testing

09052025

T-1

{ "volume_groups": { "vgroot": { "vgsize": "304G", "fs_type": "xfs" } }, "logical_volumes": { "root": { "lvroot": { "vgname": "vgroot", "lvname": "lvroot", "lvsize": "12G", "mountpoint": "/",

"purpose": "root filesystem", "disk": 1, "partition": 2 } }, "swap": { "lvswap": { "vgname": "vgroot", "lvname": "lvswap", "lvsize": "4G", "mountpoint": "NA", "purpose": "swap", "disk": 1, "partition": 2, "fs_type": "swap" } }, "opt": { "lvopt": { "vgname": "vgroot", "lvname": "lvopt", "lvsize": "24G", "mountpoint": "/opt", "purpose": "NA", "disk": 1, "partition": 2 } }, "usr": { "lvusr": { "vgname": "vgroot", "lvname": "lvusr", "lvsize": "24G", "mountpoint": "/usr", "purpose": "NA", "disk": 1, "partition": 2 } }, "var": { "lvvar": { "vgname": "vgroot", "lvname": "lvvar", "lvsize": "24G", "mountpoint": "/var", "purpose": "NA", "disk": 1, "partition": 2 } }, "home": { "lvhome": { "vgname": "vgroot", "lvname": "lvhome", "lvsize": "40G", "mountpoint": "/home", "purpose": "home filesystem (user content)", "disk": 1, "partition": 2 } }, "splunk": { "lvsplunk": { "vgname": "vgroot", "lvname": "lvsplunk", "lvsize": "100G", "mountpoint": "/splunk", "purpose": "For splunk", "disk": 1, "partition": 2 } }, "logging": { "lvlogging": { "vgname": "vgroot", "lvname": "lvlogging", "lvsize": "100G", "mountpoint": "/logging", "purpose": "For logging", "disk": 1, "partition": 2 } } }, "physical_partitions": { "boot": { "device": "/dev/sda1", "disk": 1, "partnum": 1, "fs_type": "xfs", "size": "2G", "mountpoint": "/boot", "purpose": "kernel/bootstrap" }, "lvm": { "device": "/dev/sda2", "disk": 1, "partnum": 2, "fs_type": "lvm", "size": "remainder of the disk", "mountpoint": "vgroot", "purpose": "root volume group" } } }

--------------------------------------------------------------------------------------------

T-2

{ "volume_groups": { "vgroot": { "vgsize": "88G", "fs_type": "xfs" }, "vgapps": { "vgsize": "20G", "fs_type": "xfs" } }, "logical_volumes": { "root": { "lvroot": { "vgname": "vgroot", "lvname": "lvroot", "lvsize": "20G", "mountpoint": "/", "purpose": "root filesystem", "partition": 2 } }, "swap": { "lvswap": { "vgname": "vgroot", "lvname": "lvswap", "lvsize": "4G", "mountpoint": "N/A", "purpose": "Swap", "partition": 2, "fs_type": "swap" } }, "home": { "lvhome": { "vgname": "vgroot", "lvname": "lvhome", "lvsize": "20G", "mountpoint": "/home", "purpose": "home filesystem (user content)", "partition": 2 } }, "opt": { "lvopt": { "vgname": "vgroot", "lvname": "lvopt", "lvsize": "24G", "mountpoint": "/opt", "purpose": "Application Install", "partition": 2 } }, "var": { "lvvar": { "vgname": "vgroot", "lvname": "lvvar", "lvsize": "20G", "mountpoint": "/var", "purpose": "Logging", "partition": 2 } }, "splunk": { "lvsplunk": { "vgname": "vgapps", "lvname": "lvsplunk", "lvsize": "10G", "mountpoint": "/splunk", "purpose": "Splunk", "partition": 2 } }, "logging": { "lvlogging": { "vgname": "vgapps", "lvname": "lvlogging", "lvsize": "10G", "mountpoint": "/logging", "purpose": "logging", "partition": 2 } } }, "physical_partitions": { "boot": { "partnum": 1, "fs_type": "xfs", "size": "2G", "mountpoint": "/boot", "volume_group": "N/A", "purpose": "kernel/bootstrap" }, "lvm_vgroot": { "partnum": 2, "fs_type": "LVM", "size": "remainder of disk", "mountpoint": "vgroot", "volume_group": "N/A", "purpose": "root volume group" }, "lvm_vgapps": { "fs_type": "lvm", "size": "40GB", "mountpoint": "vgapps", "volume_group": "N/A", "purpose": "Application specific volume group" } } }

--------------------------------------------------------------------------------

12052025

{

"users_id": {

"ccsuser": "/home/ccsuser",

"smc": "/home/smc",

"mrss": "/home/mrss",

"svc-ansible": "/home/svc-ansible",

"svc-ansible-apps": "/home/svc-ansible-apps",

"apps": "/home/apps",

"cya_recuser": "/home/cya_recuser",

"xagmid3": "/home/xagmid3",

"npst": "/home/npst",

"clt": "/home/clt",

"ivrapps": "/home/ivrapps",

"dcs": "/logging/dcs",

"nssad": "/home/nssad",

"nssaudit": "/home/nssaudit",

"xms": "/var/lib/xms"

"home_dirs_perms": {

"ccsuser": "700",

"smc": "750",

"mrss": "700",

"svc-ansible": "700",

"svc-ansible-apps": "700",

"apps": "755",

"cya_recuser": "700",

"xagmid3": "700",

"npst": "700",

"clt": "755",

"ivrapps": "755",

"dcs": "750",

"nssad": "700",

"nssaudit": "755",

"xms": "755"

"groups_id": {

"adm": "adm",

"users": "100",

"svc-ansible": "1511",

"svc-ansible-apps": "1512",

"apps": "516",

"cya_recuser": "1516",

"nss": "400",

"logging": "519",

"ivrapps": "530",

"xms": "511"

}

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

{

"cyberark_accounts": {

"ccsuser": {

"cyberark_account": "ccsuser",

"adom_domain_security_group": "CyberArk_N_IP7V_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "Symantec DC/ESM SVC acct",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR"

"smc": {

"cyberark_account": "smc",

"adom_domain_security_group": "CyberArk_N_IP7V_TSICS_PWD_USWIN",

"cyberark_safe": "IP7V_N_TSICS_PWD",

"description": "TSICS SVC account",

"adom_security_trustees": "James Herman",

"admin_security": "Dong-Hee Park"

"mrss": {

"cyberark_account": "mrss",

"adom_domain_security_group": "CyberArk_N_MRSS_LIN_PWD_USWIN",

"cyberark_safe": "MRSS_N_LIN_PWD",

"description": "MRSS lab SVC account",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR"

"svc-ansible": {

"cyberark_account": "svc-ansible",

"adom_domain_security_group": "CyberArk_N_MRSS_LIN_PWD_USWIN",

"cyberark_safe": "MRSS_N_LIN_PWD",

"description": "MRSS Ansible Build Acct",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR"

"svc-ansible-apps": {

"cyberark_account": "svc-ansible-apps",

"adom_domain_security_group": "CyberArk_N_IP7V_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "Deployment Team App AnsibleInstall FN Acct",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR"

"apps": {

"cyberark_account": "apps",

"adom_domain_security_group": "CyberArk_N_IP7V_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "Deployment team App SVC account",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR, Compliance Team"

"cya_recuser": {

"cyberark_account": "cya_recuser",

"adom_domain_security_group": "CyberArk Team ADOM Group",

"cyberark_safe": "CyberArk Team Safe",

"description": "Solely used by CyberArk team",

"adom_security_trustees": "NA",

"admin_security": "NA"

"xagmid3": {

"cyberark_account": "xagmid3",

"adom_domain_security_group": "CyberArk_N_IP7V_SEC_PSMP_USWIN",

"cyberark_safe": "IP7V_N_SEC_PSMP",

"description": "Compliance Team FN Acct.",

"adom_security_trustees": "Mark McKone",

"admin_security": "Brian Allen"

"apex": {

"cyberark_account": "apex",

"adom_domain_security_group": "CyberArk_N_IP7V_Appl_PWD_USWIN",

"cyberark_safe": "IP7V_N_Appl_PWD",

"description": "4th Level Support SVC account",

"adom_security_trustees": "Ali Mark PK?",

"admin_security": "MRSS-IPIVR, Compliance Team"

"tsicspt": {

"cyberark_account": "tsicspt",

"adom_domain_security_group": "CyberArk_N_IP7V_TSICS_PWD_USWIN",

"cyberark_safe": "IP7V_N_TSICS_PWD",

"description": "TSICS SVC account",

"adom_security_trustees": "Ali Mark PK?",

"admin_security": "MRSS-IPIVR, Compliance Team"

"clt": {

"cyberark_account": "clt",

"adom_domain_security_group": "CyberArk_N_IP7V_MEDSRV_PWD_USWIN",

"cyberark_safe": "IP7V_N_MEDSRV_PWD",

"description": "CLT SVC account",

"adom_security_trustees": "Mark McKone",

"admin_security": "Brian Allen, Compliance Team"

"ivrapps": {

"cyberark_account": "ivrapps",

"adom_domain_security_group": "CyberArk_N_IP7V_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "IVR application management SVC account",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR"

"dcs": {

"cyberark_account": "dcs",

"adom_domain_security_group": "CyberArk_N_IP7V_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "IPTS transfer SVC account",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR, Compliance Team"

"ip3cDBA": {

"cyberark_account": "ip3cDBA",

"adom_domain_security_group": "CyberArk_N_IP7V_DBA_PSMP_USWIN",

"cyberark_safe": "IP7V_N_DBA_PSMP",

"description": "DBA CyberArk FN Acct",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR, Compliance Team"

"ip3cMRSS": {

"cyberark_account": "ip3cMRSS",

"adom_domain_security_group": "CyberArk_N_MRSS_LIN_PSMP_USWIN",

"cyberark_safe": "MRSS_N_LIN_PSMP",

"description": "MRSS FN Acct.",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR"

"ip3cTEST": {

"cyberark_account": "ip3cTEST",

"adom_domain_security_group": "CyberArk_N_IP7V_TEST_PSMP_USWIN",

"cyberark_safe": "IP7V_N_TEST_PSMP",

"description": "Test FN Acct",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR, Compliance Team"

"ip3cTSICS": {

"cyberark_account": "ip3cTSICS",

"adom_domain_security_group": "CyberArk_N_IP7V_TSICS_PSMP_USWIN",

"cyberark_safe": "IP7V_N_TSICS_PSMP",

"description": "2nd Level Support Team FN Acct",

"adom_security_trustees": "James Herman",

"admin_security": "MRSS-IPIVR, Compliance Team"

"ip3cUSER": {

"cyberark_account": "ip3cUSER",

"adom_domain_security_group": "CyberArk_N_IP7V_USER_PSMP_USWIN",

"cyberark_safe": "IP7V_N_USER_PSMP",

"description": "Deployment Team FN Acct",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR, Compliance Team"

"ip3cVDSi": {

"cyberark_account": "ip3cVDSi",

"adom_domain_security_group": "CyberArk_N_IP7V_VDSi_PSMP_USWIN, CyberArk_N_IP7V_VDSi_PSMP_ADEBP, CyberArk_N_IP7V_VDSi_PSMP_VDSi",

"cyberark_safe": "IP7V_N_VDSi_PSMP",

"description": "Offshore team FN Acct",

"adom_security_trustees": "Mark McKone",

"admin_security": "MRSS-IPIVR, Compliance Team"

}

13052025

"dir_perms": {

"/opt": {

"owner": "root",

"group": "root",

"permission": "755"

"/opt/apachectl": {

"owner": "cit",

"group": "users",

"permission": "755"

"/opt/EMPsysedge": {

"owner": "root",

"group": "root",

"permission": "755"

"/home/npst": {

"owner": "npst",

"group": "users",

"permission": "750"

"/home/techspt": {

"owner": "techspt",

"group": "users",

"permission": "750"

"/home/smc": {

"owner": "smc",

"group": "users",

"permission": "750"

"/home/cit": {

"owner": "cit",

"group": "users",

"permission": "755"

"/home/ccsuser": {

"owner": "ccsuser",

"group": "adm",

"permission": "700"

"/splunk": {

"owner": "cit",

"group": "users",

"permission": "755"

"/home/nssec": {

"owner": "nssec",

"group": "users",

"permission": "700"

"/splunk/bin": {

"owner": "cit",

"group": "users",

"permission": "755"

"/splunk/data": {

"owner": "cit",

"group": "users",

"permission": "755"

"/splunk/install": {

"owner": "cit",

"group": "users",

"permission": "755"

"/logging": {

"owner": "ivrapps",

"group": "ivrapps",

"permission": "755"

"/home/mrss": {

"owner": "mrss",

"group": "users",

"permission": "750"

"/home/ivrapps": {

"owner": "ivrapps",

"group": "ivrapps",

"permission": "755"

"/home/svc-ansible": {

"owner": "svc-ansible",

"group": "users",

"permission": "700"

"/home/svc-ansible-apps": {

"owner": "svc-ansible-apps",

"group": "svc-ansible-apps",

"permission": "700"

"/home/apps": {

"owner": "apps",

"group": "apps",

"permission": "755"

"/home/cya_recuser": {

"owner": "cya_recuser",

"group": "cya_recuser",

"permission": "700"

}

}

use this :

"dir_perms": {

"/opt": {

"owner": "root",

"group": "root",

"permission": "755"

"/opt/apachectl": {

"owner": "cit",

"group": "users",

"permission": "755"

"/opt/EMPsysedge": {

"owner": "root",

"group": "root",

"permission": "755"

"/home/npst": {

"owner": "npst",

"group": "users",

"permission": "750"

"/home/techspt": {

"owner": "techspt",

"group": "users",

"permission": "750"

"/home/smc": {

"owner": "smc",

"group": "users",

"permission": "750"

"/home/cit": {

"owner": "cit",

"group": "users",

"permission": "755"

"/home/ccsuser": {

"owner": "ccsuser",

"group": "adm",

"permission": "700"

"/splunk": {

"owner": "cit",

"group": "users",

"permission": "755"

"/home/nssec": {

"owner": "nssec",

"group": "users",

"permission": "700"

"/splunk/bin": {

"owner": "cit",

"group": "users",

"permission": "755"

"/splunk/data": {

"owner": "cit",

"group": "users",

"permission": "755"

"/splunk/install": {

"owner": "cit",

"group": "users",

"permission": "755"

"/logging": {

"owner": "ivrapps",

"group": "ivrapps",

"permission": "755"

"/home/mrss": {

"owner": "mrss",

"group": "users",

"permission": "750"

"/home/ivrapps": {

"owner": "ivrapps",

"group": "ivrapps",

"permission": "755"

"/home/svc-ansible": {

"owner": "svc-ansible",

"group": "users",

"permission": "700"

"/home/svc-ansible-apps": {

"owner": "svc-ansible-apps",

"group": "svc-ansible-apps",

"permission": "700"

"/home/apps": {

"owner": "apps",

"group": "apps",

"permission": "755"

"/home/cya_recuser": {

"owner": "cya_recuser",

"group": "cya_recuser",

"permission": "700"

}

---------------------------------------------------------------------------------------------

"sudoers_add": {

"COMMENT": "## Generated and maintained through automated scripts",

"file_name": "/etc/sudoers.d/ccsuser02",

"add": "# agentless ESM\nccsuser\tALL=(ALL:ALL) NOPASSWD: ALL",

"file_name": "/etc/sudoers.d/svc-ansible",

"add": "#Ansible: Required for build/config\nsvc-ansible ALL=(ALL:ALL) NOPASSWD: ALL",

"add": "Note: nssaudit is added to /etc/sudoers.d file only and no separate file is created.\nnssaudit ALL=(root) NOPASSWD: ALL"

}

"sudoers_add": {

"COMMENT": "## Generated and maintained through automated scripts",

"file_name": "/etc/sudoers.d/test_development_sandbox",

"add": "Cmnd_Alias IPIVRCMDS = /usr/sbin/tcpdump, /sbin/iptables -L, /sbin/shutdown, /bin/netstat, /usr/sbin/isof, /sbin/service nodecontroller start, /sbin/service nodecontroller stop, /sbin/service nodecontroller restart,/usr/bin/cat /etc/named.conf,/usr/bin/cat /etc/ssh/sshd_config,/usr/bin/cat /etc/snmp/snmpd.conf,/usr/bin/cat /etc/cron.d/sysstat\n\n## service account specific commands\ncit ALL=(ALL)\tNOPASSWD: IPIVRCMDS\napps ALL=(ALL)\tNOPASSWD: IPIVRCMDS\n\n# TSICS/smc\nsmc ALL=(ALL) NOPASSWD: ALL\n\nCmnd_Alias IVRAPPSCMDS = /bin/chown,/bin/chmod\nivrapps\tALL=(ALL)\tNOPASSWD: IVRAPPSCMDS"

}

-----------------------------------------------------------------------------------------------------------------------------------

"symbolic_links": {

"ln -s": "/opt /applications"

}

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

"base_packages": {

"1": "@Core",

"2": "Below REPO's are added for MS",

"3": "rhel-8-for-x86_64-baseos-rpms",

"4": "rhel-8-for-x86_64-appstream-rpms",

"5": "rhel-8-for-x86_64-supplementary-rpms",

"6": "satellite-client-6-for-rhel-8-x86_64-rpms",

"7": "rhel-8-for-x86_64-baseos-debug-rpms",

"8": "rhel-8-for-x86_64-appstream-debug-rpms",

"9": "rhceph-5-tools-for-rhel-8-x86_64-rpms"

"extra_packages": {

"1": "NOTE: Packages might be upgraded to higher level than O/S to remediate security vulnerabilities",

"2": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/package_manifest/index"

}

"additional_packages": {

"1": "alsa-lib",

"2": "apr",

"3": "apr-util",

"4": "atk",

"5": "autofs",

"6": "avahi",

"7": "bind",

"8": "bind-utils",

"9": "bzip2",

"10": "bzip2-libs",

"11": "cairo",

"12": "cdparanoia-libs",

"13": "chrony",

"14": "cpp",

"15": "cups",

"16": "cyrus-sasl",

"17": "dmidecode",

"18": "e2fsprogs-devel",

"19": "enscript",

"20": "expect",

"21": "fontconfig",

"22": "freetype",

"23": "gamin",

"24": "GConf2",

"25": "gd",

"26": "gdb",

"27": "ghostscript",

"28": "giflib",

"29": "glib2",

"30": "glibc (i686, x86_64)",

"31": "glibc-headers",

"32": "gmp",

"33": "gnome-keyring",

"34": "gpertools-libs",

"35": "gpertools-libs",

"36": "grafana",

"37": "gstreamer1",

"38": "gtk2",

"39": "hicolor-icon-theme",

"40": "httpd",

"41": "httpd-tools",

"42": "iproute",

"43": "iptables-services",

"44": "iso-codes",

"45": "jasper-libs",

"46": "java-1.8.0-openjdk",

"47": "kernel-devel",

"48": "kernel-headers",

"49": "keyutils-libs-devel",

"50": "krb5-devel",

"51": "ksh",

"52": "ksh",

"53": "lcms2",

"54": "libcgroup-tools",

"55": "libcroco",

"56": "libcurl",

"57": "libdaemon",

"58": "libev",

"59": "libgcrypt",

"60": "libgsf",

"61": "libICE",

"62": "libjpeg-turbo",

"63": "libpng",

"64": "libnotify",

"65": "libnsl (i686, x86_64)",

"66": "libpcap",

"67": "libpng",

"68": "libpq",

"69": "libselinux-devel",

"70": "libsepol-devel",

"71": "libSM",

"72": "libsmi",

"73": "libstdc++ (i686, x86_64)",

"74": "libtheora",

"75": "libtiff",

"76": "libtiff-devel",

"77": "libtool",

"78": "libtool-ltdl",

"79": "libuuid",

"80": "libuuid",

"81": "libuv",

"82": "libxcrypt",

"83": "libwmf",

"84": "libwmf-lite",

"85": "libX11",

"86": "libXaw",

"87": "libxcrypt (i686)",

"88": "libXcursor",

"89": "libXfixes",

"90": "libXinerama",

"91": "libxml2",

"92": "libxml2",

"93": "libXrandr",

"94": "libXrender",

"95": "libXres",

"96": "libxslt",

"97": "libXt",

"98": "lm_sensors",

"99": "lsof",

"100": "lynx",

"101": "mailx",

"102": "mesa-dri-drivers",

"103": "mesa-libGL",

"104": "mesa-libGLU",

"105": "mod_ssl",

"106": "ncompress",

"107": "ncurses",

"108": "ncurses",

"109": "ncurses-libs",

"110": "net-snmp",

"111": "net-snmp-libs",

"112": "net-snmp-utils",

"113": "nfs-utils",

"114": "nmap-ncat",

"115": "nscd",

"116": "nss",

"117": "openjpeg-libs",

"118": "openssh",

"119": "openssl",

"120": "openssl-devel",

"121": "openssl-libs",

"122": "opus",

"123": "pam",

"124": "pango",

"125": "pcre",

"126": "pcre-cpp",

"127": "perl",

"128": "perl-CGI",

"129": "perl-Class-Inspector",

"130": "perl-ExtUtils-MakeMaker",

"131": "perl-ExtUtils-ParseXS",

"132": "perl-IO-Socket-IP",

"133": "perl-IO-Socket-SSL",

"134": "perl-libs",

"135": "perl-MailTools",

"136": "perl-MailTools",

"137": "perl-Net-SMTP-SSL",

"138": "perl-Net-SSLeay",

"139": "perl-Test-Harness",

"140": "perl-Test-Simple",

"141": "perl-XML-Parser",

"142": "php",

"143": "php-cli",

"144": "php-common",

"145": "php-fpm",

"146": "php-json",

"147": "php-ldap",

"148": "php-pdo",

"149": "php-pgsql",

"150": "poppler",

"151": "poppler-data",

"152": "poppler-utils",

"153": "portreserve",

"154": "postgresql",

"155": "postgresql-server",

"156": "procmail",

"157": "python3-urllib3",

"158": "python36",

"159": "qt5",

"160": "redhat-lsb",

"161": "redhat-lsb-printing",

"162": "rpcbind",

"163": "rsync",

"164": "rsync",

"165": "sendmail",

"166": "sendmail-cf",

"167": "shared-mime-info",

"168": "sqlite",

"169": "squid",

"170": "startup-notification",

"171": "strace",

"172": "sudo",

"173": "sysstat",

"174": "tcpdump",

"175": "tcsh",

"176": "telnet",

"177": "traceroute",

"178": "unzip",

"179": "urw-base35-fonts",

"180": "urw-base35-fonts-common",

"181": "uuid",

"182": "vim-common",

"183": "wget",

"184": "wireshark",

"185": "xorg-x11-utils",

"186": "xterm",

"187": "yajl",

"188": "zlib",

"189": "zlib-devel",

"190": "opencap"

"xms_media_server_packages": {

"1": "httpd",

"2": "openssl",

"3": "perl-Crypt-OpenSSL-Random",

"4": "perl-JSON",

"5": "wavpack",

"6": "libao",

"7": "collectd",

"8": "compat-openssl10",

"9": "fcgi",

"10": "libc",

"11": "lightttpd-fastcgi",

"12": "lighttpd",

"13": "mongo-driver-libs",

"14": "rtione",

"15": "sox",

"16": "spawn-fcgi",

"17": "xerces-c",

"18": "libwebsockets"

}

    
   "dir_perms": {
  "/opt": {
    "owner": "root",
    "group": "root",
    "permission": "755"
  },
  "/opt/apachectl": {
    "owner": "cit",
    "group": "users",
    "permission": "755"
  },
  "/opt/EMPsysedge": {
    "owner": "root",
    "group": "root",
    "permission": "755"
  },
  "/home/npst": {
    "owner": "npst",
    "group": "users",
    "permission": "750"
  },
  "/home/techspt": {
    "owner": "techspt",
    "group": "users",
    "permission": "750"
  },
  "/home/smc": {
    "owner": "smc",
    "group": "users",
    "permission": "750"
  },
  "/home/cit": {
    "owner": "cit",
    "group": "users",
    "permission": "755"
  },
  "/home/ccsuser": {
    "owner": "ccsuser",
    "group": "adm",
    "permission": "700"
  },
  "/splunk": {
    "owner": "cit",
    "group": "users",
    "permission": "755"
  },
  "/home/nssec": {
    "owner": "nssec",
    "group": "users",
    "permission": "700"
  },
  "/splunk/bin": {
    "owner": "cit",
    "group": "users",
    "permission": "755"
  },
  "/splunk/data": {
    "owner": "cit",
    "group": "users",
    "permission": "755"
  },
  "/splunk/install": {
    "owner": "cit",
    "group": "users",
    "permission": "755"
  },
  "/logging": {
    "owner": "ivrapps",
    "group": "ivrapps",
    "permission": "755"
  },
  "/home/mrss": {
    "owner": "mrss",
    "group": "users",
    "permission": "750"
  },
  "/home/ivrapps": {
    "owner": "ivrapps",
    "group": "ivrapps",
    "permission": "755"
  },
  "/home/svc-ansible": {
    "owner": "svc-ansible",
    "group": "users",
    "permission": "700"
  },
  "/home/svc-ansible-apps": {
    "owner": "svc-ansible-apps",
    "group": "svc-ansible-apps",
    "permission": "700"
  },
  "/home/apps": {
    "owner": "apps",
    "group": "apps",
    "permission": "755"
  },
  "/home/cya_recuser": {
    "owner": "cya_recuser",
    "group": "cya_recuser",
    "permission": "700"
  }
}

15052025

{

"disable_xinetd_services": ["rexec", "rlogin", "rsh", "telnet", "ftp"],

"disable_systemctl_services": ["cups.service"],

"disable_network_services": {

"echo": ["7/tcp", "7/udp"],

"chargen": ["19/udp", "19/tcp"],

"tftp": "69/udp",

"finger": "79/tcp",

"who": "513/udp",

"pop2": "109/tcp",

"pop3": "110/tcp",

"imap": "143/tcp",

"csp": "2222/tcp"

"add_to_etc_services": {

"http-clt": "18081/tcp",

"https-clt": "43443/tcp"

}

{

"filename": "/etc/cron.d/sysstat",

"changes": [

{

"line": "# run system activity accounting tool every 15 seconds",

"command": "* * * * * root /usr/lib64/sa/sa1 15 4"

{

"line": "# generate a daily summary of process accounting at 23:53",

"command": "53 23 * * * root /usr/lib64/sa/sa2 -A"

{

"line": "# clean up sa files older than 15 days",

"command": "35 10 * * * root find /var/log/sa -mtime +15 -type f -name sa* -exec rm -f {} \\;"

{

"line": "Enable the sysstat package to run using the command:",

"command": "systemctl enable sysstat"

}

"notes": "The sysstat package will be installed to provide system resource monitoring. The /etc/cron.d/sysstat configuration file should not need changes."

}

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

{

"system_log_rotation": {

"description": "The system log file rotation schedule will be changed from weekly to daily and the permissions on the messages file will be changed to allow support groups read access",

"files": {

"/etc/logrotate.conf": {

"changes": [

"# Ansible managed",

"# logrotate: 6",

"# logrotate_files: 2",

"# compress",

"daily",

"rotate 30",

"create",

"dateext",

"include /etc/logrotate.d",

"/var/log/wtmp {",

" create 0644 root utmp",

" minsize 1M",

" monthly",

" rotate 1",

"}",

"/var/log/btmp {",

" create 0644 root utmp",

" monthly",

" rotate 12",

"}"

]

"/etc/logrotate.d/syslog": {

"changes": [

"/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {",

" sharedscripts",

" postrotate",

" /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true",

" /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true",

" chmod -f 644 /var/log/messages* || true",

" chmod -f 644 /var/log/boot.log* || true",

" chmod -f 644 /var/log/dmsg* || true",

" chmod -f 644 /var/log/cron* || true",

" endscript",

"}"

]

"/etc/sysconfig/named": {

"changes": [

"OPTIONS=\"-4\""

"purpose": "Disable IPv6 logs in messages file"

}

"validation_command": "logrotate -f /etc/logrotate.conf"

}

26052025 -

"extra_packages": {

"1": "bind",

"2": "bind-utils",

"3": "chrony",

"4": "expect",

"5": "gcc",

"6": "gdb",

"7": "httpd",

"8": "httpd-tools",

"9": "iproute",

"10": "iptables-nft",

"11": "java",

"12": "ksh",

"13": "lsof",

"14": "mod_ssl",

"15": "net-snmp",

"16": "net-snmp-devel",

"17": "net-snmp-libs",

"18": "net-snmp-utils",

"19": "nmap-ncat",

"20": "openssh",

"21": "openssl",

"22": "openssl-devel",

"23": "openssl-libs",

"24": "perl-Class-Inspector",

"25": "perl-Data-Dumper",

"26": "perl-IO-Socket-IP",

"27": "perl-IO-Socket-SSL",

"28": "perl-MailTools",

"29": "perl-Net-SMTP-SSL",

"30": "perl-Net-SSLeay",

"31": "perl-XML-Parser",

"32": "rsync",

"33": "squid",

"34": "sysstat",

"35": "tdi",

"36": "tcpdump",

"37": "tcsh",

"38": "telnet",

"39": "traceroute",

"40": "tzdata",

"41": "unzip",

"42": "wget",

"43": "xterm",

"44": "openscap",

"45": "scap-security-guide",

"46": "openscap-scanner",

"47": "xml-common",

"48": "java-17-openjdk",

"49": "glibc-debuginfo",

"50": "glibc-debuginfo-common",

"51": "glibc.i686",

"52": "libnsl.i686",

"53": "keyutils-debuginfo",

"54": "libaio.i686",

"55": "libgcc",

"56": "chkconfig",

"57": "initscripts",

"58": "libgcc.i686",

"59": "libaio.x86_64",

"60": "libnsl.x86_64",

"61": "httpd.x86_64",

"62": "libselinux-debuginfo",

"63": "libstdc++.i686",

"64": "libstdc++.x86_64",

"65": "libxml2-debuginfo",

"66": "ncurses-libs"

}

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[

{

"users_id": {

"sysadmin": "/home/sysadmin",

"ccsuser": "/home/ccsuser",

"mrss": "/home/mrss",

"nsssec": "/home/nsssec",

"nssaudit": "/home/nssaudit",

"svc-ansible": "/home/svc-ansible",

"svc-ansible-apps": "/home/svc-ansible-apps",

"smc": "/home/smc",

"apps": "/home/apps",

"ivrapps": "/home/ivrapps",

"cya_recuser": "/home/cya_recuser",

"xagmid3": "/home/xagmid3",

"nuance": "/home/nuance",

"tunexfer": "/home/tunexfer"

"home_dirs_perms": {

"sysadmin": "700",

"ccsuser": "700",

"mrss": "755",

"nsssec": "700",

"nssaudit": "755",

"svc-ansible": "700",

"svc-ansible-apps": "700",

"smc": "700",

"apps": "755",

"ivrapps": "755",

"cya_recuser": "700",

"xagmid3": "700",

"nuance": "750",

"tunexfer": "700"

"groups_id": {

"users": "100",

"nuance": "523",

"tune": "555",

"svc-ansible-apps": "1512",

"svc-ansible": "1511",

"mrss/sysadmin": "500",

"acpd": "516",

"ivrapps": "530",

"cya_recuser": "1516"

}

]

28052025

{

"cyberark_accounts": {

"ccsuser": {

"cyberark_account": "ccsuser",

"adom_domain_security_group": "CyberArk_N_IP7V_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "Symantec DC/ESM SVC Acct",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"nuance": {

"cyberark_account": "nuance",

"adom_domain_security_group": "CyberArk_N_IP7V_NCP_PWD_USWIN",

"cyberark_safe": "IP7V_N_NCP_PWD",

"description": "Nuance Account",

"adom_security_trustees": "Mark Mckone",

"admin": "Mark or AL has to add IPIVR-MRSS stable team members in this ADOM"

"tunexfer": {

"cyberark_account": "tunexfer",

"adom_domain_security_group": "CyberArk_N_IP7V_NCP_PWD_USWIN",

"cyberark_safe": "IP7V_N_NCP_PWD",

"description": "Nuance tuning",

"adom_security_trustees": "Mark Mckone",

"admin": "Mark or AL has to add IPIVR-MRSS stable team members in this ADOM"

"root": {

"cyberark_account": "root",

"adom_domain_security_group": "CyberArk_N_APPLIN_MRSS_SA_PWD_USWIN",

"cyberark_safe": "APPLIN_MRSS_N_SA_PWD",

"description": "Root SVC Acct",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"smc": {

"cyberark_account": "smc",

"adom_domain_security_group": "CyberArk_N_IP7V_TSICS_PWD_USWIN",

"cyberark_safe": "IP7V_N_TSICS_PWD",

"description": "TSICS lab SVC account",

"adom_security_trustees": "James Herman",

"admin": "Dong-Hee Park"

"sysadmin": {

"cyberark_account": "sysadmin",

"adom_domain_security_group": "CyberArk_N_MRSS_N_LIN_PWD_USWIN",

"cyberark_safe": "MRSS_N_LIN_PWD",

"description": "MRSS lab SVC account",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"mrss": {

"cyberark_account": "mrss",

"adom_domain_security_group": "CyberArk_N_MRSS_N_LIN_PWD_USWIN",

"cyberark_safe": "MRSS_N_LIN_PWD",

"description": "MRSS lab SVC account",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"svc-ansible": {

"cyberark_account": "svc-ansible",

"adom_domain_security_group": "CyberArk_N_MRSS_N_LIN_PWD_USWIN",

"cyberark_safe": "MRSS_N_LIN_PWD",

"description": "MRSS Ansible Build Acct",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"svc-ansible-apps": {

"cyberark_account": "svc-ansible-apps",

"adom_domain_security_group": "CyberArk_N_IP7V_N_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "Deployment Team App Ansible Install FN Acct",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"apps": {

"cyberark_account": "apps",

"adom_domain_security_group": "CyberArk_N_IP7V_N_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "Deployment team App SVC account",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"cya_recuser": {

"cyberark_account": "cya_recuser",

"adom_domain_security_group": "CyberArk Team",

"cyberark_safe": "CyberArk Team Safe",

"description": "Solely used by CyberArk team",

"adom_security_trustees": "NA",

"admin": "NA"

"xagmid3": {

"cyberark_account": "xagmid3",

"adom_domain_security_group": "CyberArk_N_IP7V_SEC_PSMP_USWIN",

"cyberark_safe": "IP7V_N_SEC_PSMP",

"description": "Compliance Team FN Acct.",

"adom_security_trustees": "Mark Mckone",

"admin": "AL to confirm on the Admin members of this ADOM. MRSS-IPIVR, Compliance Team"

"npst": {

"cyberark_account": "npst",

"adom_domain_security_group": "CyberArk_N_IP7V_N_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "4th Level Support team SVC Acct",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"4lspt": {

"cyberark_account": "4lspt",

"adom_domain_security_group": "CyberArk_N_IP7V_N_APPL_PWD_USWIN",

"cyberark_safe": "IP7V_N_APPL_PWD",

"description": "4th Level Support team SVC Acct",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"ip3cDEV": {

"cyberark_account": "ip3cDEV",

"adom_domain_security_group": "CyberArk_N_ID1V_N_DEV_PSMP_USWIN",

"cyberark_safe": "ID1V_N_DEV_PSMP",

"description": "DEV Team FN Acct",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"ip3cMRSS": {

"cyberark_account": "ip3cMRSS",

"adom_domain_security_group": "CyberArk_N_MRS_S_LIN_PSMP_USWIN",

"cyberark_safe": "MRSS_N_LIN_PSMP",

"description": "MRSS FN Acct.",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"ip3cTEST": {

"cyberark_account": "ip3cTEST",

"adom_domain_security_group": "CyberArk_N_IP7V_N_TEST_PSMP_USWIN",

"cyberark_safe": "IP7V_N_TEST_PSMP",

"description": "Deployment Team FN Acct",

"adom_security_trustees": "Mark Mckone",

"admin": "MRSS-IPIVR"

"ip3cTSICS": {

"cyberark_account": "ip3cTSICS",

"adom_domain_security_group": "CyberArk_N_IP7V_TSICS_PSMP_USWIN",

"cyberark_safe": "IP7V_N_TSICS_PSMP",

"description": "2nd Level Support Team FN Acct",

"adom_security_trustees": "James Herman",

"admin": "Dong-Hee Park"

"ip3c2LSPT": {

"cyberark_account": "ip3c2LSPT",

"adom_domain_security_group": "CyberArk_N_IP7V_N_TSICS_PSMP_USWIN",

"cyberark_safe": "IP7V_N_TSICS_PSMP",

"description": "2nd Level Support Team FN Acct",

"adom_security_trustees": "James Herman",

"admin": "Dong-Hee Park"

"ip3cUSER": {

"cyberark_account": "ip3cUSER",

"adom_domain_security_group": "CyberArk_N_IP7V_N_USER",

"cyberark_safe": "IP7V_N_USER",

"description": "Onshore",

"adom_security_trustees": "Mark Mckone",

"admin": "Mark or AL has to"

}

30052025

{

"volume_groups": {

"vgroot": {

"vgsize": "100G",

"fs_type": "xfs"

"vgapps": {

"vgsize": "500G",

"fs_type": "xfs"

}

"logical_volumes": {

"lvroot": {

"vgname": "vgroot",

"lvname": "lvroot",

"lvsize": "12G",

"lvfs_type": "xfs",

"lv_mountpoint": "/"

"lvvar": {

"vgname": "vgroot",

"lvname": "lvvar",

"lvsize": "25G",

"lvfs_type": "xfs",

"lv_mountpoint": "/var"

"lvusr": {

"vgname": "vgroot",

"lvname": "lvusr",

"lvsize": "28G",

"lvfs_type": "xfs",

"lv_mountpoint": "/usr"

"lvhome": {

"vgname": "vgroot",

"lvname": "lvhome",

"lvsize": "35G",

"lvfs_type": "xfs",

"lv_mountpoint": "/home"

"lvapps": {

"vgname": "vgapps",

"lvname": "lvapps",

"lvsize": "70G",

"lvfs_type": "xfs",

"lv_mountpoint": "/apps"

"lvlogging": {

"vgname": "vgapps",

"lvname": "lvlogging",

"lvsize": "300G",

"lvfs_type": "xfs",

"lv_mountpoint": "/logging"

}

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

02062025

{

"dir_perms": {

"/logging": {

"owner": "root",

"group": "root",

"Permission": "755"

"/logging/tuneSessions": {

"owner": "nuance",

"group": "nuance",

"Permission": "755"

"/logging/nuance": {

"owner": "nuance",

"group": "nuance",

"Permission": "755"

"/logging/cache": {

"owner": "nuance",

"group": "nuance",

"Permission": "755"

"/logging/squid": {

"owner": "nuance",

"group": "nuance",

"Permission": "755"

"/logging/audio_cache": {

"owner": "nuance",

"group": "nuance",

"Permission": "755"

"/logging/tts": {

"owner": "nuance",

"group": "nuance",

"Permission": "755"

"/logging/cores": {

"owner": "nuance",

"group": "nuance",

"Permission": "755"

"/logging/tune/": {

"owner": "root",

"group": "tune",

"Permission": "755"

"/logging/tune/tunexfer": {

"owner": "tunexfer",

"group": "tune",

"Permission": "770"

"/apps": {

"owner": "ivrapps",

"group": "ivrapps",

"Permission": "755"

"/home/nuance": {

"owner": "nuance",

"group": "nuance",

"Permission": "750"

"/home/tunexfer": {

"owner": "tunexfer",

"group": "tune",

"Permission": "700"

"/home/sysadmin": {

"owner": "sysadmin",

"group": "users",

"Permission": "750"

"/home/ocbusr": {

"owner": "ocbusr",

"group": "adm",

"Permission": "700"

"/home/svc-ansible-apps": {

"owner": "svc-ansible-apps",

"group": "svc-ansible-apps",

"Permission": "700"

"/home/svc-ansible": {

"owner": "svc-ansible",

"group": "svc-ansible",

"Permission": "700"

"/home/apps": {

"owner": "apps",

"group": "acpd",

"Permission": "755"

"/home/ivrapps": {

"owner": "ivrapps",

"group": "ivrapps",

"Permission": "755"

"/home/cya_recuser": {

"owner": "cya_recuser",

"group": "cya_recuser",

"Permission": "700"

}

----------------------------------------------------------------------------------------------------------------

23062025

{

"_id": {

"soid": "6841e4bf0d270b2ab92d7eaa"

// This is a unique internal ID for this configuration document. You generally don't need to change this.

"vast_id": "21452",

// REQUIRED: A unique identifier for your specific VM setup or project.

// This ID helps us track and manage your virtual machines.

// Example: "VMProjectAlpha-001", "TeamX-VM-Setup"

// Please ensure this is unique across your requests.

"env": "dev",

// REQUIRED: The intended environment for this VM deployment.

// This helps us provision your VMs in the correct isolated environment.

// Options:

// - "dev": For development purposes (testing new features, coding).

// - "test": For quality assurance and testing (pre-production validation).

// - "prod": For live production systems (critical, customer-facing applications).

// Please choose one of the above.

"ver": "0.2",

// OPTIONAL: A version number for this specific configuration file.

// This helps you keep track of different iterations of your VM setup.

// Format: Use a simple version like "1.0", "1.1", "2.0".

// Example: "0.2", "1.0"

"date": "June 4 2025",

// OPTIONAL: The date this configuration was last updated or created.

// Format: "Month Day Year" (e.g., "January 15 2024").

// Example: "June 4 2025"

"rhel_ver": "9.5",

// REQUIRED: The specific version of Red Hat Enterprise Linux (RHEL) to install on the VM.

// Please provide a valid and supported RHEL version.

// Example supported versions: "8.6", "9.0", "9.5"

// Note: Using an unsupported version might lead to deployment failures.

"vm_count": "1",

// REQUIRED: The total number of identical virtual machines to provision using this configuration.

// Example: "1" (for a single VM), "3" (for three identical VMs).

// Please enter a positive whole number.

"cpu_cores": "4",

// REQUIRED: The number of virtual CPU cores to allocate to EACH virtual machine.

// This determines the processing power available to each VM.

// Example: "2" (for a basic VM), "4" (for a standard VM), "8" (for a more powerful VM).

// Please enter a positive whole number (e.g., 2, 4, 8).

"memory": "32G",

// REQUIRED: The amount of RAM (memory) to allocate to EACH virtual machine.

// This impacts the VM's ability to run applications smoothly.

// Format: Specify the value followed by 'G' for Gigabytes or 'M' for Megabytes.

// Examples: "16G" (for 16 Gigabytes), "512M" (for 512 Megabytes).

// Please ensure the value includes 'G' or 'M'.

"shell": "/bin/bash",

// OPTIONAL: The default shell to configure for users on the VM.

// This specifies the command-line interpreter that users will use when logging in.

// Common options: "/bin/bash", "/bin/sh", "/bin/zsh".

// If not specified, the system default will be used (usually /bin/bash).

"timezone": "GMT",

// REQUIRED: The timezone to configure on the VM.

// This ensures the VM's clock and time-based operations are synchronized correctly.

// Format: Use standard timezone names (e.g., "GMT", "UTC", "America/New_York", "Asia/Kolkata").

// Please refer to the IANA Time Zone Database for valid names if unsure.

// Example: "Asia/Kolkata" (for India Standard Time)

"email_notification_list": {

// REQUIRED: Configuration for email notifications related to VM automation status.

// This ensures relevant teams or individuals are informed about deployment success or failures.

"COMMENT": "This is a MANDATORY field and must contain at least one valid email address or distribution list.",

// This explanatory comment is for your reference within the JSON structure.

"to": "vm-automation@example.com"

// REQUIRED: The email address(es) or distribution list for receiving notifications.

// You can provide a single email or multiple, comma-separated email addresses.

// Example: "yourteam@example.com", "alert@company.com, admin@company.com"

// Ensure this email address or list is actively monitored.

"subscription_manager_register": {

// OPTIONAL: Details for registering the VM with Red Hat Subscription Manager.

// This allows the VM to receive software updates and support from Red Hat.

// Provide these details ONLY if your VM needs to be registered.

"org": "system_admin",

// REQUIRED (if registering): The organization name associated with your Red Hat Subscription.

// This identifies your account within Red Hat Subscription Manager.

// Example: "MyCompany_Org", "IT_Department"

"activationkey": "vm_automation_test"

// REQUIRED (if registering): The activation key for Red Hat Subscription Manager registration.

// This key links the VM to your specific subscriptions.

// Example: "your_prod_key", "dev_vm_access"

// Ensure this key is valid and has available subscriptions.

"server_details": {

// REQUIRED: Essential details for configuring the new VM server.

"servername": "VM-Automation-Test1",

// REQUIRED: The desired hostname or name for the new virtual machine.

// This name will be used to identify the VM on the network.

// It should be unique and follow standard hostname conventions (e.g., no spaces, special characters).

// Example: "MyWebAppServer", "DataNode-01"

"total_storage_size": "2.7T",

// REQUIRED: The total disk storage size to allocate to the VM.

// This includes the operating system and any additional data partitions.

// Format: Specify the value followed by 'T' for Terabytes or 'G' for Gigabytes.

// Examples: "1T" (for 1 Terabyte), "500G" (for 500 Gigabytes), "2.7T"

// Ensure you provide the unit (T or G).

"ip_address": "15.25.58.5",

// REQUIRED: The static IP address to assign to the new VM.

// This ensures the VM has a fixed and predictable network location.

// Format: Standard IPv4 address (e.g., "192.168.1.100").

// IMPORTANT: Ensure this IP address is available and not already in use on your network.

// Using a duplicate IP will cause network conflicts.

"subnet": "255.255.255.0",

// REQUIRED: The subnet mask for the VM's assigned IP address.

// This defines the network segment the VM will operate within.

// Format: Standard IPv4 subnet mask (e.g., "255.255.255.0", "255.255.0.0").

// Ensure this matches your network configuration for the provided IP address.

"gateway": "15.25.58.1",

// REQUIRED: The default gateway IP address for the VM.

// This is the router or access point that allows the VM to communicate outside its local subnet.

// Format: Standard IPv4 address (e.g., "192.168.1.1", "10.0.0.1").

// Ensure this is the correct gateway for your specified network segment.

"vlan": "412"

// OPTIONAL: The VLAN ID for the VM's network interface.

// If your network uses VLANs for traffic segmentation, specify the VLAN ID here.

// If not required, you can remove this field or leave it empty/null if your automation supports it.

// Example: "10", "100", "412".

// Please ensure the VLAN ID is valid and accessible from your chosen network.

"motd": {

// OPTIONAL: Configure the 'Message Of The Day' (MOTD) for the VM.

// This message is displayed to users when they log into the server via SSH or console.

// If you don't need a custom MOTD, you can remove this field or leave it empty/null.

"/etc/motd": "NOTICE - PROPRIETARY SYSTEM\n\nThis system is intended to be used solely by authorized users in the course of legitimate corporate business. Users are hereby notified that their activities on this system are subject to monitoring and recording. Unauthorized access or use of this system is strictly prohibited and may result in disciplinary action or legal prosecution."

// REQUIRED (if motd is used): The content of the MOTD file.

// This is the exact text that will appear. Use '\n' for new lines.

// Example: "Welcome to the Production Server!\n\nAccess is restricted to authorized personnel."

// Ensure the message is concise and provides necessary information or warnings.

"volume_groups": [

// OPTIONAL: Defines custom Logical Volume Management (LVM) Volume Groups.

// Use this section if you need specific disk partitioning beyond the default OS installation.

// You can define multiple volume groups if required.

{

"vgapps": {

// REQUIRED: The name of this custom Volume Group.

// This is a logical container for your disk space.

// Example: "vgdata", "vglogs", "vgapps".

"vgsize": "100G",

// REQUIRED: The total size to allocate to this Volume Group.

// Format: Specify the value followed by 'G' for Gigabytes or 'T' for Terabytes.

// Example: "50G", "1T", "100G".

// Ensure you provide the unit (G or T).

"fs_type": "xfs"

// REQUIRED: The default filesystem type for logical volumes created within this Volume Group.

// This determines how data is stored and accessed on the disk.

// Common options: "xfs", "ext4".

// Example: "xfs"

}

// You can add more volume groups here if needed, following the same structure.

{

"vgdata": {

"vgsize": "500G",

"fs_type": "ext4"

}

"logical_volumes": [

// OPTIONAL: Defines Logical Volumes (LVs) and their mount points within Volume Groups, categorized by purpose.

// Use this section if you need specific partitions for applications, logging, databases, etc.

// Each entry in this list defines one logical volume and its properties.

{

"category": "application",

// Descriptive category for this logical volume (e.g., "application", "logging", "database").

"lvname": "lvapps",

// REQUIRED: The name of the Logical Volume.

// This will be the name of the partition created for your application or data.

// Example: "lvlogs", "lvdatabase", "lvapps".

"vgname": "vgapps",

// REQUIRED: The name of the Volume Group this Logical Volume belongs to.

// This must match a 'vgname' defined in the "volume_groups" section above.

// Example: "vgapps".

"size": "20G",

// REQUIRED: The size to allocate to this Logical Volume.

// Format: Specify the value followed by 'G' for Gigabytes or 'T' for Terabytes.

// Example: "20G", "100G", "50G".

// Ensure this size is available within the specified Volume Group's 'vgsize'.

"fs_type": "xfs",

// REQUIRED: The filesystem type for this Logical Volume.

// This determines how data is stored on this specific partition.

// Common options: "xfs", "ext4".

// Example: "xfs"

"lv_mountpoint": "/applications"

// REQUIRED: The directory where this Logical Volume will be mounted on the VM.

// This is where your applications or data will reside.

// Example: "/var/log", "/opt/data", "/applications".

// Ensure this path is unique for each mount point.

{

"category": "logging",

"lvname": "lvlogging",

"vgname": "vmlogs", // Assuming 'vmlogs' is defined in volume_groups

"size": "100G",

"fs_type": "xfs",

"lv_mountpoint": "/logging"

{

"category": "database",

"lvname": "lvdatabase",

"vgname": "vmdatabase", // Assuming 'vmdatabase' is defined in volume_groups

"size": "500G",

"fs_type": "xfs",

"lv_mountpoint": "/database"

{

"category": "ovadb",

"lvname": "lvovadb",

"vgname": "ovadb", // Assuming 'ovadb' is defined in volume_groups

"size": "200G",

"fs_type": "xfs",

"lv_mountpoint": "/ovadb"

}

// You can add more logical volumes here following the same structure.

"ntp_servers": [

// REQUIRED: A list of Network Time Protocol (NTP) servers for time synchronization.

// These servers ensure the VM's clock is accurate, which is critical for logging and security.

// Provide at least one reliable NTP server IP or hostname.

"time.example.com",

"ntp.internal.com",

"192.168.1.25",

"216.239.35.12"

"named_conf": {

// OPTIONAL: Configuration details for the BIND/named DNS server.

// Only configure this if the VM will act as a DNS server.

"COMMENT": "Replace the words DNS_SERVER_IP1 and DNS_SERVER_IP2 in named.conf with the following servers",

// This is an internal note for your automation script.

"file_name": "/etc/named.conf",

// REQUIRED (if named_conf is used): The target file for this DNS configuration.

"dns_server_ip1": "15.15.15.100",

// REQUIRED (if named_conf is used): The IP address for DNS server 1.

"dns_server_ip2": "15.15.15.101"

// OPTIONAL (if named_conf is used): The IP address for DNS server 2.

"resolv_conf": {

// REQUIRED: Configuration for the DNS resolver on the VM.

// This tells the VM how to find and resolve hostnames to IP addresses.

"COMMENT": "Add the two lines below to resolv.conf",

// This is an internal note for your automation script.

"COMMENT": "on how to use these values.",

// This is an internal note for your automation script.

"file_name": "/etc/resolv.conf",

// REQUIRED: The target file for this resolver configuration.

"search": "yourdomain.com",

// OPTIONAL: The default domain to search for hostname lookups.

// Example: "yourcompany.local", "internal.example.com"

"nameserver": "1.2.3.4",

// REQUIRED: The IP address of a DNS server that the VM will use for name resolution.

// Provide the IP of your primary DNS resolver.

// Example: "8.8.8.8" (Google's public DNS resolver)

"dir_perms": [

// OPTIONAL: A list of directories to create or modify with their desired ownership (user, group) and permissions.

// Use this to set up specific directory structures and access controls.

{

"dirpath": "/var/log/app1",

// REQUIRED: The full path to the directory.

// Example: "/opt/myapp/data", "/var/lib/custom".

"owner": "appuser1",

// OPTIONAL: The user owner for the directory. Ensure this user exists or will be created.

"group": "appgroup1",

// OPTIONAL: The group owner for the directory. Ensure this group exists or will be created.

"permission": "750"

// REQUIRED: The directory permissions in octal format (e.g., "755", "700").

// Example: "750" (rwxr-x---)

{

"dirpath": "/logging/data",

"owner": "loguser",

"group": "loggroup",

"permission": "755"

{

"dirpath": "/database/data",

"owner": "dbuser",

"group": "dbgroup",

"permission": "700"

{

"dirpath": "/application/temp",

"owner": "appuser",

"group": "appgroup",

"permission": "755"

{

"dirpath": "/installation/tmp",

"owner": "root",

"group": "root",

"permission": "755"

}

// Add more directories as needed following the same structure.

"useradd_id": [

// OPTIONAL: A list of user accounts to be created on the VM.

// Each user will have their respective home directory and specified properties.

{

"username": "sysadmin_1",

// REQUIRED: The desired username for the new account.

// Example: "monitoruser", "devops_user".

"uid": "1000",

// OPTIONAL: The User ID (UID) for the account. If not provided, a unique UID will be assigned automatically.

"gid": "1000",

// OPTIONAL: The primary Group ID (GID) for the account. If not provided, a group with the same name as the user will be created.

"home_path": "/home/sysadmin_1",

// OPTIONAL: The custom home directory path for the user. If not specified, default will be `/home/<username>`.

"shell": "/bin/bash",

// OPTIONAL: The default shell for this user. If not specified, system default will be used.

"comment": "System Administrator Account",

// OPTIONAL: A descriptive comment for the user account.

"ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ..."

// OPTIONAL: The public SSH key for this user. This allows passwordless SSH access.

{

"username": "monitoruser",

"uid": "1001",

"gid": "1001",

"home_path": "/home/monitoruser",

"shell": "/bin/bash",

"comment": "Monitoring User",

"ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ..."

{

"username": "dbuser",

"uid": "1002",

"gid": "1002",

"home_path": "/home/dbuser",

"shell": "/bin/bash",

"comment": "Database User"

// ssh_key is optional for dbuser in this example

{

"username": "svc-enable-apps",

"uid": "1003",

"gid": "1003",

"home_path": "/home/svc-enable-apps",

"shell": "/bin/bash",

"comment": "Service Account for Applications"

{

"username": "vaultuser",

"uid": "1004",

"gid": "1004",

"home_path": "/home/vaultuser",

"shell": "/bin/bash",

"comment": "Vault Access User"

{

"username": "cisuser",

"uid": "1005",

"gid": "1005",

"home_path": "/home/cisuser",

"shell": "/bin/bash",

"comment": "CIS Compliance User"

{

"username": "ukrcode-app",

"uid": "1006",

"gid": "1006",

"home_path": "/home/ukrcode-app",

"shell": "/bin/bash",

"comment": "Ukrainian Code Application User"

{

"username": "testuser",

"uid": "1007",

"gid": "1007",

"home_path": "/home/testuser",

"shell": "/bin/bash",

"comment": "Temporary Test User"

{

"username": "sysadmin_a",

// Duplicated entry example with different comment

"uid": "1008",

"gid": "1008",

"home_path": "/home/sysadmin_a",

"shell": "/bin/bash",

"comment": "System Administrator Account (Alias A)"

}

// Add more users as needed.

"home_dirs_perms": [

// OPTIONAL: Permissions and ownership for the home directories of the listed users.

// Use this to ensure proper access control for user home directories.

{

"user": "sysadmin_1",

// REQUIRED: The username whose home directory permissions are being set. Must match a user in 'useradd_id'.

"perms": "755",

// REQUIRED: The directory permissions in octal format (e.g., "755", "700").

// Example: "755" (rwxr-xr-x), "700" (rwx------).

"owner": "sysadmin_1",

// REQUIRED: The user owner for the home directory.

"group": "sysadmin_1"

// REQUIRED: The group owner for the home directory.

{

"user": "sysadmin_a",

"perms": "755",

"owner": "sysadmin_a",

"group": "sysadmin_a"

{

"user": "orauser",

"perms": "755",

"owner": "orauser",

"group": "dba"

{

"user": "cisuser",

"perms": "700",

"owner": "cisuser",

"group": "cisgroup"

{

"user": "monitoruser",

"perms": "755",

"owner": "monitoruser",

"group": "monitorgroup"

{

"user": "svc-enable-apps",

"perms": "755",

"owner": "svc-enable-apps",

"group": "appgroup"

{

"user": "vm_admin",

"perms": "755",

"owner": "vm_admin",

"group": "vm_admin"

{

"user": "ukrcode-app",

"perms": "755",

"owner": "ukrcode-app",

"group": "ukrcodegroup"

{

"user": "testuser",

"perms": "755",

"owner": "testuser",

"group": "testgroup"

}

// Add more home directory permissions as needed.

"groupadd_id": [

// OPTIONAL: A list of groups and their corresponding group IDs (GIDs) to be created.

// Use this to set up custom user groups for permissions management.

{

"groupname": "dba",

// REQUIRED: The name of the group to create.

"gid": "1000"

// OPTIONAL: The Group ID (GID) for the group. If not provided, a unique GID will be assigned automatically.

{

"groupname": "apps",

"gid": "1001"

{

"groupname": "monitor",

"gid": "1002"

{

"groupname": "webusers",

"gid": "1003"

{

"groupname": "cis_audit",

"gid": "1004"

{

"groupname": "ukrcode",

"gid": "1005"

}

// Add more groups as needed.

"cyberark_accounts": [

// OPTIONAL: Configuration details for integrating with CyberArk for privileged account management.

// Use this if your organization uses CyberArk for secrets management.

{

"cyberark_account": "dbuser_cyberark",

// REQUIRED: The CyberArk account name.

"adn_domain_security_group": "CYBERARK_PROD_DBA_PGRP_USAGE",

// REQUIRED: The Active Directory domain security group associated with the account.

"cyberark_id": "DBA_PROD_DBA_SERVER",

// REQUIRED: The CyberArk Safe ID where privileged account credentials are stored.

"adm_security_trustee": "admin@example.com"

// OPTIONAL: The AD security trustee for this account.

{

"cyberark_account": "piser",

"adn_domain_security_group": "CYBERARK_RHEL_PI_PGRP_USAGE",

"cyberark_id": "RHEL_PI_SAFE_ID",

"adm_security_trustee": "admin@example.com"

{

"cyberark_account": "system_admin_1",

"adn_domain_security_group": "CYBERARK_R_SYSTEM_ADMIN_LH_PGRP_USAGE",

"cyberark_id": "SYSTEM_ADMIN_1_LH_PGRP",

"adm_security_trustee": "manager@example.com"

{

"cyberark_account": "test",

"adn_domain_security_group": "CYBERARK_R_PROD_TEST_PGRP_USAGE",

"cyberark_id": "PROD_TEST_PGRP",

"adm_security_trustee": "admin@example.com"

{

"cyberark_account": "pittsier",

"adn_domain_security_group": "CYBERARK_R_PROD_PITTS_PGRP_USAGE",

"cyberark_id": "PROD_PITTS_PGRP",

"adm_security_trustee": "admin_ops@example.com"

{

"cyberark_account": "bids",

"adn_domain_security_group": "CYBERARK_R_PROD_BIDS_PGRP_USAGE",

"cyberark_id": "PROD_P_BIDS_PGRP",

"adm_security_trustee": "bill@example.com"

}

// Add more CyberArk account configurations as needed.

"auth_sub_add": [

// OPTIONAL: A list of paths for SSH authorized_keys configuration.

// This allows specific users to log in via SSH using their public keys without passwords.

// Each entry specifies a target file and the public key content.

{

"file_name": "/opt/oracle/.ssh/authorized_keys",

// REQUIRED: The full path to the authorized_keys file.

// Example: "/home/username/.ssh/authorized_keys".

"key_content": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqY... oracle@prod_db_server",

// REQUIRED: The public SSH key content. Include the full key string.

"permissions": "600",

// OPTIONAL: File permissions for the authorized_keys file (octal).

// Standard is "600".

"owner": "oracle",

// OPTIONAL: The user owner for the file.

"group": "oinstall"

// OPTIONAL: The group owner for the file.

{

"file_name": "/root/.ssh/authorized_keys",

"key_content": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqY... root@admin_server",

"permissions": "600",

"owner": "root",

"group": "root"

{

"file_name": "/var/lib/pgsql/.ssh/authorized_keys",

"key_content": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqY... postgres@db_server",

"permissions": "600",

"owner": "postgres",

"group": "postgres"

}

// Add more authorized_keys entries as needed.

"symbolic_link_add": [

// OPTIONAL: A list of symbolic links to create.

// This allows creating shortcuts or consistent paths to frequently accessed directories or files.

{

"link_name": "/logging-data/app_logs",

// REQUIRED: The path for the symbolic link (the shortcut).

// Example: "/var/log/myapp".

"target_path": "/opt/applications/app_logs"

// REQUIRED: The path where the symbolic link points to (the actual directory/file).

// Example: "/usr/share/myapp/logs".

{

"link_name": "/usr/default-os-archive",

"target_path": "/applications/archive"

}

// Add more symbolic links as needed.

"base_packages": [

// OPTIONAL: A list of essential packages and package groups to install on the VM.

// These packages provide core functionality and utilities.

// Ensure the package names are correct for RHEL.

"wget",

"vim",

"net-tools",

"sysstat",

"bind-utils",

"git",

"tree",

"tmux",

"open-vm-tools",

"bash-completion",

"mlocate",

"unzip",

"zip",

"cronie"

// Add more base packages as required.

"extra_repo": [

// OPTIONAL: A list of additional repositories to install.

// This is used for installing packages not available in the default Red Hat repositories.

// Ensure the repository names are correct and accessible.

"epel-release",

"nginx-mainline",

"docker-ce",

"kubernetes"

// Add more repository names as required.

"sysctl_conf": {

// OPTIONAL: Configuration for kernel parameters via sysctl.

// This fine-tunes the kernel's behavior for performance or security reasons.

"file_name": "/etc/sysctl.conf",

// REQUIRED: The target sysctl configuration file.

"COMMENT": "Add the two lines below to the sysctl.conf file. (= separating key/value).",

// Internal note for automation.

"kernel.sem": "250 32000 100 128",

// REQUIRED: Sets semaphore parameters. These are often required for databases like Oracle.

// Format: SEMMSL SEMMNS SEMOPM SEMMNI

// Example: "250 32000 100 128"

"kernel.shmmax": "4294967296",

// REQUIRED: Sets the maximum size of a single shared memory segment (in bytes).

// This is important for applications that use shared memory.

// Example: "4294967296" (4GB)

"kernel.shmall": "2097152",

// REQUIRED: Sets the total amount of shared memory that can be used (in pages).

// Example: "2097152" (for 8GB shared memory if page size is 4KB)

"kernel.shmmni": "4096",

// REQUIRED: Sets the maximum number of shared memory segments system-wide.

// Example: "4096"

"fs.file-max": "6815744",

// REQUIRED: Sets the maximum number of open file handles the kernel can allocate.

// Example: "6815744"

"fs.aio-max-nr": "1048576",

// REQUIRED: Sets the maximum number of concurrent asynchronous I/O requests.

// Example: "1048576"

"net.ipv4.ip_local_port_range": "9000 65000",

// REQUIRED: Sets the range of local ports for outgoing connections.

// Format: "MIN_PORT MAX_PORT"

// Example: "9000 65000"

"net.core.rmem_default": "262144",

// REQUIRED: Sets the default receive buffer size for sockets.

"net.core.rmem_max": "4194304",

// REQUIRED: Sets the maximum receive buffer size for sockets.

"net.core.wmem_default": "262144",

// REQUIRED: Sets the default send buffer size for sockets.

"net.core.wmem_max": "1048576",

// REQUIRED: Sets the maximum send buffer size for sockets.

"net.ipv4.tcp_tw_recycle": "0",

// OPTIONAL: Disables TCP TIME-WAIT recycling (often recommended for modern kernels).

"net.ipv4.tcp_tw_reuse": "1",

// OPTIONAL: Enables TCP TIME-WAIT reuse.

"net.ipv4.tcp_fin_timeout": "10",

// OPTIONAL: Sets the timeout for FIN_WAIT_2 state.

"net.ipv4.conf.all.rp_filter": "2",

// OPTIONAL: Enables Reverse Path Filtering (security feature).

"net.ipv4.conf.default.rp_filter": "2",

// OPTIONAL: Enables Reverse Path Filtering for default interfaces.

"net.ipv4.conf.lo.rp_filter": "2",

// OPTIONAL: Enables Reverse Path Filtering for loopback interface.

"net.ipv4.conf.eth0.rp_filter": "2"

// OPTIONAL: Enables Reverse Path Filtering for eth0 (example interface).

// Adjust interface name as needed.

"ip_tables_add": [

// OPTIONAL: A list of IPTables rules to add to the VM's firewall.

// This controls network traffic in and out of the VM for security.

// Use this section if you need custom firewall rules beyond the default.

{

"command": "-A INPUT -p tcp --dport 1521 -j ACCEPT",

// REQUIRED: The IPTables command to execute.

// Ensure the command is valid IPTables syntax.

// Example: "-A INPUT -p tcp --dport 80 -j ACCEPT" (Allow HTTP)

// Example: "-A FORWARD -s 192.168.1.0/24 -j ACCEPT" (Allow forward from a subnet)

"COMMENT": "Add a rule to the 'INPUT' chain to allow inbound TCP traffic on port 1521 (e.g., for Oracle Listener)."

{

"command": "-A INPUT -p tcp --dport 22 -j ACCEPT",

"COMMENT": "Allow SSH (port 22) inbound."

{

"command": "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT",

"COMMENT": "Allow established and related incoming connections."

{

"command": "-A INPUT -p icmp -j ACCEPT",

"COMMENT": "Allow ICMP (ping)."

{

"command": "-A INPUT -i lo -j ACCEPT",

"COMMENT": "Accept all traffic on the loopback interface."

{

"command": "-A INPUT -j REJECT --reject-with icmp-host-prohibited",

"COMMENT": "Reject all other inbound traffic with host prohibited message."

{

"command": "-A FORWARD -j REJECT --reject-with icmp-host-prohibited",

"COMMENT": "Reject all forwarding traffic."

{

"command": "-A OUTPUT -j ACCEPT",

"COMMENT": "Allow all outbound traffic."

{

"command": "-P INPUT DROP",

"COMMENT": "Set default INPUT policy to DROP (very restrictive)."

{

"command": "-P FORWARD DROP",

"COMMENT": "Set default FORWARD policy to DROP."

{

"command": "-P OUTPUT ACCEPT",

"COMMENT": "Set default OUTPUT policy to ACCEPT."

}

// Add more IPTables rules as needed. Each rule should be a separate entry.

"disable_services": [

// OPTIONAL: A list of system services to disable on the VM.

// This is often done for security hardening or performance optimization by stopping unnecessary services.

// Provide the exact service name.

"cups",

// Example: "cups" (Common Unix Printing System)

"postfix",

// Example: "postfix" (Mail Transfer Agent)

"bluetooth",

"firewalld" // If you manage firewall with iptables_add

// Add more service names to disable as required.

"enable_services": [

// OPTIONAL: A list of system services to enable and start on the VM.

// Use this to ensure required services are running after deployment.

// Provide the exact service name.

"sshd",

// Example: "sshd" (SSH daemon)

"nginx",

// Example: "nginx" (Web server)

"chronyd",

// Example: "chronyd" (NTP client for time sync)

"qemu-guest-agent"

// Example: "qemu-guest-agent" (for VM management features)

// Add more service names to enable as required.

"add_relayhost": {

// OPTIONAL: Configuration to set up an email relay host for the VM.

// This allows the VM to send outgoing emails through a specified SMTP server.

"COMMENT": "Add the following line to main.cf",

// Internal note for automation.

"file_name": "/etc/postfix/main.cf",

// REQUIRED: The target postfix configuration file.

"relayhost": "smtp.example.com",

// REQUIRED: The hostname or IP address of the SMTP relay server.

// Example: "smtp.yourcompany.com", "192.168.1.50".

// Ensure this relay host is accessible from the VM.

"COMMENT": "Configure the server to use this host as a relay."

// Internal note for automation.

"system_limits_configuration": {

// OPTIONAL: Configuration for system resource limits (ulimits) for users/processes.

// This helps prevent a single user or process from consuming all system resources.

"file_name": "/etc/security/limits.conf",

// REQUIRED: The target limits configuration file.

"COMMENT": "This configures resource limits for system users.",

// General comment for the section.

"hard_nproc": "65536",

// OPTIONAL: Sets the maximum number of processes (nproc) a user can create (hard limit).

// This is a strict upper bound.

"soft_nproc": "65536",

// OPTIONAL: Sets the default maximum number of processes (nproc) a user can create (soft limit).

// This can be increased by the user up to the hard limit.

"hard_nofile": "65536",

// OPTIONAL: Sets the hard limit for the maximum number of open files (nofile) for all users.

"soft_nofile": "65536",

// OPTIONAL: Sets the soft limit for the maximum number of open files for all users.

"oracle_hard_nproc": "unlimited",

// OPTIONAL: Sets the hard limit for 'nproc' specifically for the 'oracle' user to unlimited.

// Use "unlimited" for no specific limit.

"oracle_soft_nproc": "unlimited",

// OPTIONAL: Sets the soft limit for 'nproc' specifically for the 'oracle' user to unlimited.

"oracle_hard_memlock": "unlimited",

// OPTIONAL: Sets the hard limit for locked-in-memory address space for the 'oracle' user to unlimited.

// This is often required for database performance.

"oracle_soft_memlock": "unlimited"

// OPTIONAL: Sets the soft limit for locked-in-memory address space for the 'oracle' user to unlimited.

// Adjust values based on application requirements.

"rhosts": {

// OPTIONAL: Configuration for trusted hosts for remote shell (rsh) access.

// WARNING: Using rsh and .rhosts is generally considered insecure and deprecated.

// Only use this if absolutely necessary for legacy systems and understand the security implications.

"COMMENT": "Create file .rhosts",

// Internal note for automation.

"file_name": "/root/.rhosts",

// REQUIRED: The target .rhosts file path. Usually in a user's home directory.

// WARNING: This file should only be owned by the user and have strict permissions (e.g., 600).

"target_host": "trusted_host.example.com"

// REQUIRED: The hostname or IP address of the trusted host.

// Example: "backup-server", "192.168.1.10".

// This allows passwordless access from this host to the user associated with this .rhosts file.

// IMPORTANT: Only grant root login on this.

"custom_sh": {

// OPTIONAL: Placeholder for adding custom shell commands or scripts.

// Use this to execute specific commands or configuration steps not covered by other sections.

"COMMENT": "Add OS-system_admin_1.conf file.",

// Internal note for automation.

"file_name": "/etc/system_admin_1.conf",

// REQUIRED: The target file where custom shell commands will be placed.

"COMMENT": "Instructions for creating or adding to a specific SDMC configuration file.",

// Internal note for automation.

"COMMENT": "The target SDMC configuration file.",

// Internal note for automation.

"COMMENT": "Prevents direct root login via SSH.",

// Internal note for automation.

"PasswordAuthentication": "no",

// OPTIONAL: Set to "no" to disable password authentication for SSH.

// Strongly recommended for security; only allow key-based authentication.

"PermitRootLogin": "without-password",

// OPTIONAL: Configures root login behavior for SSH.

// "without-password" allows root login only with SSH keys, not passwords.

// "no" disables root login entirely.

"COMMENT": "Specifies whether login(1) is used for interactive login sessions.",

// Internal note for automation.

"EnforceRootLogin": "no"

// OPTIONAL: Set to "no" to prevent direct root login for interactive sessions (requires ssh_key for root).

// You can add more key-value pairs here representing shell commands or config lines.

// Example: "command_to_run": "echo 'Hello from custom script' >> /var/log/custom.log"

"oraenv_conf": {

// OPTIONAL: Configuration for Oracle environment variables.

// This is typically used to set up the Oracle software environment for database users.

"COMMENT": "Add the following lines with NTP servers in oraenv.conf.",

// Internal note for automation.

"file_name": "/opt/oracle/oraenv.conf",

// REQUIRED: The target Oracle environment configuration file.

"ntp_server_1": "server.example.com",

// REQUIRED: Primary NTP server for Oracle environments.

"ntp_server_2": "server2.example.com",

// OPTIONAL: Secondary NTP server for Oracle environments.

"COMMENT": "Configures NTP for faster synchronization on startup.",

// Internal note for automation.

"COMMENT": "Add 'server admins.example.com iburst' to NTP config.",

// Internal note for automation.

"COMMENT": "Add 'server opsmgr.example.com iburst' to NTP config."

// Internal note for automation.

// You can add more Oracle-specific environment variables here.

// Example: "ORACLE_HOME": "/u01/app/oracle/product/19.0.0/dbhome_1"

"dbus_conf": {

// OPTIONAL: Configuration for D-Bus discovery daemon.

// This is primarily for inter-process communication in Linux systems.

"COMMENT": "Create new file /etc/dbus.d/discovery with the following contents",

// Internal note for automation.

"COMMENT": "Instructions for creating a discovery file for D-Bus.",

// Internal note for automation.

"file_name": "/etc/dbus.d/discovery",

// REQUIRED: The target D-Bus discovery file.

"contents": "<?xml version='1.0' encoding='UTF-8'?><D-BUS><MONITOR><MATCH><NAME type='interface'>org.freedesktop.DBus</NAME></MATCH></MONITOR></D-BUS>"

// REQUIRED: The XML content for the D-Bus discovery file.

// This section seems to instruct on adding a specific configuration related to D-Bus discovery.

// The "root" permissions are likely for the file itself.

"auditd_conf": {

// OPTIONAL: Configuration for the Linux Auditing System (auditd).

// This helps in logging system calls and file access for security and compliance.

"COMMENT": "add the following two lines to auditd.conf",

// Internal note for automation.

"file_name": "/etc/audit/auditd.conf",

// REQUIRED: The target auditd configuration file.

"num_log_files": "10",

// REQUIRED: Number of audit log files to keep.

"max_log_file": "100",

// REQUIRED: Maximum size of each audit log file in MB.

"max_log_file_action": "keep_logs",

// REQUIRED: Action to take when max_log_file is reached (e.g., "keep_logs", "rotate").

"rotate_logs": "hourly",

// OPTIONAL: How often logs should be rotated (e.g., "daily", "weekly", "hourly").

"rotate_compress": "false"

// OPTIONAL: Whether to compress rotated log files.

"logrotate_items": [

// OPTIONAL: Specific logrotate configurations for individual log files.

// This allows customizing how specific application or system logs are rotated.

{

"file_name": "/var/log/app1/app.log",

// REQUIRED: The full path to the log file.

"compress": "true",

// OPTIONAL: Whether to compress old log files.

"delaycompress": "true",

// OPTIONAL: Whether to delay compression until the next rotation.

"missingok": "true",

// OPTIONAL: Don't issue an error if the log file is missing.

"notifempty": "false",

// OPTIONAL: Don't rotate if the log file is empty.

"rotate_count": "5",

// REQUIRED: Number of old log files to keep.

"create_new": "true",

// OPTIONAL: Whether to create a new empty log file after rotation.

"create_owner": "root",

// OPTIONAL: The owner for the newly created log file.

"create_group": "root",

// OPTIONAL: The group for the newly created log file.

"create_perms": "644",

// OPTIONAL: The permissions (octal) for the newly created log file.

"olddir": "/var/log/app1/old",

// OPTIONAL: Directory where old log files should be moved.

"keep_logs": "5"

// OPTIONAL: Number of old log files to keep. (Duplicate of rotate_count, clarify if one is preferred).

}

// Add more logrotate items as needed.

"rsyslogd": {

// OPTIONAL: Configuration for the rsyslog daemon.

// This manages system log messages and their destinations.

"file_name": "/etc/rsyslog.d/50-default.conf",

// REQUIRED: The target rsyslog configuration file.

"COMMENT": "Add this to the rsyslog config file /var/log/secure /var/log/boot.log /var/log/messages.",

// Internal note for automation.

"paths_to_various_system_log_files": {

// Defines paths to system log files and their corresponding actions.

"authpriv_log": "authpriv.* /var/log/secure",

// Logs all authpriv messages to /var/log/secure.

"boot_log": "*.info;mail.none;authpriv.none;cron.none /var/log/boot.log",

// Logs info messages (excluding mail, authpriv, cron) to /var/log/boot.log.

"messages_log": "*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages"

// Logs info messages (excluding mail, news, authpriv, cron) to /var/log/messages.

"COMMENT": "Commands to run after rotation, typically to signal the logging daemon and fix permissions.",

// Internal note for automation.

"rotate_command": "/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` || true"

// OPTIONAL: Command to execute after log rotation to signal rsyslogd to reload.

"crond_conf": {

// OPTIONAL: Configuration for cron jobs.

// This allows scheduling commands or scripts to run automatically at specified times.

"file_name": "/etc/cron.d/test",

// REQUIRED: The target cron configuration file.

"COMMENT": "add the following line",

// Internal note for automation.

"command": "0 0 * * * root /usr/bin/logcleanup.sh",

// REQUIRED: The cron job entry.

// Format: "minute hour day_of_month month_of_year day_of_week user command"

// Example: "0 0 * * * root /usr/bin/daily_backup.sh" (Runs daily at midnight)

"COMMENT": "This will run every 30 minutes to collect the activity data."

// Internal note for automation.

// Another example:

// "command_2": "*/30 * * * * root /opt/scripts/collect_metrics.sh"

// Runs every 30 minutes.

"COMMENT": "Now tailor daily and at 10:00 every Saturday.",

// Internal note for automation.

"COMMENT": "Deletes old log files from /var/log/app_logs that are older than 15 days.",

// Internal note for automation.

"delete_logs_command": "find /var/log/app_logs -type f -name '*.log' -mtime +15 -delete"

// OPTIONAL: A command to delete old log files.

}

Labtools9

Search This Blog

testing

Comments

Post a Comment

Popular posts from this blog

How to Check Hardware Details on Linux:

How Virtual Machines are Created in OpenStack: A Complete Backend Workflow: