables ---
/etc/iptables
├── ipsets
├── rules.v4
└── rules.v6

--- /etc/systemd/system ---
/etc/systemd/system
├── chronyd.service -> /usr/lib/systemd/system/chrony.service
├── cloud-final.service.wants
│   └── snapd.seeded.service -> /usr/lib/systemd/system/snapd.seeded.service
├── cloud-init.target.wants
│   ├── cloud-config.service -> /usr/lib/systemd/system/cloud-config.service
│   ├── cloud-final.service -> /usr/lib/systemd/system/cloud-final.service
│   ├── cloud-init-hotplugd.socket -> /usr/lib/systemd/system/cloud-init-hotplugd.socket
│   ├── cloud-init-local.service -> /usr/lib/systemd/system/cloud-init-local.service
│   └── cloud-init.service -> /usr/lib/systemd/system/cloud-init.service
├── dbus-org.freedesktop.ModemManager1.service -> /usr/lib/systemd/system/ModemManager.service
├── dbus-org.freedesktop.resolve1.service -> /usr/lib/systemd/system/systemd-resolved.service
├── dbus-org.freedesktop.thermald.service -> /usr/lib/systemd/system/thermald.service
├── dbus-org.freedesktop.timesync1.service -> /usr/lib/systemd/system/systemd-timesyncd.service
├── display-manager.service.wants
│   └── gpu-manager.service -> /usr/lib/systemd/system/gpu-manager.service
├── emergency.target.wants
│   └── grub-initrd-fallback.service -> /usr/lib/systemd/system/grub-initrd-fallback.service
├── final.target.wants
│   └── snapd.system-shutdown.service -> /usr/lib/systemd/system/snapd.system-shutdown.service
├── getty.target.wants
│   └── getty@tty1.service -> /usr/lib/systemd/system/getty@.service
├── graphical.target.wants
│   └── udisks2.service -> /usr/lib/systemd/system/udisks2.service
├── hibernate.target.wants
│   └── grub-common.service -> /usr/lib/systemd/system/grub-common.service
├── hybrid-sleep.target.wants
│   └── grub-common.service -> /usr/lib/systemd/system/grub-common.service
├── ip6tables.service -> /usr/lib/systemd/system/netfilter-persistent.service
├── iptables.service -> /usr/lib/systemd/system/netfilter-persistent.service
├── iscsi.service -> /usr/lib/systemd/system/open-iscsi.service
├── mdmonitor.service.wants
│   ├── mdcheck_continue.timer -> /usr/lib/systemd/system/mdcheck_continue.timer
│   ├── mdcheck_start.timer -> /usr/lib/systemd/system/mdcheck_start.timer
│   └── mdmonitor-oneshot.timer -> /usr/lib/systemd/system/mdmonitor-oneshot.timer
├── multi-user.target.wants
│   ├── apport.service -> /usr/lib/systemd/system/apport.service
│   ├── chrony.service -> /usr/lib/systemd/system/chrony.service
│   ├── console-setup.service -> /usr/lib/systemd/system/console-setup.service
│   ├── cron.service -> /usr/lib/systemd/system/cron.service
│   ├── dmesg.service -> /usr/lib/systemd/system/dmesg.service
│   ├── e2scrub_reap.service -> /lib/systemd/system/e2scrub_reap.service
│   ├── fail2ban.service -> /usr/lib/systemd/system/fail2ban.service
│   ├── grub-common.service -> /usr/lib/systemd/system/grub-common.service
│   ├── grub-initrd-fallback.service -> /usr/lib/systemd/system/grub-initrd-fallback.service
│   ├── lxd-installer.socket -> /usr/lib/systemd/system/lxd-installer.socket
│   ├── ModemManager.service -> /usr/lib/systemd/system/ModemManager.service
│   ├── monit.service -> /usr/lib/systemd/system/monit.service
│   ├── netdata.service -> /usr/lib/systemd/system/netdata.service
│   ├── netfilter-persistent.service -> /usr/lib/systemd/system/netfilter-persistent.service
│   ├── networkd-dispatcher.service -> /usr/lib/systemd/system/networkd-dispatcher.service
│   ├── nginx.service -> /usr/lib/systemd/system/nginx.service
│   ├── ntfy.service -> /usr/lib/systemd/system/ntfy.service
│   ├── open-vm-tools.service -> /usr/lib/systemd/system/open-vm-tools.service
│   ├── pollinate.service -> /usr/lib/systemd/system/pollinate.service
│   ├── postfix.service -> /usr/lib/systemd/system/postfix.service
│   ├── remote-fs.target -> /usr/lib/systemd/system/remote-fs.target
│   ├── rsyslog.service -> /usr/lib/systemd/system/rsyslog.service
│   ├── safenet-admin.service -> /etc/systemd/system/safenet-admin.service
│   ├── secureboot-db.service -> /usr/lib/systemd/system/secureboot-db.service
│   ├── snapd.apparmor.service -> /usr/lib/systemd/system/snapd.apparmor.service
│   ├── snapd.autoimport.service -> /usr/lib/systemd/system/snapd.autoimport.service
│   ├── snapd.core-fixup.service -> /usr/lib/systemd/system/snapd.core-fixup.service
│   ├── snapd.recovery-chooser-trigger.service -> /usr/lib/systemd/system/snapd.recovery-chooser-trigger.service
│   ├── snapd.seeded.service -> /usr/lib/systemd/system/snapd.seeded.service
│   ├── snapd.service -> /usr/lib/systemd/system/snapd.service
│   ├── ssl-cert.service -> /usr/lib/systemd/system/ssl-cert.service
│   ├── sysstat.service -> /usr/lib/systemd/system/sysstat.service
│   ├── systemd-networkd.service -> /lib/systemd/system/systemd-networkd.service
│   ├── thermald.service -> /usr/lib/systemd/system/thermald.service
│   ├── ua-reboot-cmds.service -> /usr/lib/systemd/system/ua-reboot-cmds.service
│   ├── ubuntu-advantage.service -> /usr/lib/systemd/system/ubuntu-advantage.service
│   ├── ufw.service -> /usr/lib/systemd/system/ufw.service
│   ├── unattended-upgrades.service -> /usr/lib/systemd/system/unattended-upgrades.service
│   ├── unbound.service -> /usr/lib/systemd/system/unbound.service
│   ├── vnstat.service -> /usr/lib/systemd/system/vnstat.service
│   ├── wg-control.service -> /etc/systemd/system/wg-control.service
│   └── wg-quick@wg0.service -> /usr/lib/systemd/system/wg-quick@.service
├── netdata-updater.timer -> /dev/null
├── network-online.target.wants
│   └── systemd-networkd-wait-online.service -> /lib/systemd/system/systemd-networkd-wait-online.service
├── oem-config.service.wants
│   └── gpu-manager.service -> /usr/lib/systemd/system/gpu-manager.service
├── open-vm-tools.service.requires
│   └── vgauth.service -> /usr/lib/systemd/system/vgauth.service
├── paths.target.wants
│   ├── apport-autoreport.path -> /usr/lib/systemd/system/apport-autoreport.path
│   └── tpm-udev.path -> /usr/lib/systemd/system/tpm-udev.path
├── rescue.target.wants
│   └── grub-initrd-fallback.service -> /usr/lib/systemd/system/grub-initrd-fallback.service
├── safenet-admin.service
├── safenet-admin.service.backup-20260101
├── sleep.target.wants
│   └── grub-initrd-fallback.service -> /usr/lib/systemd/system/grub-initrd-fallback.service
├── sockets.target.wants
│   ├── apport-forward.socket -> /usr/lib/systemd/system/apport-forward.socket
│   ├── dm-event.socket -> /usr/lib/systemd/system/dm-event.socket
│   ├── iscsid.socket -> /usr/lib/systemd/system/iscsid.socket
│   ├── multipathd.socket -> /usr/lib/systemd/system/multipathd.socket
│   ├── snapd.socket -> /usr/lib/systemd/system/snapd.socket
│   ├── ssh.socket -> /usr/lib/systemd/system/ssh.socket
│   ├── systemd-networkd.socket -> /lib/systemd/system/systemd-networkd.socket
│   └── uuidd.socket -> /usr/lib/systemd/system/uuidd.socket
├── sshd-keygen@.service.d
│   └── disable-sshd-keygen-if-cloud-init-active.conf
├── ssh.service.requires
│   └── ssh.socket -> /usr/lib/systemd/system/ssh.socket
├── suspend.target.wants
│   └── grub-common.service -> /usr/lib/systemd/system/grub-common.service
├── suspend-then-hibernate.target.wants
│   └── grub-common.service -> /usr/lib/systemd/system/grub-common.service
├── sysinit.target.wants
│   ├── apparmor.service -> /usr/lib/systemd/system/apparmor.service
│   ├── blk-availability.service -> /usr/lib/systemd/system/blk-availability.service
│   ├── finalrd.service -> /usr/lib/systemd/system/finalrd.service
│   ├── keyboard-setup.service -> /usr/lib/systemd/system/keyboard-setup.service
│   ├── lvm2-lvmpolld.socket -> /usr/lib/systemd/system/lvm2-lvmpolld.socket
│   ├── lvm2-monitor.service -> /usr/lib/systemd/system/lvm2-monitor.service
│   ├── multipathd.service -> /usr/lib/systemd/system/multipathd.service
│   ├── open-iscsi.service -> /usr/lib/systemd/system/open-iscsi.service
│   ├── setvtrgb.service -> /usr/lib/systemd/system/setvtrgb.service
│   ├── systemd-pstore.service -> /usr/lib/systemd/system/systemd-pstore.service
│   ├── systemd-resolved.service -> /usr/lib/systemd/system/systemd-resolved.service
│   └── systemd-timesyncd.service -> /usr/lib/systemd/system/systemd-timesyncd.service
├── syslog.service -> /usr/lib/systemd/system/rsyslog.service
├── sysstat.service.wants
│   ├── sysstat-collect.timer -> /usr/lib/systemd/system/sysstat-collect.timer
│   └── sysstat-summary.timer -> /usr/lib/systemd/system/sysstat-summary.timer
├── timers.target.wants
│   ├── apport-autoreport.timer -> /usr/lib/systemd/system/apport-autoreport.timer
│   ├── apt-daily.timer -> /lib/systemd/system/apt-daily.timer
│   ├── apt-daily-upgrade.timer -> /lib/systemd/system/apt-daily-upgrade.timer
│   ├── certbot.timer -> /usr/lib/systemd/system/certbot.timer
│   ├── chkrootkit.timer -> /usr/lib/systemd/system/chkrootkit.timer
│   ├── dailyaidecheck.timer -> /usr/lib/systemd/system/dailyaidecheck.timer
│   ├── dpkg-db-backup.timer -> /lib/systemd/system/dpkg-db-backup.timer
│   ├── e2scrub_all.timer -> /lib/systemd/system/e2scrub_all.timer
│   ├── fstrim.timer -> /lib/systemd/system/fstrim.timer
│   ├── fwupd-refresh.timer -> /usr/lib/systemd/system/fwupd-refresh.timer
│   ├── logrotate.timer -> /usr/lib/systemd/system/logrotate.timer
│   ├── lynis.timer -> /usr/lib/systemd/system/lynis.timer
│   ├── man-db.timer -> /usr/lib/systemd/system/man-db.timer
│   ├── motd-news.timer -> /lib/systemd/system/motd-news.timer
│   ├── snapd.snap-repair.timer -> /usr/lib/systemd/system/snapd.snap-repair.timer
│   ├── ua-timer.timer -> /usr/lib/systemd/system/ua-timer.timer
│   ├── update-notifier-download.timer -> /usr/lib/systemd/system/update-notifier-download.timer
│   └── update-notifier-motd.timer -> /usr/lib/systemd/system/update-notifier-motd.timer
├── unbound.service.wants
│   └── unbound-resolvconf.service -> /usr/lib/systemd/system/unbound-resolvconf.service
├── vmtoolsd.service -> /usr/lib/systemd/system/open-vm-tools.service
└── wg-control.service

--- /opt/oss-blocklists ---
/opt/oss-blocklists
├── logs
├── output
│   ├── dns
│   │   ├── combined.txt
│   │   └── whitelist.txt
│   ├── ip
│   │   └── ip-combined.txt
│   └── threats
├── scripts
│   ├── daily-blocklist-report.sh
│   ├── generate-security-reports.sh
│   ├── update-dns-blocklist.sh
│   ├── update-ip-blocklist.sh
│   ├── update-safenet-dns.sh
│   ├── update-safenet-ips.sh
│   └── whitelist-manager.sh
└── sources
    └── oss-custom-additions.txt

--- /var/www/oss-blocklists ---
/var/www/oss-blocklists
├── dns-combined.txt
├── dns-whitelist.txt
├── ip-combined.txt
└── verify
    ├── aide-report.txt
    ├── index.html
    ├── lynis-report.txt
    ├── meta.json
    ├── rkhunter-report.txt
    └── server-snapshot.txt

--- /var/www/status ---
/var/www/status
├── assets
├── index.html
└── vpn-count.txt

================================================================================
SERVICE STATUS
================================================================================
WireGuard (wg0):     active
Unbound DNS:         active
nginx:               active
fail2ban:            active
Netdata:             active
Monit:               active
DNS Blocklist:       1423597 domains
IP Blocklist:        42391 addresses

================================================================================
VERIFICATION INSTRUCTIONS
================================================================================
1. Review the checksums and directory structure above
2. Source repo: https://git.opensourcesecurity.net/opensourcesecurity/safenet
3. For live verification, contact OSS support: support@opensourcesecurity.net

SafeNet operates on "verify, don't trust" - every claim is inspectable.
================================================================================