{{ card_header("persistence & tampering — SSH keys · hosts file · privileges") }}
{% if data and data.any %}
{# ---------- SSH authorized keys ---------- #}
{{ subhead("SSH authorized keys", data.counts.ssh_keys) }}
{% if data.ssh_keys %}
| verdict |
account |
type |
fingerprint |
comment |
restrictions |
{% for k in data.ssh_keys %}
| {{ verdict_pill(k) }} |
{{ k.owner }} |
{{ k.key_type }} |
{{ k.fingerprint or "—" }} |
{{ k.comment or "—" }} |
{{ k.options or "none" }} |
{% endfor %}
{% else %}
no authorized keys found
{% endif %}
{# ---------- /etc/hosts ---------- #}
{{ subhead("/etc/hosts mappings", data.counts.hosts) }}
{% if data.hosts %}
| verdict |
ip |
hostnames |
why |
{% for hrow in data.hosts %}
| {{ verdict_pill(hrow) }} |
{{ hrow.ip }} |
{{ hrow.hostnames }} |
{{ hrow.reasoning }} |
{% endfor %}
{% else %}
no host mappings found
{% endif %}
{# ---------- privilege config ---------- #}
{{ subhead("privilege config", data.counts.privilege) }}
{% if data.privilege %}
| verdict |
kind |
subject |
detail |
source |
{% for p in data.privilege %}
| {{ verdict_pill(p) }} |
{{ p.kind }} |
{{ p.subject }} |
{{ p.detail }} |
{{ p.source_path }} |
{% endfor %}
{% else %}
no privilege entries found
{% endif %}
{% else %}
no persistence data yet — these collectors read SSH
authorized_keys,
/etc/hosts and privilege config; run the
monitor (with sudo for full visibility)
and let a cycle complete.
{% endif %}