sovereign

Graphique des révisions

Auteur	SHA1	Message	Date
Brett Haines	eddcdd7993	Updating fail2ban jail list	il y a 6 ans
Tomas Bedrich	3efc7ae54e	Allowed SSH agent forwarding when using sudo	il y a 7 ans
Tomas Bedrich	7a399d45ca	Fix SSH connections to Github	il y a 8 ans
Dosenpfand	f2c14dd911	Remove unneeded/deprecated apache configuration	il y a 8 ans
Carl Meyer	60855eda70	Fix typo in fail2ban config for dovecot.	il y a 8 ans
Mike Ashley	4a33ebecdc	Add non-interactive to LE client options Depending on when the client is run, there are no certificates to update. By default, the client runs in interactive mode and wants to notify the user of this. This causes Ansible to hang waiting for an acknowledgement that will never come. Adding the non-interactive flag fixes this.	il y a 8 ans
Carl Meyer	b93deb9411	Remove stray + prefix in sudoers file.	il y a 8 ans
Mike Ashley	2ad6f78e45	Address incomplete chain error Fix Apache's configuration for version 2.4.8 and above. See https://community.letsencrypt.org/t/untrusted-on-mobile-newbe/7903	il y a 8 ans
Mike Ashley	7bb523950e	Draft design description for Let's Encrypt support	il y a 8 ans
Mike Ashley	8e1d473027	Use Let's Encrypt for generating site certificates This method uses Subjective Alternative Names (SANs) to get one certificate for all the subdomains that Sovereign employs, whether or not the user configured their site with the roles.	il y a 8 ans
Mike Ashley	195d8811fc	Remove references to Trusty and Wheezy Make a clean distinction between Debian 7 and Debian 8. Anticipate the next Ubuntu LTS release (Xenial) that is planned for support.	il y a 8 ans
Mike Ashley	d3abc02f84	Clean up Apache SSL configuration Avoid using the Include directive. Move most of the SSL configuration to the global configuration and leave enabling the SSL engine to each virtual host that wants to use it.	il y a 8 ans
fengor	e63661f982	Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778 see: http://undeadly.org/cgi?action=article&sid=2016011414	il y a 8 ans
fengor	b368984641	Added "UseRoaming no" to ssh.config to fix OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778 see: http://undeadly.org/cgi?action=article&sid=2016011414	il y a 8 ans
Alex Payne	290a3b4312	Remove wheezy-specific Apache SSL config omission	il y a 8 ans
Will McCutchen	1be1afe1ff	Disable SSL stapling on wheezy	il y a 9 ans
Will McCutchen	16b66cc849	Define apache SSL config in one place	il y a 9 ans
Alex Payne	b11fb68559	Automatically set up passwordless sudo for deploy user. Closes #343.	il y a 9 ans
Aleksandr Bogdanov	a849948e8d	Choosing the closest ubuntu mirror before anything else	il y a 9 ans
fengor	7ed46f590c	renamed templates to be consistent with coding standard. removed comment line in ssh_config	il y a 9 ans
Marius Voila	ec69fef60c	removed old template	il y a 9 ans
Marius Voila	2ae2c3683c	removed template and implemented logic	il y a 9 ans
fengor	39566abb6c	More secure defaults for ssh. Ciphers, Kex and MAC can be set via defaults.var	il y a 9 ans
Marius Voila	67e1bf0fc3	fail2ban support for Trusty	il y a 9 ans
Marius Voila	e62bd7c71a	fail2ban support for Trusty	il y a 9 ans
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	il y a 10 ans
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	il y a 10 ans
Joost Baaij	ae2e74bb79	make NTP pool configurable use the world-wide pool by default, but specify north-america in user.yml. Also, documentation. This way Sovereign will still behave the same, but the NTP servers can be changed when desired.	il y a 10 ans
Joost Baaij	715399a2f1	added pop3s and imaps ports to fail2ban. Otherwise only pop and imap (un-secured) are blocked. Which we don't use.	il y a 10 ans
Mark Paschal	10aff54015	Only ban in response to fail2ban results Don't mail them individually to the destemail. The destemail setting is thus no longer used, but let's set it anyway to be clear where it will mail if you change the action back.	il y a 10 ans
Luke Cyca	e46ad018ba	Improved test suite, rewritten in python Added friendly_networks variable to denote whitelisted networks	il y a 10 ans
Luke Cyca	b1a3b8b67d	Use discovered IPv4 address	il y a 10 ans
Bertrand Cachet	f43c57e132	fix(apticron): apticron emails are sent to root Instead of sending email to {{ admin_email }} we send them to root user. These emails will be redirected to the appropriate user via mail_virtual_aliases variables	il y a 10 ans
Bertrand Cachet	373cb4584b	add(apticron): configure email Apticron is configured to send email to {{ admin_email }}	il y a 10 ans
Bertrand Cachet	df802919f7	add(fail2ban): Add server IP address to ignore IP ignoreip field inside /etc/fail2ban/jail.local is populated with server_ip_address variable	il y a 10 ans
Luke Cyca	12d42ad38a	Configure sshd_config to disable PermitRootLogin and PasswordAuthentication	il y a 10 ans
Luke Cyca	dfe8bd1cca	TODO for fail2ban ignoreip Removed your hardcoded server IP	il y a 10 ans
Alex Payne	080d38986c	first commit	il y a 11 ans

41 Révisions (eddcdd7993861a8669a79087fa0993225ff0248a)