azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
claudetools/imported-conversations/general-work/claude-general/651b9822-25fa-426b-9723-899e780a997f/tool-results/toolu_012iGydfgLb7gizHnMuhBJrh.txt
Mike Swanson 75ce1c2fd5 feat: Add Sequential Thinking to Code Review + Frontend Validation 
Enhanced code review and frontend validation with intelligent triggers:

Code Review Agent Enhancement:
- Added Sequential Thinking MCP integration for complex issues
- Triggers on 2+ rejections or 3+ critical issues
- New escalation format with root cause analysis
- Comprehensive solution strategies with trade-off evaluation
- Educational feedback to break rejection cycles
- Files: .claude/agents/code-review.md (+308 lines)
- Docs: CODE_REVIEW_ST_ENHANCEMENT.md, CODE_REVIEW_ST_TESTING.md

Frontend Design Skill Enhancement:
- Automatic invocation for ANY UI change
- Comprehensive validation checklist (200+ checkpoints)
- 8 validation categories (visual, interactive, responsive, a11y, etc.)
- 3 validation levels (quick, standard, comprehensive)
- Integration with code review workflow
- Files: .claude/skills/frontend-design/SKILL.md (+120 lines)
- Docs: UI_VALIDATION_CHECKLIST.md (462 lines), AUTOMATIC_VALIDATION_ENHANCEMENT.md (587 lines)

Settings Optimization:
- Repaired .claude/settings.local.json (fixed m365 pattern)
- Reduced permissions from 49 to 33 (33% reduction)
- Removed duplicates, sorted alphabetically
- Created SETTINGS_PERMISSIONS.md documentation

Checkpoint Command Enhancement:
- Dual checkpoint system (git + database)
- Saves session context to API for cross-machine recall
- Includes git metadata in database context
- Files: .claude/commands/checkpoint.md (+139 lines)

Decision Rationale:
- Sequential Thinking MCP breaks rejection cycles by identifying root causes
- Automatic frontend validation catches UI issues before code review
- Dual checkpoints enable complete project memory across machines
- Settings optimization improves maintainability

Total: 1,200+ lines of documentation and enhancements

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-17 16:23:52 -07:00

631 lines
26 KiB
Plaintext
Raw Permalink Blame History

1→# Credentials & Authorization Reference
2→**Last Updated:** 2025-12-16
3→**Purpose:** Centralized credentials for Claude Code context recovery across all machines
4→
5→---
6→
7→## Infrastructure - SSH Access
8→
9→### Jupiter (Unraid Primary)
10→- **Host:** 172.16.3.20
11→- **User:** root
12→- **Port:** 22
13→- **Password:** Th1nk3r^99##
14→- **WebUI Password:** Th1nk3r^99##
15→- **Role:** Primary container host (Gitea, NPM, GuruRMM, media)
16→- **iDRAC IP:** 172.16.1.73 (DHCP)
17→- **iDRAC User:** root
18→- **iDRAC Password:** Window123!@#-idrac
19→- **iDRAC SSH:** Enabled (port 22)
20→- **IPMI Key:** All zeros
21→
22→### Saturn (Unraid Secondary)
23→- **Host:** 172.16.3.21
24→- **User:** root
25→- **Port:** 22
26→- **Password:** r3tr0gradE99
27→- **Role:** Migration source, being consolidated to Jupiter
28→
29→### pfSense (Firewall)
30→- **Host:** 172.16.0.1
31→- **User:** admin
32→- **Port:** 2248
33→- **Password:** r3tr0gradE99!!
34→- **Role:** Firewall, Tailscale gateway
35→- **Tailscale IP:** 100.79.69.82 (pfsense-1)
36→
37→### OwnCloud VM (on Jupiter)
38→- **Host:** 172.16.3.22
39→- **Hostname:** cloud.acghosting.com
40→- **User:** root
41→- **Port:** 22
42→- **Password:** Paper123!@#-unifi!
43→- **OS:** Rocky Linux 9.6
44→- **Role:** OwnCloud file sync server
45→- **Services:** Apache, MariaDB, PHP-FPM, Redis, Datto RMM agents
46→- **Storage:** SMB mount from Jupiter (/mnt/user/OwnCloud)
47→- **Note:** Jupiter has SSH key auth configured
48→
49→### GuruRMM Build Server
50→- **Host:** 172.16.3.30
51→- **Hostname:** gururmm
52→- **User:** guru
53→- **Port:** 22
54→- **Password:** Gptf*77ttb123!@#-rmm
55→- **Sudo Password:** Gptf*77ttb123!@#-rmm (special chars cause issues with sudo -S)
56→- **OS:** Ubuntu 22.04
57→- **Role:** GuruRMM/GuruConnect dedicated server (API, DB, Dashboard, Downloads, GuruConnect relay)
58→- **Services:** nginx, PostgreSQL, gururmm-server, gururmm-agent, guruconnect-server
59→- **SSH Key Auth:** ✅ Working from Windows/WSL (ssh guru@172.16.3.30)
60→- **Service Restart Method:** Services run as guru user, so `pkill` works without sudo. Deploy pattern:
61→ 1. Build: `cargo build --release --target x86_64-unknown-linux-gnu -p <package>`
62→ 2. Rename old: `mv target/release/binary target/release/binary.old`
63→ 3. Copy new: `cp target/x86_64.../release/binary target/release/binary`
64→ 4. Kill old: `pkill -f binary.old` (systemd auto-restarts)
65→- **GuruConnect:** Static files in /home/guru/guru-connect/server/static/, binary at /home/guru/guru-connect/target/release/guruconnect-server
66→
67→---
68→
69→## Services - Web Applications
70→
71→### Gitea (Git Server)
72→- **URL:** https://git.azcomputerguru.com/
73→- **Internal:** http://172.16.3.20:3000
74→- **SSH:** ssh://git@172.16.3.20:2222
75→- **User:** mike@azcomputerguru.com
76→- **Password:** Window123!@#-git
77→- **API Token:** 9b1da4b79a38ef782268341d25a4b6880572063f
78→
79→### NPM (Nginx Proxy Manager)
80→- **Admin URL:** http://172.16.3.20:7818
81→- **HTTP Port:** 1880
82→- **HTTPS Port:** 18443
83→- **User:** mike@azcomputerguru.com
84→- **Password:** Paper123!@#-unifi
85→
86→### Cloudflare
87→- **API Token (Full DNS):** DRRGkHS33pxAUjQfRDzDeVPtt6wwUU6FwtXqOzNj
88→- **API Token (Legacy/Limited):** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w
89→- **Permissions:** Zone:Read, Zone:Edit, DNS:Read, DNS:Edit
90→- **Used for:** DNS management, WHM plugin, cf-dns CLI
91→- **Domain:** azcomputerguru.com
92→- **Notes:** New full-access token added 2025-12-19
93→
94→---
95→
96→## Projects - GuruRMM
97→
98→### Dashboard/API Login
99→- **Email:** admin@azcomputerguru.com
100→- **Password:** GuruRMM2025
101→- **Role:** admin
102→
103→### Database (PostgreSQL)
104→- **Host:** gururmm-db container (172.16.3.20)
105→- **Database:** gururmm
106→- **User:** gururmm
107→- **Password:** 43617ebf7eb242e814ca9988cc4df5ad
108→
109→---
110→
111→## Projects - GuruConnect
112→
113→### Database (PostgreSQL on build server)
114→- **Host:** localhost (172.16.3.30)
115→- **Port:** 5432
116→- **Database:** guruconnect
117→- **User:** guruconnect
118→- **Password:** gc_a7f82d1e4b9c3f60
119→- **DATABASE_URL:** `postgres://guruconnect:gc_a7f82d1e4b9c3f60@localhost:5432/guruconnect`
120→- **Created:** 2025-12-28
121→
122→---
123→
124→## Projects - GuruRMM (continued)
125→
126→### API Server
127→- **External URL:** https://rmm-api.azcomputerguru.com
128→- **Internal URL:** http://172.16.3.20:3001
129→- **JWT Secret:** ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
130→
131→### Microsoft Entra ID (SSO)
132→- **App Name:** GuruRMM Dashboard
133→- **App ID (Client ID):** 18a15f5d-7ab8-46f4-8566-d7b5436b84b6
134→- **Object ID:** 34c80aa8-385a-4bea-af85-f8bf67decc8f
135→- **Client Secret:** gOz8Q~J.oz7KnUIEpzmHOyJ6GEzYNecGRl-Pbc9w
136→- **Secret Expires:** 2026-12-21
137→- **Sign-in Audience:** Multi-tenant (any Azure AD org)
138→- **Redirect URIs:** https://rmm.azcomputerguru.com/auth/callback, http://localhost:5173/auth/callback
139→- **API Permissions:** openid, email, profile
140→- **Notes:** Created 2025-12-21 for GuruRMM SSO
141→
142→### CI/CD (Build Automation)
143→- **Webhook URL:** http://172.16.3.30/webhook/build
144→- **Webhook Secret:** gururmm-build-secret
145→- **Build Script:** /opt/gururmm/build-agents.sh
146→- **Build Log:** /var/log/gururmm-build.log
147→- **Gitea Webhook ID:** 1
148→- **Trigger:** Push to main branch
149→- **Builds:** Linux (x86_64) and Windows (x86_64) agents
150→- **Deploy Path:** /var/www/gururmm/downloads/
151→
152→### Build Server SSH Key (for Gitea)
153→- **Key Name:** gururmm-build-server
154→- **Public Key:**
155→```
156→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSqf2/phEXUK8vd5GhMIDTEGSk0LvYk92sRdNiRrjKi guru@gururmm-build
157→```
158→- **Added to:** Gitea (azcomputerguru account)
159→
160→### Clients & Sites
161→#### Glaztech Industries (GLAZ)
162→- **Client ID:** d857708c-5713-4ee5-a314-679f86d2f9f9
163→- **Site:** SLC - Salt Lake City
164→- **Site ID:** 290bd2ea-4af5-49c6-8863-c6d58c5a55de
165→- **Site Code:** DARK-GROVE-7839
166→- **API Key:** grmm_Qw64eawPBjnMdwN5UmDGWoPlqwvjM7lI
167→- **Created:** 2025-12-18
168→
169→---
170→
171→## Client Sites - WHM/cPanel
172→
173→### IX Server (ix.azcomputerguru.com)
174→- **SSH Host:** ix.azcomputerguru.com
175→- **Internal IP:** 172.16.3.10 (VPN required)
176→- **SSH User:** root
177→- **SSH Password:** Gptf*77ttb!@#!@#
178→- **SSH Key:** guru@wsl key added to authorized_keys
179→- **Role:** cPanel/WHM server hosting client sites
180→
181→### WebSvr (websvr.acghosting.com)
182→- **Host:** websvr.acghosting.com
183→- **SSH User:** root
184→- **SSH Password:** r3tr0gradE99#
185→- **API Token:** 8ZPYVM6R0RGOHII7EFF533MX6EQ17M7O
186→- **Access Level:** Full access
187→- **Role:** Legacy cPanel/WHM server (migration source to IX)
188→
189→### data.grabbanddurando.com
190→- **Server:** IX (ix.azcomputerguru.com)
191→- **cPanel Account:** grabblaw
192→- **Site Path:** /home/grabblaw/public_html/data_grabbanddurando
193→- **Site Admin User:** admin
194→- **Site Admin Password:** GND-Paper123!@#-datasite
195→- **Database:** grabblaw_gdapp_data
196→- **DB User:** grabblaw_gddata
197→- **DB Password:** GrabbData2025
198→- **Config File:** /home/grabblaw/public_html/data_grabbanddurando/connection.php
199→- **Backups:** /home/grabblaw/public_html/data_grabbanddurando/backups_mariadb_fix/
200→
201→### GoDaddy VPS (Legacy)
202→- **IP:** 208.109.235.224
203→- **Hostname:** 224.235.109.208.host.secureserver.net
204→- **Auth:** SSH key
205→- **Database:** grabblaw_gdapp
206→- **Note:** Old server, data migrated to IX
207→
208→---
209→
210→## Seafile (on Jupiter - Migrated 2025-12-27)
211→
212→### Container
213→- **Host:** Jupiter (172.16.3.20)
214→- **URL:** https://sync.azcomputerguru.com
215→- **Port:** 8082 (internal), proxied via NPM
216→- **Containers:** seafile, seafile-mysql, seafile-memcached, seafile-elasticsearch
217→- **Docker Compose:** /mnt/user0/SeaFile/DockerCompose/docker-compose.yml
218→- **Data Path:** /mnt/user0/SeaFile/seafile-data/
219→
220→### Seafile Admin
221→- **Email:** mike@azcomputerguru.com
222→- **Password:** r3tr0gradE99#
223→
224→### Database (MariaDB)
225→- **Container:** seafile-mysql
226→- **Image:** mariadb:10.6
227→- **Root Password:** db_dev
228→- **Seafile User:** seafile
229→- **Seafile Password:** 64f2db5e-6831-48ed-a243-d4066fe428f9
230→- **Databases:** ccnet_db (users), seafile_db (data), seahub_db (web)
231→
232→### Elasticsearch
233→- **Container:** seafile-elasticsearch
234→- **Image:** elasticsearch:7.17.26
235→- **Note:** Upgraded from 7.16.2 for kernel 6.12 compatibility
236→
237→### Microsoft Graph API (Email)
238→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
239→- **Client ID:** 15b0fafb-ab51-4cc9-adc7-f6334c805c22
240→- **Client Secret:** rRN8Q~FPfSL8O24iZthi_LVJTjGOCZG.DnxGHaSk
241→- **Sender Email:** noreply@azcomputerguru.com
242→- **Used for:** Seafile email notifications via Graph API
243→
244→### Migration Notes
245→- **Migrated from:** Saturn (172.16.3.21) on 2025-12-27
246→- **Saturn Status:** Seafile stopped, data intact for rollback (keep 1 week)
247→
248→---
249→
250→## NPM Proxy Hosts Reference
251→
252→| ID | Domain | Backend | SSL Cert |
253→|----|--------|---------|----------|
254→| 1 | emby.azcomputerguru.com | 172.16.2.99:8096 | npm-1 |
255→| 2 | git.azcomputerguru.com | 172.16.3.20:3000 | npm-2 |
256→| 4 | plexrequest.azcomputerguru.com | 172.16.3.31:5055 | npm-4 |
257→| 5 | rmm-api.azcomputerguru.com | 172.16.3.20:3001 | npm-6 |
258→| - | unifi.azcomputerguru.com | 172.16.3.28:8443 | npm-5 |
259→| 8 | sync.azcomputerguru.com | 172.16.3.20:8082 | npm-8 |
260→
261→---
262→
263→## Tailscale Network
264→
265→| Tailscale IP | Hostname | Owner | OS |
266→|--------------|----------|-------|-----|
267→| 100.79.69.82 (pfsense-1) | pfsense | mike@ | freebsd |
268→| 100.125.36.6 | acg-m-l5090 | mike@ | windows |
269→| 100.92.230.111 | acg-tech-01l | mike@ | windows |
270→| 100.96.135.117 | acg-tech-02l | mike@ | windows |
271→| 100.113.45.7 | acg-tech03l | howard@ | windows |
272→| 100.77.166.22 | desktop-hjfjtep | mike@ | windows |
273→| 100.101.145.100 | guru-legion9 | mike@ | windows |
274→| 100.119.194.51 | guru-surface8 | howard@ | windows |
275→| 100.66.103.110 | magus-desktop | rob@ | windows |
276→| 100.66.167.120 | magus-pc | rob@ | windows |
277→
278→---
279→
280→## SSH Public Keys
281→
282→### guru@wsl (Windows/WSL)
283→- **User:** guru
284→- **Sudo Password:** Window123!@#-wsl
285→- **SSH Key:**
286→```
287→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWY+SdqMHJP5JOe3qpWENQZhXJA4tzI2d7ZVNAwA/1u guru@wsl
288→```
289→
290→### azcomputerguru@local (Mac)
291→- **User:** azcomputerguru
292→- **SSH Key:**
293→```
294→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrGbr4EwvQ4P3ZtyZW3ZKkuDQOMbqyAQUul2+JE4K4S azcomputerguru@local
295→```
296→
297→---
298→
299→## Quick Reference Commands
300→
301→### NPM API Auth
302→```bash
303→curl -s -X POST http://172.16.3.20:7818/api/tokens \
304→ -H "Content-Type: application/json" \
305→ -d '{"identity":"mike@azcomputerguru.com","secret":"Paper123!@#-unifi"}'
306→```
307→
308→### Gitea API
309→```bash
310→curl -H "Authorization: token 9b1da4b79a38ef782268341d25a4b6880572063f" \
311→ https://git.azcomputerguru.com/api/v1/repos/search
312→```
313→
314→### GuruRMM Health Check
315→```bash
316→curl http://172.16.3.20:3001/health
317→```
318→
319→---
320→
321→## MSP Tools
322→
323→### Syncro (PSA/RMM) - AZ Computer Guru
324→- **API Key:** T259810e5c9917386b-52c2aeea7cdb5ff41c6685a73cebbeb3
325→- **Subdomain:** computerguru
326→- **API Base URL:** https://computerguru.syncromsp.com/api/v1
327→- **API Docs:** https://api-docs.syncromsp.com/
328→- **Account:** AZ Computer Guru MSP
329→- **Notes:** Added 2025-12-18
330→
331→### Autotask (PSA) - AZ Computer Guru
332→- **API Username:** dguyqap2nucge6r@azcomputerguru.com
333→- **API Password:** z*6G4fT#oM~8@9Hxy$2Y7K$ma
334→- **API Integration Code:** HYTYYZ6LA5HB5XK7IGNA7OAHQLH
335→- **Integration Name:** ClaudeAPI
336→- **API Zone:** webservices5.autotask.net
337→- **API Docs:** https://autotask.net/help/developerhelp/Content/APIs/REST/REST_API_Home.htm
338→- **Account:** AZ Computer Guru MSP
339→- **Notes:** Added 2025-12-18, new API user "Claude API"
340→
341→### CIPP (CyberDrain Improved Partner Portal)
342→- **URL:** https://cippcanvb.azurewebsites.net
343→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
344→- **API Client Name:** ClaudeCipp2 (working)
345→- **App ID (Client ID):** 420cb849-542d-4374-9cb2-3d8ae0e1835b
346→- **Client Secret:** MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT
347→- **Scope:** api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default
348→- **CIPP-SAM App ID:** 91b9102d-bafd-43f8-b17a-f99479149b07
349→- **IP Range:** 0.0.0.0/0 (all IPs allowed)
350→- **Auth Method:** OAuth 2.0 Client Credentials
351→- **Notes:** Updated 2025-12-23, working API client
352→
353→#### CIPP API Usage (Bash)
354→```bash
355→# Get token
356→ACCESS_TOKEN=$(curl -s -X POST "https://login.microsoftonline.com/ce61461e-81a0-4c84-bb4a-7b354a9a356d/oauth2/v2.0/token" \
357→ -d "client_id=420cb849-542d-4374-9cb2-3d8ae0e1835b" \
358→ -d "client_secret=MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT" \
359→ -d "scope=api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default" \
360→ -d "grant_type=client_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin).get('access_token', ''))")
361→
362→# Query endpoints (use tenant domain or tenant ID as TenantFilter)
363→curl -s "https://cippcanvb.azurewebsites.net/api/ListLicenses?TenantFilter=sonorangreenllc.com" \
364→ -H "Authorization: Bearer ${ACCESS_TOKEN}"
365→
366→# Other useful endpoints:
367→# ListTenants?AllTenants=true - List all managed tenants
368→# ListUsers?TenantFilter={tenant} - List users
369→# ListMailboxRules?TenantFilter={tenant} - Check mailbox rules
370→# BECCheck?TenantFilter={tenant}&UserID={userid} - BEC investigation
371→```
372→
373→#### Old API Client (403 errors - do not use)
374→- **App ID:** d545a836-7118-44f6-8852-d9dd64fb7bb9
375→- **Status:** Authenticated but all endpoints returned 403
376→
377→### Claude-MSP-Access (Multi-Tenant Graph API)
378→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
379→- **App ID (Client ID):** fabb3421-8b34-484b-bc17-e46de9703418
380→- **Client Secret:** ~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO
381→- **Secret Expires:** 2026-12 (24 months)
382→- **Sign-in Audience:** Multi-tenant (any Entra ID org)
383→- **Purpose:** Direct Graph API access for M365 investigations and remediation
384→- **Admin Consent URL:** https://login.microsoftonline.com/common/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
385→- **Permissions:** User.ReadWrite.All, Directory.ReadWrite.All, Mail.ReadWrite, MailboxSettings.ReadWrite, AuditLog.Read.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Group.ReadWrite.All, SecurityEvents.ReadWrite.All, AppRoleAssignment.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All
386→- **Created:** 2025-12-29
387→
388→#### Usage (Python)
389→```python
390→import requests
391→
392→tenant_id = "CUSTOMER_TENANT_ID" # or use 'common' after consent
393→client_id = "fabb3421-8b34-484b-bc17-e46de9703418"
394→client_secret = "~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO"
395→
396→# Get token
397→token_resp = requests.post(
398→ f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token",
399→ data={
400→ "client_id": client_id,
401→ "client_secret": client_secret,
402→ "scope": "https://graph.microsoft.com/.default",
403→ "grant_type": "client_credentials"
404→ }
405→)
406→access_token = token_resp.json()["access_token"]
407→
408→# Query Graph API
409→headers = {"Authorization": f"Bearer {access_token}"}
410→users = requests.get("https://graph.microsoft.com/v1.0/users", headers=headers)
411→```
412→
413→---
414→
415→## Client - MVAN Inc
416→
417→### Microsoft 365 Tenant 1
418→- **Tenant:** mvan.onmicrosoft.com
419→- **Admin User:** sysadmin@mvaninc.com
420→- **Password:** r3tr0gradE99#
421→- **Notes:** Global admin, project to merge/trust with T2
422→
423→---
424→
425→## Client - BG Builders LLC
426→
427→### Microsoft 365 Tenant
428→- **Tenant:** bgbuildersllc.com
429→- **CIPP Name:** sonorangreenllc.com
430→- **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27
431→- **Admin User:** sysadmin@bgbuildersllc.com
432→- **Password:** Window123!@#-bgb
433→- **Notes:** Added 2025-12-19
434→
435→### Security Investigation (2025-12-22)
436→- **Compromised User:** Shelly@bgbuildersllc.com (Shelly Dooley)
437→- **Symptoms:** Suspicious sent items reported by user
438→- **Findings:**
439→ - Gmail OAuth app with EAS.AccessAsUser.All (REMOVED)
440→ - "P2P Server" app registration backdoor (DELETED by admin)
441→ - No malicious mailbox rules or forwarding
442→ - Sign-in logs unavailable (no Entra P1 license)
443→- **Remediation:**
444→ - Password reset: `5ecwyHv6&dP7` (must change on login)
445→ - All sessions revoked
446→ - Gmail OAuth consent removed
447→ - P2P Server backdoor deleted
448→- **Status:** RESOLVED
449→
450→---
451→
452→## Client - Dataforth
453→
454→### Network
455→- **Subnet:** 192.168.0.0/24
456→- **Domain:** INTRANET (intranet.dataforth.com)
457→
458→### UDM (Unifi Dream Machine)
459→- **IP:** 192.168.0.254
460→- **SSH User:** root
461→- **SSH Password:** Paper123!@#-unifi
462→- **Web User:** azcomputerguru
463→- **Web Password:** Paper123!@#-unifi
464→- **2FA:** Push notification enabled
465→- **Notes:** Gateway/firewall, OpenVPN server
466→
467→### AD1 (Domain Controller)
468→- **IP:** 192.168.0.27
469→- **Hostname:** AD1.intranet.dataforth.com
470→- **User:** INTRANET\sysadmin
471→- **Password:** Paper123!@#
472→- **Role:** Primary DC, NPS/RADIUS server
473→- **NPS Ports:** 1812/1813 (auth/accounting)
474→
475→### AD2 (Domain Controller)
476→- **IP:** 192.168.0.6
477→- **Hostname:** AD2.intranet.dataforth.com
478→- **User:** INTRANET\sysadmin
479→- **Password:** Paper123!@#
480→- **Role:** Secondary DC, file server
481→
482→### NPS RADIUS Configuration
483→- **Client Name:** unifi
484→- **Client IP:** 192.168.0.254
485→- **Shared Secret:** Gptf*77ttb!@#!@#
486→- **Policy:** "Unifi" - allows Domain Users
487→
488→### D2TESTNAS (SMB1 Proxy)
489→- **IP:** 192.168.0.9
490→- **Web/SSH User:** admin
491→- **Web/SSH Password:** Paper123!@#-nas
492→- **Role:** DOS machine SMB1 proxy
493→- **Notes:** Added 2025-12-14
494→
495→---
496→
497→## Client - Valley Wide Plastering
498→
499→### Network
500→- **Subnet:** 172.16.9.0/24
501→
502→### UDM (UniFi Dream Machine)
503→- **IP:** 172.16.9.1
504→- **SSH User:** root
505→- **SSH Password:** Gptf*77ttb123!@#-vwp
506→- **Notes:** Gateway/firewall, VPN server, RADIUS client
507→
508→### VWP-DC1 (Domain Controller)
509→- **IP:** 172.16.9.2
510→- **Hostname:** VWP-DC1
511→- **User:** sysadmin
512→- **Password:** r3tr0gradE99#
513→- **Role:** Primary DC, NPS/RADIUS server
514→- **Notes:** Added 2025-12-22
515→
516→### NPS RADIUS Configuration
517→- **RADIUS Server:** 172.16.9.2
518→- **RADIUS Ports:** 1812 (auth), 1813 (accounting)
519→- **Clients:** UDM (172.16.9.1), VWP-Subnet (172.16.9.0/24)
520→- **Shared Secret:** Gptf*77ttb123!@#-radius
521→- **Policy:** "VPN-Access" - allows all authenticated users (24/7)
522→- **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
523→- **User Dial-in:** All VWP_Users set to Allow
524→- **AuthAttributeRequired:** Disabled on clients
525→- **Tested:** 2025-12-22, user cguerrero authenticated successfully
526→
527→### Dataforth - Entra App Registration (Claude-Code-M365)
528→- **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584
529→- **App ID (Client ID):** 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29
530→- **Client Secret:** tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3
531→- **Permissions:** Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All
532→- **Created:** 2025-12-22
533→- **Use:** Silent Graph API access to Dataforth tenant
534→
535→---
536→
537→## Client - CW Concrete LLC
538→
539→### Microsoft 365 Tenant
540→- **Tenant:** cwconcretellc.com
541→- **CIPP Name:** cwconcretellc.com
542→- **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711
543→- **Default Domain:** NETORGFT11452752.onmicrosoft.com
544→- **Notes:** De-federated from GoDaddy 2025-12, domain needs re-verification
545→
546→### Security Investigation (2025-12-22)
547→- **Findings:**
548→ - Graph Command Line Tools OAuth consent with high privileges (REMOVED)
549→ - "test" backdoor app registration with multi-tenant access (DELETED)
550→ - Apple Internet Accounts OAuth (left - likely iOS device)
551→ - No malicious mailbox rules or forwarding
552→- **Remediation:**
553→ - All sessions revoked for all 4 users
554→ - Backdoor apps removed
555→- **Status:** RESOLVED
556→
557→---
558→
559→## Client - Khalsa
560→
561→### Network
562→- **Subnet:** 172.16.50.0/24
563→
564→### UCG (UniFi Cloud Gateway)
565→- **IP:** 172.16.50.1
566→- **SSH User:** azcomputerguru
567→- **SSH Password:** Paper123!@#-camden (reset 2025-12-22)
568→- **Notes:** Gateway/firewall, VPN server, SSH key added but not working
569→
570→### Switch
571→- **User:** 8WfY8
572→- **Password:** tI3evTNBZMlnngtBc
573→
574→### Accountant Machine
575→- **IP:** 172.16.50.168
576→- **User:** accountant
577→- **Password:** Paper123!@#-accountant
578→- **Notes:** Added 2025-12-22, VPN routing issue
579→
580→---
581→
582→## Client - Scileppi Law Firm
583→
584→### DS214se (Source NAS - being migrated)
585→- **IP:** 172.16.1.54
586→- **SSH User:** admin
587→- **Password:** Th1nk3r^99
588→- **Storage:** 1.8TB (1.6TB used)
589→- **Data:** User home folders (admin, Andrew Ross, Chris Scileppi, Samantha Nunez, etc.)
590→
591→### Unraid (Source - Migration)
592→- **IP:** 172.16.1.21
593→- **SSH User:** root
594→- **Password:** Th1nk3r^99
595→- **Role:** Data source for migration to RS2212+
596→
597→### RS2212+ (Destination NAS)
598→- **IP:** 172.16.1.59
599→- **Hostname:** SL-SERVER
600→- **SSH User:** sysadmin
601→- **Password:** Gptf*77ttb123!@#-sl-server
602→- **SSH Key:** claude-code@localadmin added to authorized_keys
603→- **Storage:** 25TB total, 6.9TB used (28%)
604→- **Data Share:** /volume1/Data (7.9TB - Active, Closed, Archived, Billing, MOTIONS BANK)
605→- **Notes:** Migration and consolidation complete 2025-12-29
606→
607→### RS2212+ User Accounts (Created 2025-12-29)
608→| Username | Full Name | Password | Notes |
609→|----------|-----------|----------|-------|
610→| chris | Chris Scileppi | Scileppi2025! | Owner |
611→| andrew | Andrew Ross | Scileppi2025! | Staff |
612→| sylvia | Sylvia | Scileppi2025! | Staff |
613→| rose | Rose | Scileppi2025! | Staff |
614→| (TBD) | 5th user | - | Name pending |
615→
616→### Migration/Consolidation Status (COMPLETE)
617→- **Completed:** 2025-12-29
618→- **Final Structure:**
619→ - Active: 2.5TB (merged Unraid + DS214se Open Cases)
620→ - Closed: 4.9TB (merged Unraid + DS214se Closed Cases)
621→ - Archived: 451GB
622→ - MOTIONS BANK: 21MB
623→ - Billing: 17MB
624→- **Recycle Bin:** Emptied (recovered 413GB)
625→- **Permissions:** Group "users" with 775 on /volume1/Data
626→
<system-reminder>
Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.
</system-reminder>
Reference in New Issue View Git Blame Copy Permalink