66 Révisions (ca1d595b07799403578f41a997cebe3bd01f535b)

Auteur SHA1 Message Date
  Lorenzo Villani 5d1090d488 Make sure fail2ban is started il y a 10 ans
  Lorenzo Villani d5ecf673d3 Calm OCD by sorting almost every with_items block in alphabetical order il y a 10 ans
  Lorenzo Villani e7703d0d9c Add support for Apache 2.4 on Ubuntu 14.04 il y a 10 ans
  Lorenzo Villani e2e61a2f76 Install 'fuse' instead of 'fuse-utils' il y a 10 ans
  Sven Neuhaus 63ba754eb7 libpam-google-authenticator uses distribution package on Ubuntu 14.04 il y a 10 ans
  Gelnior 7995bac36c put back enc.fs (removed by mistake) il y a 10 ans
  Gelnior bd57edd5a5 newebe config: fix Newebe config file task il y a 10 ans
  Justin Plock 1d7986fd96 Enable UFW and deny everything by default il y a 10 ans
  Justin Plock ea0b288818
Moved ufw firewall rules into individual roles il y a 10 ans
  Justin Plock ed75c9469b
libpam-dev didn't exist for some people so switching to libpam0g-dev instead il y a 10 ans
  Justin Plock e88fb57cba
Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work. il y a 10 ans
  Justin Plock 2d751ab680
The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token il y a 10 ans
  Justin Plock c037dce07a
Clarified parameters are bit in a comment il y a 10 ans
  Justin Plock 22a8717f6d
Automatically generate the Google authenticator file for the default user il y a 10 ans
  Justin Plock 84c9febec7
Added Google Authenticator 2FA logins il y a 10 ans
  Justin Plock 89f018bd23
In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely. il y a 10 ans
  Justin Plock 9f918363b9
Set a ServerName for apache (fixes #187) il y a 10 ans
  Benjamin Reitzammer d957760697 Making main user's shell configurable il y a 10 ans
  Justin Plock 3b0308d69e Allow both TCP and UDP port 53 for DNS lookups through OpenVPN il y a 11 ans
  Joost Baaij ae2e74bb79 make NTP pool configurable il y a 11 ans
  Joost Baaij 4837d2e87a extract NTP logic il y a 11 ans
  Joost Baaij 715399a2f1 added pop3s and imaps ports to fail2ban. il y a 11 ans
  Joost Baaij 2033c37982 Enabled unattended-upgrades il y a 11 ans
  Joost Baaij 335cef5c9f Enabled POP3S for old-timeys who dig that il y a 11 ans
  Joshua Lund 4ed07a1e0a * Made the OpenVPN port and protocol (tcp/udp) configurable il y a 11 ans
  Mark Paschal 10aff54015 Only ban in response to fail2ban results il y a 11 ans
  Luke Cyca 4bc4cebf41 Explicit permissions for all cert files il y a 11 ans
  Luke Cyca 76d52b63f3 XMPP cert handling improvements, ufw rules, and tests il y a 11 ans
  Alex Payne f7f7157cec more updated variable formatting and accommodation of the YAML parser being a fussbudget il y a 11 ans
  Alex Payne 34d7595c0b ensure we can install from third-party repos across playbooks il y a 11 ans
  Alex Payne d28f0f82b9 move to non-deprecated template variable formatting il y a 11 ans
  Luke Cyca e46ad018ba Improved test suite, rewritten in python il y a 11 ans
  Luke Cyca 2f145ce543 Two small apache-related fixes il y a 11 ans
  Luke Cyca 08d6827755 New vagrant-based development environment il y a 11 ans
  Luke Cyca b1a3b8b67d Use discovered IPv4 address il y a 11 ans
  Luke Cyca 37a0400c22 Standardize apache’s 301 redirect to https, and enable HSTS il y a 11 ans
  Luke Cyca bdab1cd6b1 Reworked ufw logic to not use change_when keyword il y a 11 ans
  Allen Riddell 5b8ba840a4 workaround ufw bug, call ufw enable twice il y a 11 ans
  Allen Riddell ae0d1ca8f4 Ignore ufw error resulting from known bug on Debian 7 il y a 11 ans
  Luke Cyca 7043143f90 Improved idempotency and removed ip detection for checkrbl il y a 11 ans
  Allen Riddell 88705bb7fa Replace ferm with ufw il y a 11 ans
  Bertrand Cachet f43c57e132 fix(apticron): apticron emails are sent to root il y a 11 ans
  Bertrand Cachet 373cb4584b add(apticron): configure email il y a 11 ans
  Bertrand Cachet df802919f7 add(fail2ban): Add server IP address to ignore IP il y a 11 ans
  Alex Payne a9cabad947 Update etc_ferm_ferm.conf il y a 11 ans
  Allen Riddell 580e3ef5c1 Don't open unused ports il y a 11 ans
  Greg Karékinian 58dddc55d1 Remove variables from roles il y a 11 ans
  Luke Cyca c697e135e9 Move NameVirtualHost directives to ports.conf il y a 11 ans
  Alex Payne f27442b678 move tarsnap to its own role il y a 11 ans
  Luke Cyca 5beacea2d2 Absolute path for tarsnap il y a 11 ans