The_miro
/
Dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Dotfiles/setup/modules
History
Amir Alexander Abdelbaki 45fd7e5d36 feat(freeipa): add policy enforcement for binary blocking, backups, scans, and sudo 
Introduces a FreeIPA host-group-driven policy system alongside a sudo
rules management playbook:

- ansipa-enforce-policies.sh: client-side enforcer (systemd timer, 30 min)
  - policy-block-binary-<name>: PATH-priority wrapper blocks the binary
  - policy-timeshift-backup: daily Timeshift snapshot cron (03:00)
  - policy-security-scan: daily ClamAV/rkhunter/chkrootkit cron (02:00)
  Policies are reversible — leaving a group removes enforcement on next run.

- deploy-ansipa-policies.yml: deploys enforcer + systemd service/timer to clients

- manage-sudo-rules.yml: creates FreeIPA sudo rules (allow_sudoers,
  allow_sudo_nopasswd) that SSSD clients already pick up via --sudo enrollment.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-05-20 11:34:09 +02:00
..
Desktop-Environments fixed theming issues 2026-05-19 14:39:29 +02:00
FreeipaAnsible feat(freeipa): add policy enforcement for binary blocking, backups, scans, and sudo 2026-05-20 11:34:09 +02:00
optional-Modules feat(setup): add anti-malware module with freshclam cron job 2026-05-19 19:58:35 +02:00
core-packages.sh setup: add browser/IDE modules and lynx to core packages 2026-05-18 14:23:43 +02:00
core.sh added udiskie 2025-11-27 18:04:00 +01:00
package-managers.sh setup: fix module scripts and add TUI installer 2026-05-08 10:27:43 +02:00
shell-setup.sh fix(nvim): place airline cyberqueer theme inside rtp so it is auto-discovered 2026-05-19 08:59:50 +02:00