Dotfiles

Commit Graph

Author	SHA1	Message	Date
Amir Alexander Abdelbaki	11e66dbddd	feat(freeipa): scan result reporting, alert notifications, and SMB share Container (ansipa image): - Add samba + cronie to Dockerfile; expose ports 445/139 - ansipa-smb-setup.sh: idempotent setup of smbd + scanupload user + /data/scan-results/{archive,alerts}/ on every container start - ansipa-smb.service: runs setup before smb.service on each boot - ansipa-check-scans.sh: hourly cron on server; analyses archive logs for ClamAV/rkhunter/chkrootkit findings and writes <host>/<date>.alert files - docker-compose.yml: add SMB_SCAN_PASSWORD env var + port mappings - .env.example: document SMB_SCAN_PASSWORD Client (policy-security-scan): - Scan script now uploads log to //ipa-server/ansipa-scans/archive/<host>/ via smbclient after each run Client (policy-scan-notify — new policy group): - ansipa-fetch-alerts.sh: root timer (10 min) downloads alerts from SMB into ~/administration/<hostname>/ for each active login session; deletes server alert when user removes local file (acknowledgment) - ansipa-scan-notify.sh: user daemon started via /etc/profile.d/ansipa-notify.sh; sends notify-send every 10 min while *.alert files remain in ~/administration/ - deploy-ansipa-policies.yml: installs samba-client, deploys SMB creds file (/etc/ansipa-smb.creds, 0600), and deploys both notification scripts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-20 12:32:21 +02:00

Author

SHA1

Message

Date

Amir Alexander Abdelbaki

11e66dbddd

feat(freeipa): scan result reporting, alert notifications, and SMB share

Container (ansipa image):
- Add samba + cronie to Dockerfile; expose ports 445/139
- ansipa-smb-setup.sh: idempotent setup of smbd + scanupload user +
  /data/scan-results/{archive,alerts}/ on every container start
- ansipa-smb.service: runs setup before smb.service on each boot
- ansipa-check-scans.sh: hourly cron on server; analyses archive logs for
  ClamAV/rkhunter/chkrootkit findings and writes <host>/<date>.alert files
- docker-compose.yml: add SMB_SCAN_PASSWORD env var + port mappings
- .env.example: document SMB_SCAN_PASSWORD

Client (policy-security-scan):
- Scan script now uploads log to //ipa-server/ansipa-scans/archive/<host>/
  via smbclient after each run

Client (policy-scan-notify — new policy group):
- ansipa-fetch-alerts.sh: root timer (10 min) downloads alerts from SMB into
  ~/administration/<hostname>/ for each active login session; deletes server
  alert when user removes local file (acknowledgment)
- ansipa-scan-notify.sh: user daemon started via /etc/profile.d/ansipa-notify.sh;
  sends notify-send every 10 min while *.alert files remain in ~/administration/
- deploy-ansipa-policies.yml: installs samba-client, deploys SMB creds file
  (/etc/ansipa-smb.creds, 0600), and deploys both notification scripts

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-20 12:32:21 +02:00

1 Commits (6f2b24c51a6ec8cf9d9409fe580160e0ef3640ca)