iptables viewer exposes host file paths, internal cron/script names, and audit codes to tenant admins (role 4)

Area: Admin deep-dive (trust/safety) (audit p15a) · Surface: /admin/iptables (AdminIptablesController@index), templates/admin/iptables/index.php 'Operations reference' panel · Dimension: law-6-internal-workings · Severity: major

Law 6 says customers must never see scripts, marker files, or paths like /etc/mobieus-io. This 'Operations reference' panel hands tenant admins the internal snapshot file path, the names of two host-side cron scripts, the kernel-sync trigger marker file, and an internal audit-event code — pure Mobieus infra mechanism with no tenant value, and a soft enumeration aid. (Memory: no internal workings on customer-facing surfaces.)

Evidence

AdminIptablesController.php:51 `$this->requireRole(4);` (tenant admin can view). templates/admin/iptables/index.php:564-590 renders a dl exposing: line 568 `/tmp/iptables-snapshot.json`, line 572 `bin/iptables-snapshot.sh`, line 576 `bin/ipban-iptables-sync.sh`, line 580 `/var/lib/mobieus/ipban-sync-requested`, line 584 audit code `security.iptables_rule_deleted`. security/iptables.php:25 also tells tenant admins about "the platform-iptables-snapshot cron."

Suggested fix. Remove the 'Operations reference' dl from iptables/index.php entirely (or move its contents to an internal runbook). Tenant admins should see only the rule list + capture timestamp. Strip the 'platform-iptables-snapshot cron' mention from security/iptables.php:25.

Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.