Glass Box Security

Don't trust us.
Verify us.

Every week, our server runs a battery of security scans and publishes the raw results here. No editing. No cherry-picking. You get the same output our team sees. This is what "open source security" actually means.

Latest Scan Results

Last Run

Lynis Score

Rootkit Scan

File Integrity

Warrant Canary

Security Reports

Lynis Security Audit

Full system security audit covering SSH configuration, firewall rules, installed software, file permissions, kernel parameters, and 200+ other checks. Produces a hardening index score out of 100.

Tool: lynis Frequency: Weekly Target score: 70+

View Report

Rootkit Hunter Scan

Scans for 498+ known rootkits, backdoors, and trojans. Verifies system binaries haven't been replaced with malicious versions. Secondary validation that the server hasn't been compromised.

Tool: rkhunter Frequency: Weekly Rootkits checked: 498+

View Report

AIDE File Integrity Check

Compares current system files against a cryptographic baseline to detect unauthorized changes. Any modification to a system binary, config file, or critical path is logged and reported.

Tool: aide Frequency: Weekly Method: SHA-256 + MD5

View Report

Server Filesystem Snapshot

Daily snapshot of the complete server filesystem tree -- every file, directory, and permission. Compare against previous snapshots to track exactly what changed and when.

Frequency: Daily Format: Plain text tree

View Snapshot

Warrant Canary

A signed statement confirming Open Source Security Inc. has not received any national security letters, FISA orders, court orders for user data, gag orders, or requests to insert backdoors or weaken encryption. Updated weekly with the security audit cycle. If this statement is absent or has not been updated within 14 days, consider the canary inactive and act accordingly.

Frequency: Weekly Grace period: 14 days Last updated: Loading...

View Canary

What We Publish Publicly

🔍

Live Server Metrics

CPU, RAM, disk, and network usage updating every 5 seconds. status.va01.oss-vpn.net

🧱

DNS + IP Blocklists

The exact lists blocking malicious domains and IPs on your connection. dns-combined.txt | ip-combined.txt

📁

Full Filesystem Tree

Every file on this server. Updated daily. See exactly what's installed. server-snapshot.txt

📋

Security Scan Reports

Weekly Lynis, rkhunter, and AIDE output -- unfiltered. The reports on this page.

💻

Source Code

All server configuration scripts and blocklist tooling on Forgejo. opensourcesecurity-inc/safenet

🐦

Warrant Canary

Weekly confirmation that we have not received secret government orders. warrant-canary.txt

Verify It Yourself

Don't take our word for it. Pull the reports and check them yourself.

# Download and inspect the Lynis report
curl -s https://status.va01.oss-vpn.net/verify/lynis-report.txt | grep "hardening_index"

# Check when reports were last generated
curl -s https://status.va01.oss-vpn.net/verify/meta.json | python3 -m json.tool

# Confirm no rootkits found
curl -s https://status.va01.oss-vpn.net/verify/rkhunter-report.txt | grep -i "rootkit"

# See what files exist on the server
curl -s https://status.va01.oss-vpn.net/verify/server-snapshot.txt | head -100

# Check the warrant canary
curl -s https://status.va01.oss-vpn.net/verify/warrant-canary.txt
    

All reports are plain text. No accounts, no JavaScript required. If something looks wrong, email us -- we want to know.

Don't trust us.Verify us.

Security Reports

What We Publish Publicly

Verify It Yourself

Don't trust us.
Verify us.