Tested

This file documents the validation status for infra-run.

Tested Locally

Repository structure and documentation links were reviewed.
Bash scripts were reviewed for dry-run defaults, quoting, and obvious unsafe cleanup behavior.
Disk-full examples use fake data and can be read without access to production systems.

Syntax Checked

Recommended local checks:

find infra-run/scripts/bash -name '*.sh' -print0 | xargs -0 shellcheck -x -P infra-run/scripts/bash/disk-full -P infra-run/scripts/bash/gpfs -P infra-run/scripts/bash/veritas
yamllint .
cd infra-run/ansible && ansible-lint playbooks roles

The GitHub Actions workflow runs shell and YAML validation. ansible-lint is non-blocking because role behavior depends on platform facts, installed collections, and target OS support.

Not Tested Against Real Systems

Veritas VxVM/VCS commands were not tested against a live Veritas cluster here.
GPFS / IBM Spectrum Scale commands were not tested against a live GPFS cluster here.
AIX hardening tasks were not tested against a real AIX LPAR here.
SSH hardening was not validated across every possible sshd_config layout.

Known Limitations

Destructive storage operations are dry-run by default where applicable, but dry-run output is not a substitute for peer review.
Some scripts require vendor commands that are not available on a normal Linux workstation.
Ansible examples are selected baseline controls, not full hardening benchmarks.
Local linting does not prove production safety.

Suggested Validation Steps

Run shellcheck against all Bash scripts.
Run yamllint against repository YAML.
Run cd infra-run/ansible && ansible-lint playbooks roles and review any non-blocking warnings.
Run disk-full read-only scripts on disposable local paths.
For Veritas or GPFS, test only in a lab with fake volumes/disks or a controlled training environment.
Validate SSH changes on a disposable host using the full effective sshd configuration.

2.0 KiB Raw Blame History