Amir Alexander Abdelbaki
45fd7e5d36
Introduces a FreeIPA host-group-driven policy system alongside a sudo rules management playbook: - ansipa-enforce-policies.sh: client-side enforcer (systemd timer, 30 min) - policy-block-binary-<name>: PATH-priority wrapper blocks the binary - policy-timeshift-backup: daily Timeshift snapshot cron (03:00) - policy-security-scan: daily ClamAV/rkhunter/chkrootkit cron (02:00) Policies are reversible — leaving a group removes enforcement on next run. - deploy-ansipa-policies.yml: deploys enforcer + systemd service/timer to clients - manage-sudo-rules.yml: creates FreeIPA sudo rules (allow_sudoers, allow_sudo_nopasswd) that SSSD clients already pick up via --sudo enrollment. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| Setup-shell-4-containers | ||
| archiso | ||
| deprecated | ||
| modules | ||
| arch-autoinstall.sh | ||
| archbaseos-guided-install.sh | ||
| audit-packages.sh | ||
| generate-answerfile.sh | ||
| install-modules.sh | ||
| install.sh | ||
| tui-install.sh | ||