Tech Log-Networking the LAN and cybersecurity

Tech Log Entry — Cybersecurity Hardening Of System for Coding Agent (Claude Code)

(Or, Bitwarden Password Manager + ClamAV Antivirus Across a 3-Machine Homelab LAN)


Background and Context

This entry documents a cybersecurity hardening session across all three machines in my homelab LAN: one Windows 11 desktop ([desktop]) and two Linux Mint laptops ([laptop #1] and [laptop #2]). The session was part of a broader initiative to get Claude Code running securely on [laptop #2], and to establish sound security practices across the LAN before moving on to SSH/SFTP/rsync backup configuration.

The three machines are connected via a TP-Link TL-SG105 5-port gigabit unmanaged switch on an isolated local subnet (192.168.x.x), separate from the home Wi-Fi network. Internet access on all three machines remains via Wi-Fi only; the switch is used exclusively for local LAN communication and file transfers.

Prior security state before this session:

  • [desktop]: BitDefender Antivirus Plus + BitDefender VPN Premium (active, paid)

  • [laptop #2]: No antivirus (BitDefender does not support Linux)

  • [laptop #1]: No antivirus (BitDefender does not support Linux)

  • All 3 machines: No dedicated password manager; Chrome's built-in password manager in use on [desktop]

Initial Goals

  • Replace Chrome's built-in credential storage with a dedicated cross-platform password manager on [desktop]

  • Migrate existing saved passwords from Chrome into the new manager

  • Install antivirus on both Linux Mint laptops

  • Configure scheduled automated scans on both Linux machines

  • Complete prerequisite security hardening before activating Claude Code on [laptop #2]

Hardware Used

  • Desktop [desktop]: Lenovo Legion T5, Windows 11 Home, i7 11th gen, 16 GB RAM, RTX 3060

  • Laptop [laptop #1]: Lenovo IdeaPad 3, Linux Mint (Cinnamon), i3, 8 GB RAM

  • Laptop [laptop #2]: Dell Latitude Ultrabook, Linux Mint, i7, 16 GB RAM

  • iPhone 12: used for 2FA authenticator

  • TP-Link TL-SG105 5-port gigabit switch (homelab LAN)

Software Installed

  • Bitwarden: password manager — desktop app + Chrome extension on [desktop]; mobile app on iPhone 12

  • ClamAV (free, open-source): antivirus engine — installed on [laptop #1] and [laptop #2]

  • ClamTk 6.07 (free): GUI frontend for ClamAV — installed on [laptop #1] and [laptop #2]

  • Microsoft Authenticator (already installed on iPhone): used for Bitwarden 2FA

  • LLM used for guidance and troubleshooting: Claude Sonnet 4.6

On the Choice of ClamAV

BitDefender Antivirus Plus does not support Linux. ClamAV is the industry-standard open-source antivirus for Linux desktop use. BitDefender provides real-time commercial protection on Windows; ClamAV provides scheduled on-demand scanning on Linux. Both are good tools for their respective platforms. BitDefender was removed from [laptop #2] and [laptop #1] in the account dashboard — it had no functional presence on those machines anyway.

Part 1: Bitwarden on [desktop] (Windows 11)

  • Created Bitwarden account with a 20-character master password; written on physical media kept in safe place (same as with Apple ADP recovery key)

  • Installed desktop app and Chrome extension on [desktop]; mobile app on iPhone 12

  • Enabled 2FA via Microsoft Authenticator app

  • Disabled Chrome's built-in password autofill (prevents conflicts between two credential managers)

  • Exported Chrome's saved passwords as .csv; imported into Bitwarden (~300 entries migrated successfully)

  • Deleted .csv file immediately after import and emptied Recycle Bin

Bitwarden security audit:

  • Data Breach report: 9 breaches found; review showed all 9 accounts had passwords changed more recently than their breach dates; 2FA enabled on all applicable accounts

  • Exposed Passwords report: several flagged; passwords changed immediately

  • Reused Passwords report: duplicates found, primarily financial institution subdomains (this is normal behavior for banks using multiple subdomains); non-financial reused passwords flagged for ongoing cleanup

  • Weak Passwords report: none found

Part 2: ClamAV on [laptop #1] (Linux Mint)

Installed ClamAV on [laptop #1].

  • freshclam service confirmed active; virus definitions downloaded and verified (daily, main, bytecode databases)

  • NotifyClamd warning noted — expected and harmless on desktop installs without a persistent clamd daemon

  • ClamTk 6.07 opened successfully

  • Settings enabled: scan files beginning with a dot, files larger than 20 MB, recursive scan, PUA scanning, heuristic scanning

Scheduler note: ClamTk's GUI scheduler did not visibly confirm saved times (known bug in 6.x). Verified via crontab -l that ClamTk had in fact written a correct entry automatically. Modified scan time from midnight to 3:33 AM. Final crontab: daily clamscan of /home/mjteegarden with appropriate directory exclusions, dated logs saved to ~/.clamtk/history/.

Initial scan — 1 detection:

  • /home/mjteegarden/Documents/TECH_DOCS/language-python/python-3.11.3-amd64.exe — Win.Dropper.Zard-10029389-0

  • Assessment: false positive; legitimate Windows Python installer inadvertently copied from [desktop] during a file transfer; no function on Linux

  • Action: deleted

  • Rescan confirmed 0 detections

Part 3: ClamAV on [laptop #2] (Linux Mint)

Setup identical to [laptop #1]. Usernames on [laptop #1] and [laptop #2] are different.

  • freshclam service confirmed active; all databases updated and verified

  • ClamTk settings enabled same as [laptop #1]

  • Crontab was empty on [laptop #2]; manually entered cron line with correct username substituted (nano editor)

  • Trailing # character found at end of saved crontab entry; removed

Initial scan — 3 detections, all false positives:

File

Signature

Assessment

~/.config/Code/CachedExtensionVSIXs/github.copilot-chat-0.44.1

pua.win.trojan.xored-1

GitHub Copilot extension; obfuscated JS triggers signature; legitimate

~/.vscode/extensions/github.copilot-chat-0.44.1/dist/cli.js

pua.win.trojan.xored-1

Same extension, different path; legitimate

~/.cache/mintinstall/reviews.json

pua.win.tool.hacktool-1840

Linux Mint Software Manager cache; legitimate

  • Parent directories of all three added to ClamTk whitelist (whitelist accepts directories only, not individual files)

  • Rescan confirmed 0 detections

Security Architecture After This Session

Machine

OS

Antivirus

Password Manager

VPN

[desktop]

Windows 11

BitDefender AV Plus

Bitwarden

BitDefender VPN

[laptop #2]

Linux Mint

ClamAV + ClamTk

Bitwarden (Firefox extension pending)

None (to be addressed)

[laptop #1]

Linux Mint

ClamAV + ClamTk

Bitwarden (Firefox extension pending)

None (to be addressed)

VPN coverage for [laptop #1] and [laptop #2] is a noted gap — FOSS/low-cost Linux-compatible options (WireGuard-based) are under evaluation for a future session.

[laptop #2] Isolation Policy

[laptop #2] hosts Claude Code and is designated for academic and professional use only:

  • No persistent shared network folders mounted on [laptop #2]

  • No sensitive personal accounts to be logged into on [laptop #2]

  • No incognito browsing on [laptop #2]

  • File transfers intentional and deliberate only — not via persistent open shares

  • Physical note placed on machine as a standing reminder

  • Follows principle of least privilege and network segmentation; limits blast radius of any unexpected agentic behavior from Claude Code

Watch Out For (Future)

  • Bitwarden master password stored on paper in 2 locations — physical copy to be safeguarded with other critical documents

  • Bitwarden Firefox extensions not yet installed on [laptop #1] or [laptop #2]

  • ClamAV false positives on VS Code/Copilot extensions may reappear after a Copilot version update installs to a new directory path; whitelist the new path if so

  • ClamTk whitelist accepts directories only — keep whitelisted directories limited to system-managed locations

  • Reused passwords (non-financial) in Bitwarden still require cleanup — ongoing task

Lessons Learned

  • Plan for platform-specific antivirus from the start in a mixed-OS homelab. A paid Windows solution does not extend to Linux machines.

  • Migrate to a dedicated cross-platform password manager sooner rather than later. Accumulating hundreds of credentials in a single-browser solution creates a painful migration and audit task later.

  • Export and delete the .csv migration file as a single deliberate action. A plain-text file containing hundreds of passwords should not persist on disk even briefly.

  • Understand ClamAV detections before acting on them. False positives on legitimate tools (VS Code extensions, package manager caches, Windows installers copied to Linux) are common. Deleting a legitimate extension file would silently break functionality.

  • When a Linux GUI tool's scheduler appears to fail silently, verify via crontab -l before writing a manual entry. The GUI may have written a correct entry that it simply didn't confirm visually.

Next Steps / To-Do

  • Evaluate and install FOSS/low-cost WireGuard-based VPN on [laptop #1] and [laptop #2]

  • Install Bitwarden Firefox extension on [laptop #1] and [laptop #2]

  • Set up OpenSSH server on [desktop] to receive automated backups from [laptop #1] and [laptop #2]

  • Configure rsync + cron on [laptop #1] and [laptop #2] for nightly LAN backups to Coffee Canister via [desktop]

  • Set up restricted user account on [desktop] for [laptop #2] backup access (write but not delete permissions)

  • Complete reused-password cleanup in Bitwarden (non-financial accounts)

  • Evaluate and uninstall CUDA toolkit on [desktop]; update FreeFileSync exclusions afterward

  • Address C: drive storage situation on [desktop] (88% full)

Comments

Post a Comment

Popular posts from this blog

Tech Log-Browser Image Agent project

Tech Log Entry — Browser Image Agent:  An AI-Powered Image Tagger and Saver Category: AI / Computer Vision / Browser Automation / Local LLM / Python Initial Goal I wanted a tool to automatically save images from open browser tabs to a local folder, with descriptive, search-friendly filenames and tags generated by an AI vision model — replacing manual save-and-rename workflows. All processing to be fully local: no cloud APIs, no subscriptions, no data leaving the machine. The tool should use only free open-source software, run on my Windows 11 desktop, and leverage my RTX 3060 GPU for local AI inference. Two operating modes: fully automatic (save all qualifying images without interruption) and human-in-the-loop review (confirm each image before saving). Hardware Used Desktop: Windows 11 Home, NVIDIA GeForce RTX 3060 (12 GB VRAM) No additional hardware required — everything runs locally on the desktop Software Stack Python 3.12 Ollama 0.17.7 (local AI runtime) Vision mode...
Read more

Telling Rocks What To Think

Image
Telling Rocks What To Think First post on this new blog format.  I'm establishing this medium for recoding my professional (coding) experiences, impressions, problems, plans, and solutions. Erin Spiceland said "Coding is the art of telling rocks what to think."  It's metaphorical, but not by much.  Digital computing mostly relies on silicon working its logic and magic.  You talk to it in painfully specific code.  You need all the material, semantic, and verbal components just right.  If you get it right, then it talks back.  Get it wrong, and you have just found a "bug". I named my blog "Debug and Rebug" to indicate two key principles of my approach to coding.  First, "debug": When you write your code, it will never work perfectly, as you envision it.  Perfect running never happens; it's an inevitable consequence of entropy, human lateral thinking, and logic's inexorable conflict with our wants.  Those are some fancy words, all ri...
Read more

Humanity as gaslighting victims of LLMs?

Image
Humanity as gaslighting victims of LLMs?     Are we being gaslit (gaslighted?  gaslightified?  gaslitted?) by LLMs?  Are they subtly and not-so-subtly guiding our behavior? No, not really, to the first question.  And "Well, duh" is a spot-on answer, I think, to the second. Maybe you've heard of this?     -->>  " Adding a feature because ChatGPT incorrectly thinks it exists " https://www.holovaty.com/writing/chatgpt-fake-feature/ ChatGPT started a pattern of repeated (if somewhat logically-arrived at) hallucinations, telling thousands of people that an online music scanner app had a certain feature, which it, in fact, did not.  This went on long enough, that the app's programmer decided to go with the flow and add the feature.  Since people were expecting it, he felt he should provide it.  But the customers would not have expected it, had they not asked a hallucinating LLM. Certainly there are the apocryphal stor...
Read more