The_miro
/
Dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Dotfiles/setup/modules/FreeipaAnsible/ansible
History
Amir Alexander Abdelbaki 11e66dbddd feat(freeipa): scan result reporting, alert notifications, and SMB share 
Container (ansipa image):
- Add samba + cronie to Dockerfile; expose ports 445/139
- ansipa-smb-setup.sh: idempotent setup of smbd + scanupload user +
  /data/scan-results/{archive,alerts}/ on every container start
- ansipa-smb.service: runs setup before smb.service on each boot
- ansipa-check-scans.sh: hourly cron on server; analyses archive logs for
  ClamAV/rkhunter/chkrootkit findings and writes <host>/<date>.alert files
- docker-compose.yml: add SMB_SCAN_PASSWORD env var + port mappings
- .env.example: document SMB_SCAN_PASSWORD

Client (policy-security-scan):
- Scan script now uploads log to //ipa-server/ansipa-scans/archive/<host>/
  via smbclient after each run

Client (policy-scan-notify — new policy group):
- ansipa-fetch-alerts.sh: root timer (10 min) downloads alerts from SMB into
  ~/administration/<hostname>/ for each active login session; deletes server
  alert when user removes local file (acknowledgment)
- ansipa-scan-notify.sh: user daemon started via /etc/profile.d/ansipa-notify.sh;
  sends notify-send every 10 min while *.alert files remain in ~/administration/
- deploy-ansipa-policies.yml: installs samba-client, deploys SMB creds file
  (/etc/ansipa-smb.creds, 0600), and deploys both notification scripts

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-05-20 12:32:21 +02:00
..
ansipa-enforce-policies.sh feat(freeipa): scan result reporting, alert notifications, and SMB share 2026-05-20 12:32:21 +02:00
ansipa-fetch-alerts.sh feat(freeipa): scan result reporting, alert notifications, and SMB share 2026-05-20 12:32:21 +02:00
ansipa-install-flatpaks.service setup: add FreeIPA Flatpak group installer (fp_install_* groups) 2026-05-18 11:52:27 +02:00
ansipa-install-flatpaks.sh setup: add FreeIPA Flatpak group installer (fp_install_* groups) 2026-05-18 11:52:27 +02:00
ansipa-install-flatpaks.timer setup: add FreeIPA Flatpak group installer (fp_install_* groups) 2026-05-18 11:52:27 +02:00
ansipa-install-modules.service setup: add freeipa-client module and FreeIPA group-based module automation 2026-05-18 11:40:51 +02:00
ansipa-install-modules.sh setup: add freeipa-client module and FreeIPA group-based module automation 2026-05-18 11:40:51 +02:00
ansipa-install-modules.timer setup: add freeipa-client module and FreeIPA group-based module automation 2026-05-18 11:40:51 +02:00
ansipa-install-packages.sh Add setup/modules/FreeipaAnsible/ansible/ansipa-install-packages.sh 2026-04-27 16:44:59 +02:00
ansipa-install.service Add setup/modules/FreeipaAnsible/ansible/ansipa-install.service 2026-04-27 16:44:01 +02:00
ansipa-install.timer Add setup/modules/FreeipaAnsible/ansible/ansipa-install.timer 2026-04-27 16:44:18 +02:00
ansipa-scan-notify.sh feat(freeipa): scan result reporting, alert notifications, and SMB share 2026-05-20 12:32:21 +02:00
auto-add-baseuser.sh Update setup/modules/FreeipaAnsible/ansible/auto-add-baseuser.sh 2026-04-27 16:37:39 +02:00
baseuser-sync.path Add setup/modules/FreeipaAnsible/ansible/baseuser-sync.path 2026-04-27 16:39:11 +02:00
baseuser-sync.service Add setup/modules/FreeipaAnsible/ansible/baseuser-sync.service 2026-04-27 16:38:37 +02:00
collect-luks-keys.yml ansible: add collect-luks-keys playbook for LUKS backup key archival 2026-05-18 15:25:05 +02:00
deploy-ansipa-install.yml setup: add FreeIPA Flatpak group installer (fp_install_* groups) 2026-05-18 11:52:27 +02:00
deploy-ansipa-modules.yml setup: add freeipa-client module and FreeIPA group-based module automation 2026-05-18 11:40:51 +02:00
deploy-ansipa-policies.yml feat(freeipa): scan result reporting, alert notifications, and SMB share 2026-05-20 12:32:21 +02:00
deploy-baseuser-sync.yml Add setup/modules/FreeipaAnsible/ansible/deploy-baseuser-sync.yml 2026-04-27 16:39:34 +02:00
manage-sudo-rules.yml feat(freeipa): add policy enforcement for binary blocking, backups, scans, and sudo 2026-05-20 11:34:09 +02:00