Terminating access to an OpenStack environment

From FnordWiki
Revision as of 07:23, 21 February 2015 by Adj (talk | contribs) (→‎keystone user accounts)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

keystone user accounts

keystone user-list
keystone user-password-update 0123456789abcdef0123456789abcdef  # that's the user's id from the user-list output.  New password will be prompted for.

host machines' firewalls

Linux systems

iptables -I INPUT -s RemoteUserCIDR -j REJECT

Windows

TBD

user accounts

Linux

passwd root    # change root's password
passwd -l username
chsh -s /usr/sbin/nologin USERNAME
cp -p ~root/.ssh/authorized_keys ~root/.ssh/authorized_keys- && cat /dev/null | tee ~root/.ssh/authorized_keys
Probably
  • Remove membership from any privileged groups
  • Remove any sudoers listings
  • Review cron and at jobs
  • Disable salt/puppet/chef/cfengine/whatever clients

Windows

Run lusrmgr.msc and disable user's account.

Retrieved from "https://wiki.fnord.greeley.co.us/mediawiki/index.php?title=Terminating_access_to_an_OpenStack_environment&oldid=711"