I have a question in the Nutanix enviroment.
I need to change control for the ssh to CVM so that just some IPs can access to avoid some intrusion access.
I checked the <Nutanix security Guide> and there are some descriptopm in TCP Wrapper Integration, But after I changed the file of /etc/hosts.allow to include just the allowed IPs and CVM management subnet. But It will be changed to default after the cluster security config schedule(by default daily.)
Is it possible to change the sshd allow list to achieved this goal? there are security requreiments for the enviroment.
Best answer by Sergei IvanovView original
It is worked after tested in the enviroment. Thanks for your solution.
Thanks for your information, I also noted the file of /srv/salt/security/CVM/Network/hosts.allow description. So l will change the file and check whether it can be worked and update the result.
According to the Security Guide you will need to modify the following file:
If you modify only the /etc/hosts.allow, the Salt will overwrite it with the next run.