sovereign

Author	SHA1	Message	Date
Will McCutchen	1be1afe1ff	Disable SSL stapling on wheezy	9 years ago
Will McCutchen	16b66cc849	Define apache SSL config in one place	9 years ago
Alex Payne	b11fb68559	Automatically set up passwordless sudo for deploy user. Closes #343.	9 years ago
Aleksandr Bogdanov	a849948e8d	Choosing the closest ubuntu mirror before anything else	10 years ago
fengor	7ed46f590c	renamed templates to be consistent with coding standard. removed comment line in ssh_config	9 years ago
Marius Voila	ec69fef60c	removed old template	9 years ago
Marius Voila	2ae2c3683c	removed template and implemented logic	9 years ago
fengor	39566abb6c	More secure defaults for ssh. Ciphers, Kex and MAC can be set via defaults.var	9 years ago
Marius Voila	67e1bf0fc3	fail2ban support for Trusty	10 years ago
Marius Voila	e62bd7c71a	fail2ban support for Trusty	10 years ago
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	10 years ago
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	10 years ago
Joost Baaij	ae2e74bb79	make NTP pool configurable use the world-wide pool by default, but specify north-america in user.yml. Also, documentation. This way Sovereign will still behave the same, but the NTP servers can be changed when desired.	10 years ago
Joost Baaij	715399a2f1	added pop3s and imaps ports to fail2ban. Otherwise only pop and imap (un-secured) are blocked. Which we don't use.	10 years ago
Mark Paschal	10aff54015	Only ban in response to fail2ban results Don't mail them individually to the destemail. The destemail setting is thus no longer used, but let's set it anyway to be clear where it will mail if you change the action back.	11 years ago
Luke Cyca	e46ad018ba	Improved test suite, rewritten in python Added friendly_networks variable to denote whitelisted networks	11 years ago
Luke Cyca	b1a3b8b67d	Use discovered IPv4 address	11 years ago
Bertrand Cachet	f43c57e132	fix(apticron): apticron emails are sent to root Instead of sending email to {{ admin_email }} we send them to root user. These emails will be redirected to the appropriate user via mail_virtual_aliases variables	11 years ago
Bertrand Cachet	373cb4584b	add(apticron): configure email Apticron is configured to send email to {{ admin_email }}	11 years ago
Bertrand Cachet	df802919f7	add(fail2ban): Add server IP address to ignore IP ignoreip field inside /etc/fail2ban/jail.local is populated with server_ip_address variable	11 years ago
Luke Cyca	12d42ad38a	Configure sshd_config to disable PermitRootLogin and PasswordAuthentication	11 years ago
Luke Cyca	dfe8bd1cca	TODO for fail2ban ignoreip Removed your hardcoded server IP	11 years ago
Alex Payne	080d38986c	first commit	11 years ago

26 Commits (b674035d21853e8b0b1aecbe01f4c54e797e240a)