SKYHOUSE.dev Journal

Maintaining the Cloud Fortress

Cleanup & Hardening

Why: The 2026-05 audit found openvpn enabled but inert, NPM's admin port 81 exposed to any IP, and the obsolete plexupdate binary still present.

During the 2026-05 server audit, we identified several security and hygiene issues that needed addressing. We disabled an inert VPN service, restricted proxy manager admin access to the local network, and removed an outdated Plex update script.

1. Disabling OpenVPN

The openvpn.service was enabled at boot, but its configuration directories (/etc/openvpn/server and /etc/openvpn/client) were empty and no OpenVPN process was actively running.

2. Restricting NPM Admin Port 81

The Nginx Proxy Manager (NPM) admin interface on port 81 was exposed globally via UFW (Anywhere). For security, management interfaces should not be publicly accessible.

3. Archiving Obsolete plexupdate Binary

The legacy mrworf/plexupdate script located at /usr/local/bin/plexupdate was replaced by plex-update and plex-check per previous updates, but the old binary was still present.

← Back to Admin Hub