claudetools/CREDENTIAL_GAP_ANALYSIS.md

# Credential Gap Analysis
**Date:** 2026-01-24
**Scope:** ClaudeTools codebase credential audit

---

## Executive Summary

Comprehensive scan of ClaudeTools codebase identified **5 infrastructure servers** with credentials documented in INITIAL_DATA.md but missing from credentials.md, plus **1 external VPS server** actively in use.

**Status:**
- ✓ IX Server credentials added to credentials.md
- ⏳ 5 additional servers need documentation
- ⏳ GoDaddy VPS credentials need verification

---

## Critical Priority Gaps

### 1. pfSense Firewall (172.16.0.1)
**Status:** CRITICAL - Active production firewall
**Source:** INITIAL_DATA.md lines 324-331
**Missing from:** credentials.md

**Credentials:**
- Host: 172.16.0.1
- SSH Port: 2248
- User: admin
- Password: r3tr0gradE99!!
- Tailscale IP: 100.79.69.82
- Role: Primary firewall, VPN gateway, Tailscale gateway
- Subnet Routes: 172.16.0.0/16

**Priority:** CRITICAL - This is the network gateway

---

## High Priority Gaps

### 2. WebSvr (websvr.acghosting.com)
**Status:** Active - DNS management server
**Source:** INITIAL_DATA.md lines 362-367
**Referenced in:** clients/grabb-durando/website-migration/README.md

**Credentials:**
- Host: websvr.acghosting.com
- External IP: 162.248.93.81
- User: root
- SSH Port: 22
- Password: r3tr0gradE99#
- OS: CentOS 7 (WHM/cPanel)
- Role: Legacy hosting, DNS management for ACG Hosting

**Priority:** HIGH - Used for DNS management (grabbanddurando.com zone)

### 3. OwnCloud VM (172.16.3.22)
**Status:** Active - File sync server
**Source:** INITIAL_DATA.md lines 333-340
**Missing from:** credentials.md

**Credentials:**
- Host: 172.16.3.22
- Hostname: cloud.acghosting.com
- User: root
- SSH Port: 22
- Password: **NOT DOCUMENTED** in INITIAL_DATA.md
- OS: Rocky Linux 9.6
- Role: OwnCloud file sync server
- Services: Apache, MariaDB, PHP-FPM, Redis

**Priority:** HIGH - Password needs verification
**Action Required:** Determine OwnCloud root password

---

## Medium Priority Gaps

### 4. Saturn (172.16.3.21)
**Status:** Decommissioned
**Source:** INITIAL_DATA.md lines 316-322

**Credentials:**
- Host: 172.16.3.21
- User: root
- SSH Port: 22
- Password: r3tr0gradE99
- OS: Unraid 6.x
- Status: Migration to Jupiter complete

**Priority:** MEDIUM - Document for historical reference
**Note:** May be offline, document as decommissioned

---

## External Infrastructure

### 5. GoDaddy VPS (208.109.235.224)
**Status:** Active - CRITICAL disk space (99% full)
**Source:** clients/grabb-durando/website-migration/README.md
**Missing from:** credentials.md

**Credentials:**
- Host: 208.109.235.224
- User: root
- SSH Port: 22
- Auth: SSH key (id_ed25519)
- OS: CloudLinux 9.6
- cPanel: v126.0
- Role: data.grabbanddurando.com hosting (pending migration)

**Database Credentials (on GoDaddy VPS):**
- Database: grabblaw_gdapp
- User: grabblaw_gdapp
- Password: e8o8glFDZD

**Priority:** HIGH - Active production, urgent migration needed
**Action Required:** Document for migration tracking

---

## Credentials Already Documented (Verified)

✓ GuruRMM Server (172.16.3.30)
✓ Jupiter (172.16.3.20)
✓ IX Server (172.16.3.10) - ADDED TODAY
✓ Gitea credentials
✓ AD2 (192.168.0.6)
✓ D2TESTNAS (192.168.0.9)
✓ ClaudeTools database
✓ GuruRMM API access
✓ Peaceful Spirit VPN

---

## Additional Findings

### API Keys/Tokens Referenced
**From INITIAL_DATA.md lines 569-574:**

Priority for future documentation:
- Gitea API Token (generate as needed)
- Cloudflare API Token
- SyncroMSP API Key
- Autotask API Credentials
- CIPP API Client (ClaudeCipp2)

**Status:** Not critical yet, document when generated/used

---

## Duplicate/Inconsistent Information

### GuruRMM Server
**Issue:** Referenced as "Build Server" in some docs, "GuruRMM Server" in others
**Resolution:** credentials.md uses "GuruRMM Server (172.16.3.30)" - CONSISTENT

**Aliases found:**
- Build Server (INITIAL_DATA.md)
- GuruRMM Server (credentials.md)
- gururmm (hostname)

**Recommendation:** Add note about aliases in credentials.md

---

## Password Pattern Analysis

**Common password base:** `r3tr0gradE99` with variations:
- r3tr0gradE99 (Saturn)
- r3tr0gradE99!! (pfSense)
- r3tr0gradE99# (WebSvr)
- Th1nk3r^99## (Jupiter)
- Gptf*77ttb!@#!@# (IX Server)
- Gptf*77ttb123!@#-rmm (Build Server)
- Gptf*77ttb123!@#-git (Gitea)

**Security Note:** Multiple servers share password base patterns
**Recommendation:** Consider password rotation and unique passwords per server

---

## Files Scanned

✓ credentials.md
✓ INITIAL_DATA.md
✓ GURURMM_API_ACCESS.md
✓ clients/internal-infrastructure/ix-server-issues-2026-01-13.md
✓ clients/grabb-durando/website-migration/README.md
✓ PROJECTS_INDEX.md
✓ 111 markdown files with IP addresses (scanned for patterns)

---

## Recommendations

### Immediate Actions
1. ✓ Add IX Server to credentials.md - COMPLETED
2. Add pfSense to credentials.md - CRITICAL
3. Add WebSvr to credentials.md - HIGH
4. Determine OwnCloud root password and document
5. Add GoDaddy VPS to credentials.md (Client section)

### Documentation Improvements
6. Create "Decommissioned Infrastructure" section for Saturn
7. Add "External/Client Servers" section for GoDaddy VPS
8. Add server aliases/hostnames to existing entries
9. Document password patterns (separate secure doc?)
10. Add "API Keys & Tokens" section (future use)

### Security Considerations
11. Review password reuse across servers
12. Consider password rotation schedule
13. Document SSH key locations and usage
14. Verify VPN access requirements for each server

---

## Next Steps

1. Complete credential additions to credentials.md
2. Verify OwnCloud password (may need to reset or recover)
3. Test access to each documented server
4. Update credentials.md Last Updated timestamp
5. Run grepai indexing verification
6. Create final audit summary report

---

**Audit Status:** ClaudeTools scan COMPLETE, claude-projects scan PENDING
**Gaps Identified:** 5 servers, 1 external VPS, multiple API keys
**Critical Gaps:** 1 (pfSense firewall)
**High Priority Gaps:** 2 (WebSvr, OwnCloud)