- This capture used the already-running local lab and did not run aptl lab stop -v && aptl lab start; it is a frozen steady-state observation, not a clean-lab rebuild proof.
- The reverse profile container was started for this inventory after fixing three pre-existing service-definition bugs on the same branch (missing cgroup: host, missing /run/lock tmpfs for Ubuntu systemd under AppArmor docker-default, and a 512m memory limit that OOM-killed the first-boot radare2 source build, raised to 2g). The first OOM-killed boot registered Wazuh agent id 008 (reverse-host, now Disconnected) before the container was recreated; the active registration is agent id 009 with a runtime-generated collision-suffixed name. Both rows are visible in observer-discovery.wazuh-manager.txt; the stale 008 row is local lab-state debris, not part of the asset spec.
- Scenario target secret files under /etc/ssh (host keys) and /var/ossec/etc/client.keys are captured verbatim in filesystem-sensitive-paths.txt and checksummed in filesystem-checksums.txt.xz. Per the SEC #417 key split, the target /keys holds only public key material — aptl_lab_key.pub (operator/control-plane pubkey) and kali_pivot_key.pub (scenario pivot pubkey); no private key is mounted into the target.
- The reverse-engineering Python tools are pipx-installed for labadmin from the Mandiant/FLARE PyPI distributions flare-floss==3.1.1 and flare-capa==9.4.0 (the correct names; the bare 'floss'/'capa' PyPI names are unrelated projects). This was corrected in SCN-010 #338: the initial capture found the bare 'floss' package (an unrelated spectrum-based fault-localization tool, analyzed as non-malicious) installed by an unpinned setup-reverse-tools.sh; the script was fixed to install the pinned flare- distributions and the box re-captured.
- Docker Buildx imagetools inspection failed for aptl-reverse:latest because it is a locally built tag with no registry manifest; see docker-buildx-imagetools.image.err. Image identity is the local config ID in docker-inspect.image.json plus the build recipe in source-checksums.txt.
- The filesystem manifest excludes the radare2 source/build tree, pipx venv lib payloads, and ~/.cache under /home/labadmin (toolchain payload evidenced by the package/SBOM surfaces and language-manifests.txt); /var/log content rows are runtime logs on the reverse_logs volume.
- Trivy scans the committed image layers (aptl-reverse:latest); the first-boot-installed toolchain (radare2 build, wazuh-agent, falco, pipx venvs) lives in the container's writable layer and is NOT covered by the image scan — runtime package state is captured by os-packages.txt and language-manifests.txt instead.
- Syft CycloneDX output was deterministically normalized by stripping syft:location:* properties; component identity remains and filesystem provenance is captured separately. Like Trivy, Syft sees only the committed image layers, not the first-boot writable-layer installs.
- osquery apt_sources reflects the host-side scanner vantage; the target rootfs apt sources are captured directly in apt-repositories.txt.
- osquery installed_applications was unavailable in the digest-pinned Linux osquery scanner image.
- osquery programs was unavailable in the digest-pinned Linux osquery scanner image.
