# Changelog ## [Unreleased] ### Added - Python tooling validation for operational scripts. - `incident-log-summary` for general incident log summarization. - `log-diff-checker` for pre-change and post-change log comparison. - `auth-log-audit` for Linux authentication log review. - `jvm-log-analyzer` for JVM application log summaries. - `journal-analyzer` for exported `journalctl` log review. - `known-error-matcher` with JSON-based known error patterns. - Standalone Bash incident checks for CPU, memory/OOM, service restart loops, failed SSH logins, certificate expiry, DNS connectivity, NTP drift, read-only filesystems, inode usage, and JVM process diagnostics. - Repository-level Codex guidance: - `AGENTS.md` - `docs/codex/README.md` - `docs/codex/review-checklist.md` - `docs/codex/task-template.md` - `docs/codex/plans-template.md` - Lightweight validation helpers: - `scripts/validate-repo.sh` - `scripts/check-bash.sh` - `scripts/check-ansible.sh` - `scripts/check-docs.sh` - Cross-repository operational documentation structure: - `infra-run/docs/operations-cheatsheet.md` - `platform-projects/docs/platform-cheatsheet.md` - `labs/docs/lab-cheatsheet.md` - Production-oriented Linux/Unix operations reference with incident workflows, storage and networking checks, SSL/TLS notes, AIX commands, automation safety patterns, Ansible operational usage, and observability quick-reference. - SELinux operational coverage for mode checks, context inspection, AVC audit review, persistent relabel workflow, booleans, and SELinux-specific incident response. - Selected baseline Ansible hardening automation: - RHEL 9 role and playbook. - Debian 13 / Ubuntu 26.04 role and playbook. - IBM AIX 7 role and playbook. - Shared sanitized Ansible inventory defaults for Linux and AIX examples. - Role-level task structure covering pre-checks, SSH, sudo, auditing, logging, services, filesystem controls, platform-specific settings, handlers, and post-check validation. ### Changed - Updated root, `infra-run`, Bash, Ansible, platform, and lab README guidance for safety-first usage, validation, and future Codex-driven work. - Updated repository and `infra-run` README files to surface the new documentation structure and operational cheatsheets. - Updated repository, `infra-run`, and Ansible README files to describe the new hardening automation instead of placeholder-only Ansible structure. - Updated Python tooling documentation and repository roadmap. - Integrated Python syntax validation into repository validation workflow and CI. ### Notes - Hardening content covers selected baseline controls and intended for portfolio/lab use; live use requires environment-specific review and validation. ## [Initial Version] ### Added - Repository structure: - `infra-run` - `platform-projects` - `labs` - Linux operations Bash toolkit under `infra-run/scripts/bash/os-healthcheck/`: - healthcheck - disk usage checks - service checks - system reporting - Disk full incident toolkit: - disk analysis - large files detection - deleted open files detection - safe cleanup suggestions - Network troubleshooting script under `infra-run/scripts/bash/os-healthcheck/`: - interface, routing, DNS, connectivity checks - Veritas storage toolkit: - VxVM disk detection - diskgroup extension - volume/filesystem resize - VCS freeze/unfreeze workflow - GPFS storage toolkit: - cluster validation - NSD planning - filesystem expansion - rebalance - Runbook-style structure and step-based execution. ### Changed - Moved Linux operations scripts into `infra-run/scripts/bash/os-healthcheck/` to keep host health and troubleshooting checks grouped together. ### Notes - All scripts default to dry-run where change actions are present. - Designed for safety and readability. - No destructive actions without explicit confirmation.