Refactor dotfiles into .config

Include local bin files

.local/bin/IPMIView/jre/conf/logging.properties

@@ -0,0 +1,63 @@
+############################################################
+#  	Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.  
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+#  	Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler 
+# classes.  These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the INFO and above levels.
+handlers= java.util.logging.ConsoleHandler
+
+# To also add the FileHandler, use the following line instead.
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers.  For any given facility this global level
+# can be overriden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+# Default number of locks FileHandler can obtain synchronously.
+# This specifies maximum number of attempts to obtain lock file by FileHandler
+# implemented by incrementing the unique field %u as per FileHandler API documentation.
+java.util.logging.FileHandler.maxLocks = 100
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to INFO and above.
+java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+# Example to customize the SimpleFormatter output format 
+# to print one-line log message like this:
+#     <level>: <log message> [<date/time>]
+#
+# java.util.logging.SimpleFormatter.format=%4$s: %5$s [%1$tc]%n
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+com.xyz.foo.level = SEVERE

.local/bin/IPMIView/jre/conf/management/jmxremote.access

@@ -0,0 +1,79 @@
+######################################################################
+#     Default Access Control File for Remote JMX(TM) Monitoring
+######################################################################
+#
+# Access control file for Remote JMX API access to monitoring.
+# This file defines the allowed access for different roles.  The
+# password file (jmxremote.password by default) defines the roles and their
+# passwords.  To be functional, a role must have an entry in
+# both the password and the access files.
+#
+# The default location of this file is $JRE/conf/management/jmxremote.access
+# You can specify an alternate location by specifying a property in
+# the management config file $JRE/conf/management/management.properties
+# (See that file for details)
+#
+# The file format for password and access files is syntactically the same
+# as the Properties file format.  The syntax is described in the Javadoc
+# for java.util.Properties.load.
+# A typical access file has multiple lines, where each line is blank,
+# a comment (like this one), or an access control entry.
+#
+# An access control entry consists of a role name, and an
+# associated access level.  The role name is any string that does not
+# itself contain spaces or tabs.  It corresponds to an entry in the
+# password file (jmxremote.password).  The access level is one of the
+# following:
+#       "readonly" grants access to read attributes of MBeans.
+#                   For monitoring, this means that a remote client in this
+#                   role can read measurements but cannot perform any action
+#                   that changes the environment of the running program.
+#       "readwrite" grants access to read and write attributes of MBeans,
+#                   to invoke operations on them, and optionally
+#                   to create or remove them. This access should be granted
+#                   only to trusted clients, since they can potentially
+#                   interfere with the smooth operation of a running program.
+#
+# The "readwrite" access level can optionally be followed by the "create" and/or
+# "unregister" keywords.  The "unregister" keyword grants access to unregister
+# (delete) MBeans.  The "create" keyword grants access to create MBeans of a
+# particular class or of any class matching a particular pattern.  Access
+# should only be granted to create MBeans of known and trusted classes.
+#
+# For example, the following entry would grant readwrite access
+# to "controlRole", as well as access to create MBeans of the class
+# javax.management.monitor.CounterMonitor and to unregister any MBean:
+#  controlRole readwrite \
+#              create javax.management.monitor.CounterMonitorMBean \
+#              unregister
+# or equivalently:
+#  controlRole readwrite unregister create javax.management.monitor.CounterMBean
+#
+# The following entry would grant readwrite access as well as access to create
+# MBeans of any class in the packages javax.management.monitor and
+# javax.management.timer:
+#  controlRole readwrite \
+#              create javax.management.monitor.*,javax.management.timer.* \
+#              unregister
+#
+# The \ character is defined in the Properties file syntax to allow continuation
+# lines as shown here.  A * in a class pattern matches a sequence of characters
+# other than dot (.), so javax.management.monitor.* matches
+# javax.management.monitor.CounterMonitor but not
+# javax.management.monitor.foo.Bar.
+#
+# A given role should have at most one entry in this file.  If a role
+# has no entry, it has no access.
+# If multiple entries are found for the same role name, then the last
+# access entry is used.
+#
+#
+# Default access control entries:
+# o The "monitorRole" role has readonly access.
+# o The "controlRole" role has readwrite access and can create the standard
+#   Timer and Monitor MBeans defined by the JMX API.
+
+monitorRole   readonly
+controlRole   readwrite \
+              create javax.management.monitor.*,javax.management.timer.* \
+              unregister

.local/bin/IPMIView/jre/conf/management/jmxremote.password.template

@@ -0,0 +1,115 @@
+# ----------------------------------------------------------------------
+#           Template for jmxremote.password
+#
+# o Copy this template to jmxremote.password
+# o Set the user/password entries in jmxremote.password
+# o Change the permission of jmxremote.password to be accessible
+#   only by the owner.
+# o The jmxremote.passwords file will be re-written by the server
+#   to replace all plain text passwords with hashed passwords when
+#   the file is read by the server.
+#
+
+##############################################################
+#        Password File for Remote JMX Monitoring
+##############################################################
+#
+# Password file for Remote JMX API access to monitoring.  This
+# file defines the different roles and their passwords.  The access
+# control file (jmxremote.access by default) defines the allowed
+# access for each role.  To be functional, a role must have an entry
+# in both the password and the access files.
+#
+# Default location of this file is $JRE/conf/management/jmxremote.password
+# You can specify an alternate location by specifying a property in
+# the management config file $JRE/conf/management/management.properties
+# or by specifying a system property (See that file for details).
+
+##############################################################
+#    File format of the jmxremote.password file
+##############################################################
+#
+# The file contains multiple lines where each line is blank,
+# a comment (like this one), or a password entry.
+#
+# password entry follows the below syntax
+#   role_name W [clearPassword|hashedPassword]
+#
+# role_name is any string that does not itself contain spaces or tabs.
+# W = spaces or tabs
+#
+# Passwords can be specified via clear text or via a hash. Clear text password
+# is any string that does not contain spaces or tabs. Hashed passwords must
+# follow the below format.
+# hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm
+# where,
+#   base64_encoded_64_byte_salt = 64 byte random salt
+#   base64_encoded_hash = Hash_algorithm(password + salt)
+#   W = spaces or tabs
+#   hash_algorithm = Algorithm string specified using the format below
+#       https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#messagedigest-algorithms
+#       This is an optional field. If not specified, SHA3-512 will be assumed.
+#
+# If passwords are in clear, they will be overwritten by their hash if all of
+# the below criteria are met.
+#   * com.sun.management.jmxremote.password.toHashes property is set to true in
+#     management.properties file
+#   * the password file is writable
+#   * the system security policy allows writing into the password file, if a
+#     security manager is configured
+#
+# In order to change the password for a role, replace the hashed password entry
+# with a new clear text password or a new hashed password. If the new password
+# is in clear, it will be replaced with its hash when a new login attempt is made.
+#
+# A given role should have at most one entry in this file.  If a role
+# has no entry, it has no access.
+# If multiple entries are found for the same role name, then the last one
+# is used.
+#
+# A user generated hashed password file can also be used instead of clear-text
+# password file. If generated by the user, hashed passwords must follow the
+# format specified above.
+#
+# Caution: It is recommended not to edit the password file while the
+# agent is running, as edits could be lost if a client connection triggers the
+# hashing of the password file at the same time that the file is externally modified.
+# The integrity of the file is guaranteed, but any external edits made to the
+# file during the short period between the time that the agent reads the file
+# and the time that it writes it back might get lost
+
+##############################################################
+#    File permissions of the jmxremote.password file
+##############################################################
+#       This file must be made accessible by ONLY the owner,
+#       otherwise the program will exit with an error.
+#
+# In a typical installation, this file can be accessed by anybody on the
+# local machine, and possibly by people on other machines.
+# For security, you should either restrict the access to this file except for owner,
+# or specify another, less accessible file in the management config file
+# as described above.
+#
+# In order to prevent inadverent edits to the password file in the 
+# production environment, it is recommended to deploy a read-only 
+# hashed password file. The hashed entries for clear passwords can be generated 
+# in advance by running the JMX agent.
+#
+
+##############################################################
+#    Sample of the jmxremote.password file
+##############################################################
+# Following are two commented-out entries.  The "monitorRole" role has
+# password "QED".  The "controlRole" role has password "R&D". This is an example
+# of specifying passwords in the clear
+#
+#   monitorRole  QED
+#   controlRole  R&D
+# 
+# Once a login attempt is made, passwords will be hashed and the file will have 
+# below entries with clear passwords overwritten by their respective 
+# SHA3-512 hash
+#
+#   monitorRole trilby APzBTt34rV2l+OMbuvbnOQ4si8UZmfRCVbIY1+fAofV5CkQzXS/FDMGteQQk/R3q1wtt104qImzJEA7gCwl6dw== 4EeTdSJ7X6Imu0Mb+dWqIns7a7QPIBoM3NB/XlpMQSPSicE7PnlALVWn2pBY3Q3pGDHyAb32Hd8GUToQbUhAjA== SHA3-512
+#   controlRole roHEJSbRqSSTII4Z4+NOCV2OJaZVQ/dw153Fy2u4ILDP9XiZ426GwzCzc3RtpoqNMwqYIcfdd74xWXSMrWtGaA== w9qDsekgKn0WOVJycDyU0kLBa081zbStcCjUAVEqlfon5Sgx7XHtaodbmzpLegA1jT7Ag36T0zHaEWRHJe2fdA== SHA3-512
+# 

.local/bin/IPMIView/jre/conf/management/management.properties

@@ -0,0 +1,302 @@
+#####################################################################
+#	Default Configuration File for Java Platform Management
+#####################################################################
+#
+# The Management Configuration file (in java.util.Properties format)
+# will be read if one of the following system properties is set:
+#    -Dcom.sun.management.jmxremote.port=<port-number>
+# or -Dcom.sun.management.config.file=<this-file>
+#
+# The default Management Configuration file is:
+#
+#       $JRE/conf/management/management.properties
+#
+# Another location for the Management Configuration File can be specified
+# by the following property on the Java command line:
+#
+#    -Dcom.sun.management.config.file=<this-file>
+#
+# If -Dcom.sun.management.config.file=<this-file> is set, the port
+# number for the management agent can be specified in the config file
+# using the following lines:
+#
+# ################ Management Agent Port #########################
+#
+# For setting the JMX RMI agent port use the following line
+# com.sun.management.jmxremote.port=<port-number>
+#
+
+#####################################################################
+#                   Optional Instrumentation
+#####################################################################
+#
+# By default only the basic instrumentation with low overhead is on.
+# The following properties allow to selectively turn on optional
+# instrumentation which are off by default and may have some
+# additional overhead.
+#
+# com.sun.management.enableThreadContentionMonitoring
+#
+#      This option enables thread contention monitoring if the
+#      Java virtual machine supports such instrumentation.
+#      Refer to the specification for the java.lang.management.ThreadMBean
+#      interface - see isThreadContentionMonitoringSupported() method.
+#
+
+# To enable thread contention monitoring, uncomment the following line
+# com.sun.management.enableThreadContentionMonitoring
+
+#####################################################################
+#			RMI Management Properties
+#####################################################################
+#
+# If system property -Dcom.sun.management.jmxremote.port=<port-number>
+# is set then
+#     - A MBean server is started
+#     - JRE Platform MBeans are registered in the MBean server
+#     - RMI connector is published  in a private readonly registry at
+#       specified port using a well known name, "jmxrmi"
+#     - the following properties are read for JMX remote management.
+#
+# The configuration can be specified only at startup time.
+# Later changes to above system property (e.g. via setProperty method),
+# this config file, the password file, or the access file have no effect to the
+# running MBean server, the connector, or the registry.
+#
+
+#
+# ########## RMI connector settings for local management ##########
+#
+# com.sun.management.jmxremote.local.only=true|false
+#      Default for this property is true. (Case for true/false ignored)
+#      If this property is specified as true then the local JMX RMI connector
+#      server will only accept connection requests from clients running on
+#      the host where the out-of-the-box JMX management agent is running.
+#      In order to ensure backwards compatibility this property could be
+#      set to false. However, deploying the local management agent in this
+#      way is discouraged because the local JMX RMI connector server will
+#      accept connection requests from any client either local or remote.
+#      For remote management the remote JMX RMI connector server should
+#      be used instead with authentication and SSL/TLS encryption enabled.
+#
+
+# For allowing the local management agent accept local
+# and remote connection requests use the following line
+# com.sun.management.jmxremote.local.only=false
+
+#
+# ###################### RMI SSL #############################
+#
+# com.sun.management.jmxremote.ssl=true|false
+#      Default for this property is true. (Case for true/false ignored)
+#      If this property is specified as false then SSL is not used.
+#
+
+# For RMI monitoring without SSL use the following line
+# com.sun.management.jmxremote.ssl=false
+
+# com.sun.management.jmxremote.ssl.config.file=filepath
+#      Specifies the location of the SSL configuration file. A properties
+#      file can be used to supply the keystore and truststore location and
+#      password settings thus avoiding to pass them as cleartext in the
+#      command-line.
+#
+#      The current implementation of the out-of-the-box management agent will
+#      look up and use the properties specified below to configure the SSL
+#      keystore and truststore, if present:
+#          javax.net.ssl.keyStore=<keystore-location>
+#          javax.net.ssl.keyStorePassword=<keystore-password>
+#          javax.net.ssl.trustStore=<truststore-location>
+#          javax.net.ssl.trustStorePassword=<truststore-password>
+#      Any other properties in the file will be ignored. This will allow us
+#      to extend the property set in the future if required by the default
+#      SSL implementation.
+#
+#      If the property "com.sun.management.jmxremote.ssl" is set to false,
+#      then this property is ignored.
+#
+
+# For supplying the keystore settings in a file use the following line
+# com.sun.management.jmxremote.ssl.config.file=filepath
+
+# com.sun.management.jmxremote.ssl.enabled.cipher.suites=<cipher-suites>
+#      The value of this property is a string that is a comma-separated list
+#      of SSL/TLS cipher suites to enable. This property can be specified in
+#      conjunction with the previous property "com.sun.management.jmxremote.ssl"
+#      in order to control which particular SSL/TLS cipher suites are enabled
+#      for use by accepted connections. If this property is not specified then
+#      the SSL/TLS RMI Server Socket Factory uses the SSL/TLS cipher suites that
+#      are enabled by default.
+#
+
+# com.sun.management.jmxremote.ssl.enabled.protocols=<protocol-versions>
+#      The value of this property is a string that is a comma-separated list
+#      of SSL/TLS protocol versions to enable. This property can be specified in
+#      conjunction with the previous property "com.sun.management.jmxremote.ssl"
+#      in order to control which particular SSL/TLS protocol versions are
+#      enabled for use by accepted connections. If this property is not
+#      specified then the SSL/TLS RMI Server Socket Factory uses the SSL/TLS
+#      protocol versions that are enabled by default.
+#
+
+# com.sun.management.jmxremote.ssl.need.client.auth=true|false
+#      Default for this property is false. (Case for true/false ignored)
+#      If this property is specified as true in conjunction with the previous
+#      property "com.sun.management.jmxremote.ssl" then the SSL/TLS RMI Server
+#      Socket Factory will require client authentication.
+#
+
+# For RMI monitoring with SSL client authentication use the following line
+# com.sun.management.jmxremote.ssl.need.client.auth=true
+
+# com.sun.management.jmxremote.registry.ssl=true|false
+#      Default for this property is false. (Case for true/false ignored)
+#      If this property is specified as true then the RMI registry used
+#      to bind the RMIServer remote object is protected with SSL/TLS
+#      RMI Socket Factories that can be configured with the properties:
+#          com.sun.management.jmxremote.ssl.config.file
+#          com.sun.management.jmxremote.ssl.enabled.cipher.suites
+#          com.sun.management.jmxremote.ssl.enabled.protocols
+#          com.sun.management.jmxremote.ssl.need.client.auth
+#      If the two properties below are true at the same time, i.e.
+#          com.sun.management.jmxremote.ssl=true
+#          com.sun.management.jmxremote.registry.ssl=true
+#      then the RMIServer remote object and the RMI registry are
+#      both exported with the same SSL/TLS RMI Socket Factories.
+#
+
+# For using an SSL/TLS protected RMI registry use the following line
+# com.sun.management.jmxremote.registry.ssl=true
+
+#
+# ################ RMI User authentication ################
+#
+# com.sun.management.jmxremote.authenticate=true|false
+#      Default for this property is true. (Case for true/false ignored)
+#      If this property is specified as false then no authentication is
+#      performed and all users are allowed all access.
+#
+
+# For RMI monitoring without any checking use the following line
+# com.sun.management.jmxremote.authenticate=false
+
+#
+# ################ RMI Login configuration ###################
+#
+# com.sun.management.jmxremote.login.config=<config-name>
+#      Specifies the name of a JAAS login configuration entry to use when
+#      authenticating users of RMI monitoring.
+#
+#      Setting this property is optional - the default login configuration
+#      specifies a file-based authentication that uses the password file.
+#
+#      When using this property to override the default login configuration
+#      then the named configuration entry must be in a file that gets loaded
+#      by JAAS. In addition, the login module(s) specified in the configuration
+#      should use the name and/or password callbacks to acquire the user's
+#      credentials. See the NameCallback and PasswordCallback classes in the
+#      javax.security.auth.callback package for more details.
+#
+#      If the property "com.sun.management.jmxremote.authenticate" is set to
+#      false, then this property and the password & access files are ignored.
+#
+
+# For a non-default login configuration use the following line
+# com.sun.management.jmxremote.login.config=<config-name>
+
+#
+# ################ RMI Password file location ##################
+#
+# com.sun.management.jmxremote.password.file=filepath
+#      Specifies location for password file
+#      This is optional - default location is
+#      $JRE/conf/management/jmxremote.password
+#
+#      If the property "com.sun.management.jmxremote.authenticate" is set to
+#      false, then this property and the password & access files are ignored.
+#      Otherwise the password file must exist and be in the valid format.
+#      If the password file is empty or non-existent then no access is allowed.
+#
+
+# For a non-default password file location use the following line
+# com.sun.management.jmxremote.password.file=filepath
+
+#
+# ################# Hash passwords in password file ##############
+# com.sun.management.jmxremote.password.toHashes = true|false
+#      Default for this property is true.
+#      Specifies if passwords in the password file should be hashed or not.
+#      If this property is true, and if the password file is writable, and if the 
+#      system security policy allows writing into the password file,
+#      all the clear passwords in the password file will be replaced by
+#      their SHA3-512 hash when the file is read by the server
+#
+
+#
+# ################ RMI Access file location #####################
+#
+# com.sun.management.jmxremote.access.file=filepath
+#      Specifies location for access  file
+#      This is optional - default location is
+#      $JRE/conf/management/jmxremote.access
+#
+#      If the property "com.sun.management.jmxremote.authenticate" is set to
+#      false, then this property and the password & access files are ignored.
+#      Otherwise, the access file must exist and be in the valid format.
+#      If the access file is empty or non-existent then no access is allowed.
+#
+
+# For a non-default password file location use the following line
+# com.sun.management.jmxremote.access.file=filepath
+#
+
+# ################ Management agent listen interface #########################
+#
+# com.sun.management.jmxremote.host=<host-or-interface-name>
+#      Specifies the local interface on which the JMX RMI agent will bind.
+#      This is useful when running on machines which have several
+#      interfaces defined. It makes it possible to listen to a specific
+#      subnet accessible through that interface.
+#
+#      The format of the value for that property is any string accepted
+#      by java.net.InetAddress.getByName(String).
+#
+
+# ################ Filter for ObjectInputStream #############################
+# com.sun.management.jmxremote.serial.filter.pattern=<filter-string>
+#   A filter, if configured, is used by java.io.ObjectInputStream during
+#   deserialization of parameters sent to the JMX default agent to validate the 
+#   contents of the stream.
+#   A filter is configured as a sequence of patterns, each pattern is either
+#   matched against the name of a class in the stream or defines a limit.
+#   Patterns are separated by ";" (semicolon).
+#   Whitespace is significant and is considered part of the pattern.
+#
+#   If a pattern includes a "=", it sets a limit.
+#   If a limit appears more than once the last value is used.
+#   Limits are checked before classes regardless of the order in the sequence of patterns.
+#   If any of the limits are exceeded, the filter status is REJECTED.
+#
+#       maxdepth=value - the maximum depth of a graph
+#       maxrefs=value  - the maximum number of internal references
+#       maxbytes=value - the maximum number of bytes in the input stream
+#       maxarray=value - the maximum array length allowed
+#
+#   Other patterns, from left to right, match the class or package name as
+#   returned from Class.getName.
+#   If the class is an array type, the class or package to be matched is the element type.
+#   Arrays of any number of dimensions are treated the same as the element type.
+#   For example, a pattern of "!example.Foo", rejects creation of any instance or
+#   array of example.Foo.
+#
+#   If the pattern starts with "!", the status is REJECTED if the remaining pattern
+#       is matched; otherwise the status is ALLOWED if the pattern matches.
+#   If the pattern contains "/", the non-empty prefix up to the "/" is the module name;
+#       if the module name matches the module name of the class then
+#       the remaining pattern is matched with the class name.
+#   If there is no "/", the module name is not compared.
+#   If the pattern ends with ".**" it matches any class in the package and all subpackages.
+#   If the pattern ends with ".*" it matches any class in the package.
+#   If the pattern ends with "*", it matches any class with the pattern as a prefix.
+#   If the pattern is equal to the class name, it matches.
+#   Otherwise, the status is UNDECIDED.

.local/bin/IPMIView/jre/conf/net.properties

@@ -0,0 +1,139 @@
+############################################################
+#       Default Networking Configuration File
+#
+# This file may contain default values for the networking system properties.
+# These values are only used when the system properties are not specified
+# on the command line or set programmatically.
+# For now, only the various proxy settings can be configured here.
+############################################################
+
+# Whether or not the DefaultProxySelector will default to System Proxy
+# settings when they do exist.
+# Set it to 'true' to enable this feature and check for platform
+# specific proxy settings
+# Note that the system properties that do explicitly set proxies
+# (like http.proxyHost) do take precedence over the system settings
+# even if java.net.useSystemProxies is set to true.
+
+java.net.useSystemProxies=false
+
+#------------------------------------------------------------------------
+# Proxy configuration for the various protocol handlers.
+# DO NOT uncomment these lines if you have set java.net.useSystemProxies
+# to true as the protocol specific properties will take precedence over
+# system settings.
+#------------------------------------------------------------------------
+
+# HTTP Proxy settings. proxyHost is the name of the proxy server
+# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
+# value is 80) and nonProxyHosts is a '|' separated list of hostnames which
+# should be accessed directly, ignoring the proxy server (default value is
+# localhost & 127.0.0.1).
+#
+# http.proxyHost=
+# http.proxyPort=80
+http.nonProxyHosts=localhost|127.*|[::1]
+#
+# HTTPS Proxy Settings. proxyHost is the name of the proxy server
+# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
+# value is 443). The HTTPS protocol handlers uses the http nonProxyHosts list.
+#
+# https.proxyHost=
+# https.proxyPort=443
+#
+# FTP Proxy settings. proxyHost is the name of the proxy server
+# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
+# value is 80) and nonProxyHosts is a '|' separated list of hostnames which
+# should be accessed directly, ignoring the proxy server (default value is
+# localhost & 127.0.0.1).
+#
+# ftp.proxyHost=
+# ftp.proxyPort=80
+ftp.nonProxyHosts=localhost|127.*|[::1]
+#
+# Gopher Proxy settings. proxyHost is the name of the proxy server
+# (e.g. proxy.mydomain.com), proxyPort is the port number to use (default
+# value is 80)
+#
+# gopher.proxyHost=
+# gopher.proxyPort=80
+#
+# Socks proxy settings. socksProxyHost is the name of the proxy server
+# (e.g. socks.domain.com), socksProxyPort is the port number to use
+# (default value is 1080)
+#
+# socksProxyHost=
+# socksProxyPort=1080
+#
+# HTTP Keep Alive settings. remainingData is the maximum amount of data
+# in kilobytes that will be cleaned off the underlying socket so that it
+# can be reused (default value is 512K), queuedConnections is the maximum
+# number of Keep Alive connections to be on the queue for clean up (default
+# value is 10).
+# http.KeepAlive.remainingData=512
+# http.KeepAlive.queuedConnections=10
+
+# Authentication Scheme restrictions for HTTP and HTTPS.
+#
+# In some environments certain authentication schemes may be undesirable
+# when proxying HTTP or HTTPS.  For example, "Basic" results in effectively the
+# cleartext transmission of the user's password over the physical network.
+# This section describes the mechanism for disabling authentication schemes
+# based on the scheme name. Disabled schemes will be treated as if they are not
+# supported by the implementation.
+#
+# The 'jdk.http.auth.tunneling.disabledSchemes' property lists the authentication
+# schemes that will be disabled when tunneling HTTPS over a proxy, HTTP CONNECT.
+# The 'jdk.http.auth.proxying.disabledSchemes' property lists the authentication
+# schemes that will be disabled when proxying HTTP.
+#
+# In both cases the property is a comma-separated list of, case-insensitive,
+# authentication scheme names, as defined by their relevant RFCs. An
+# implementation may, but is not required to, support common schemes whose names
+# include: 'Basic', 'Digest', 'NTLM', 'Kerberos', 'Negotiate'.  A scheme that
+# is not known, or not supported, by the implementation is ignored.
+#
+# Note: This property is currently used by the JDK Reference implementation. It
+# is not guaranteed to be examined and used by other implementations.
+#
+#jdk.http.auth.proxying.disabledSchemes=
+jdk.http.auth.tunneling.disabledSchemes=Basic
+
+#
+# Allow restricted HTTP request headers
+#
+# By default, the following request headers are not allowed to be set by user code
+# in HttpRequests: "connection", "content-length", "expect", "host" and "upgrade".
+# The 'jdk.httpclient.allowRestrictedHeaders' property allows one or more of these
+# headers to be specified as a comma separated list to override the default restriction.
+# The names are case-insensitive and white-space is ignored (removed before processing
+# the list). Note, this capability is mostly intended for testing and isn't expected
+# to be used in real deployments. Protocol errors or other undefined behavior is likely
+# to occur when using them. The property is not set by default.
+# Note also, that there may be other headers that are restricted from being set
+# depending on the context. This includes the "Authorization" header when the
+# relevant HttpClient has an authenticator set. These restrictions cannot be
+# overridden by this property.
+#
+# jdk.httpclient.allowRestrictedHeaders=host
+#
+#
+# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
+# can be used for the NTLM scheme, where the security credentials based on the
+# currently logged in user's name and password can be obtained directly from the
+# operating system, without prompting the user. This property has three possible
+# values which regulate the behavior as shown below. Other unrecognized values
+# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
+# strongly secure authentication scheme and care should be taken before enabling
+# this mechanism.
+#
+# Transparent authentication never used.
+#jdk.http.ntlm.transparentAuth=disabled
+#
+# Enabled for all hosts.
+#jdk.http.ntlm.transparentAuth=allHosts
+#
+# Enabled for hosts that are trusted in Windows Internet settings
+#jdk.http.ntlm.transparentAuth=trustedHosts
+#
+jdk.http.ntlm.transparentAuth=disabled

.local/bin/IPMIView/jre/conf/security/java.policy

@@ -0,0 +1,44 @@
+//
+// This system policy file grants a set of default permissions to all domains
+// and can be configured to grant additional permissions to modules and other
+// code sources. The code source URL scheme for modules linked into a
+// run-time image is "jrt".
+//
+// For example, to grant permission to read the "foo" property to the module
+// "com.greetings", the grant entry is:
+//
+// grant codeBase "jrt:/com.greetings" {
+//     permission java.util.PropertyPermission "foo", "read";
+// };
+//
+
+// default permissions granted to all domains
+grant {
+    // allows anyone to listen on dynamic ports
+    permission java.net.SocketPermission "localhost:0", "listen";
+
+    // "standard" properies that can be read by anyone
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+    permission java.util.PropertyPermission
+                   "java.specification.version", "read";
+    permission java.util.PropertyPermission "java.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.specification.name", "read";
+    permission java.util.PropertyPermission
+                   "java.vm.specification.version", "read";
+    permission java.util.PropertyPermission
+                   "java.vm.specification.vendor", "read";
+    permission java.util.PropertyPermission
+                   "java.vm.specification.name", "read";
+    permission java.util.PropertyPermission "java.vm.version", "read";
+    permission java.util.PropertyPermission "java.vm.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.name", "read";
+};

.local/bin/IPMIView/jre/conf/security/nss.cfg

@@ -0,0 +1,5 @@
+name = NSS
+nssLibraryDirectory = /usr/lib64
+nssDbMode = noDb
+attributes = compatibility
+handleStartupErrors = ignoreMultipleInitialisation

.local/bin/IPMIView/jre/conf/security/nss.fips.cfg

@@ -0,0 +1,8 @@
+name = NSS-FIPS
+nssLibraryDirectory = /usr/lib64
+nssSecmodDirectory = sql:/etc/pki/nssdb
+nssDbMode = readOnly
+nssModule = fips
+
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
+

.local/bin/IPMIView/jre/conf/security/policy/README.txt

@@ -0,0 +1,54 @@
+
+            Java(TM) Cryptography Extension Policy Files
+    for the Java(TM) Platform, Standard Edition Runtime Environment
+
+                               README
+------------------------------------------------------------------------
+
+Import and export control rules on cryptographic software vary from
+country to country.  The Java Cryptography Extension (JCE) architecture
+allows flexible cryptographic key strength to be configured via the
+jurisdiction policy files which are referenced by the "crypto.policy"
+security property in the <java-home>/conf/security/java.security file.
+
+By default, Java provides two different sets of cryptographic policy
+files:
+
+    unlimited:  These policy files contain no restrictions on cryptographic
+                strengths or algorithms
+
+    limited:    These policy files contain more restricted cryptographic
+                strengths
+
+These files reside in <java-home>/conf/security/policy in the "unlimited"
+or "limited" subdirectories respectively.
+
+Each subdirectory contains a complete policy configuration,
+and subdirectories can be added/edited/removed to reflect your
+import or export control product requirements.
+
+Within a subdirectory, the effective policy is the combined minimum
+permissions of the grant statements in the file(s) matching the filename
+pattern "default_*.policy".  At least one grant is required.  For example:
+
+    limited   =  Export (all) + Import (limited)  =  Limited
+    unlimited =  Export (all) + Import (all)      =  Unlimited
+
+The effective exemption policy is the combined minimum permissions
+of the grant statements in the file(s) matching the filename pattern
+"exempt_*.policy".  Exemption grants are optional.  For example:
+
+    limited   =  grants exemption permissions, by which the
+                 effective policy can be circumvented.
+                 e.g.  KeyRecovery/KeyEscrow/KeyWeakening.
+
+Please see the Java Cryptography Architecture (JCA) documentation for
+additional information on these files and formats.
+
+YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
+TO DETERMINE THE EXACT REQUIREMENTS.
+
+Please note that the JCE for Java SE, including the JCE framework,
+cryptographic policy files, and standard JCE providers provided with
+the Java SE, have been reviewed and approved for export as mass market
+encryption item by the US Bureau of Industry and Security.

.local/bin/IPMIView/jre/conf/security/policy/limited/default_US_export.policy

@@ -0,0 +1,6 @@
+// Default US Export policy file.
+
+grant {
+    // There is no restriction to any algorithms.
+    permission javax.crypto.CryptoAllPermission; 
+};

.local/bin/IPMIView/jre/conf/security/policy/limited/default_local.policy

@@ -0,0 +1,14 @@
+// Some countries have import limits on crypto strength. This policy file
+// is worldwide importable.
+
+grant {
+    permission javax.crypto.CryptoPermission "DES", 64;
+    permission javax.crypto.CryptoPermission "DESede", *;
+    permission javax.crypto.CryptoPermission "RC2", 128, 
+                                     "javax.crypto.spec.RC2ParameterSpec", 128;
+    permission javax.crypto.CryptoPermission "RC4", 128;
+    permission javax.crypto.CryptoPermission "RC5", 128, 
+          "javax.crypto.spec.RC5ParameterSpec", *, 12, *;
+    permission javax.crypto.CryptoPermission "RSA", *;
+    permission javax.crypto.CryptoPermission *, 128;
+};

.local/bin/IPMIView/jre/conf/security/policy/limited/exempt_local.policy

@@ -0,0 +1,13 @@
+// Some countries have import limits on crypto strength, but may allow for
+// these exemptions if the exemption mechanism is used.
+
+grant {
+    // There is no restriction to any algorithms if KeyRecovery is enforced.
+    permission javax.crypto.CryptoPermission *, "KeyRecovery"; 
+
+    // There is no restriction to any algorithms if KeyEscrow is enforced.
+    permission javax.crypto.CryptoPermission *, "KeyEscrow"; 
+
+    // There is no restriction to any algorithms if KeyWeakening is enforced. 
+    permission javax.crypto.CryptoPermission *, "KeyWeakening";
+};

.local/bin/IPMIView/jre/conf/security/policy/unlimited/default_US_export.policy

@@ -0,0 +1,6 @@
+// Default US Export policy file.
+
+grant {
+    // There is no restriction to any algorithms.
+    permission javax.crypto.CryptoAllPermission; 
+};

.local/bin/IPMIView/jre/conf/security/policy/unlimited/default_local.policy

@@ -0,0 +1,6 @@
+// Country-specific policy file for countries with no limits on crypto strength.
+
+grant {
+    // There is no restriction to any algorithms.
+    permission javax.crypto.CryptoAllPermission; 
+};

.local/bin/IPMIView/jre/conf/sound.properties

@@ -0,0 +1,39 @@
+############################################################
+#               Sound Configuration File
+############################################################
+#
+# This properties file is used to specify default service
+# providers for javax.sound.midi.MidiSystem and
+# javax.sound.sampled.AudioSystem.
+#
+# The following keys are recognized by MidiSystem methods:
+#
+# javax.sound.midi.Receiver
+# javax.sound.midi.Sequencer
+# javax.sound.midi.Synthesizer
+# javax.sound.midi.Transmitter
+#
+# The following keys are recognized by AudioSystem methods:
+#
+# javax.sound.sampled.Clip
+# javax.sound.sampled.Port
+# javax.sound.sampled.SourceDataLine
+# javax.sound.sampled.TargetDataLine
+#
+# The values specify the full class name of the service
+# provider, or the device name.
+#
+# See the class descriptions for details.
+#
+# Example 1:
+# Use MyDeviceProvider as default for SourceDataLines:
+# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider
+#
+# Example 2:
+# Specify the default Synthesizer by its name "InternalSynth".
+# javax.sound.midi.Synthesizer=#InternalSynth
+#
+# Example 3:
+# Specify the default Receiver by provider and name:
+# javax.sound.midi.Receiver=com.sun.media.sound.MidiProvider#SunMIDI1
+#