Skip to content

Security cleanup: rotate credentials and purge removed BASED objects #17

Description

@Deadbytes101

Purpose

Complete the security cleanup caused by the temporary raw HiveOS filesystem import that was removed from performance/randomx-sustained-hash.

The production branch and PR no longer reference the dump, but unreachable Git objects may remain retrievable until GitHub garbage collection or support-side purge completes. Treat all credentials copied from that machine as exposed.

Required rotation

  • Regenerate every SSH host key on the source HiveOS machine
  • Replace the source machine root password
  • Rotate any user passwords copied from /etc/shadow
  • Rotate pool/worker passwords or tokens found in miner configuration
  • Review API keys, VPN material, certificates, and private keys from the imported filesystem
  • Remove stale client known_hosts entries only after verifying the newly generated fingerprint locally

Repository cleanup

  • Force-reset the production branch to the last authoritative commit before the dump
  • Confirm PR RandomX sustained-hash performance authority #15 no longer contains the raw filesystem tree
  • Replace the imported SSH behavior with a RIGOS-native persistent host-key authority
  • Request GitHub Support removal of the unreachable sensitive objects if immediate purge is required
  • Re-clone or prune local repositories that fetched the removed objects
  • Confirm no fork, branch, tag, release, artifact, cache, or backup still references the dump

Acceptance evidence

Record only fingerprints, timestamps, and completion status. Do not paste private keys, password hashes, recovery codes, or access tokens into this issue.

This issue is separate from the physical persistence gate in #12 and the RandomX performance work in PR #15.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions