Hi
I have a question in the Nutanix enviroment.
I need to change control for the ssh to CVM so that just some IPs can access to avoid some intrusion access.
I checked the <Nutanix security Guide> and there are some descriptopm in TCP Wrapper Integration, But after I changed the file of /etc/hosts.allow to include just the allowed IPs and CVM management subnet. But It will be changed to default after the cluster security config schedule(by default daily.)
Is it possible to change the sshd allow list to achieved this goal? there are security requreiments for the enviroment.
thanks.
Best answer by Sergei Ivanov
According to the Security Guide you will need to modify the following file:
/srv/salt/security/CVM/network/hosts.allow
If you modify only the /etc/hosts.allow, the Salt will overwrite it with the next run.