Dustin C. Hatch
0d30e54fd5
Normal users do not need shell access to the file server, and certainly should not be allowed to e.g. forward ports through it. Using a `Match` block, we can apply restrictions to users who do not need administrative functionality. In this case, we restrict everyone who is not a member of the *Server Admins* group in the PYROCUFFLINK AD domain.
8 lines
151 B
YAML
8 lines
151 B
YAML
- name: save firewalld configuration
|
|
command: firewall-cmd --runtime-to-permanent
|
|
|
|
- name: reload sshd
|
|
service:
|
|
name: sshd
|
|
state: reloaded
|