diff --git a/CHANGELOG b/CHANGELOG index 49f9757..d4cebc9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -9,182 +9,182 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added -- base: set the title of the terminal when connecting to a server -- base: import dump-server-state.sh script -- post-install: add a version number to motd-carp-state.sh -- nagios-nrpe: add a check dhcp_pool -- collectd: add dhcp_pool.pl script -- base: add a "next_part" before executing evobackup in daily.local file -- base: add update-evobackup-canary script -- base: session timeout is configurable -- add a update-utils.yml playbook to update scripts -- base: use a variable to define ntpd server -- base: add entry in doas.conf for sd0 in case we have a hard raid -- base: add munin files in newsyslog.conf by default -- nagios-nrpe: add some information in check_connections_state.sh check +* base: set the title of the terminal when connecting to a server +* base: import dump-server-state.sh script +* post-install: add a version number to motd-carp-state.sh +* nagios-nrpe: add a check dhcp_pool +* collectd: add dhcp_pool.pl script +* base: add a "next_part" before executing evobackup in daily.local file +* base: add update-evobackup-canary script +* base: session timeout is configurable +* add a update-utils.yml playbook to update scripts +* base: use a variable to define ntpd server +* base: add entry in doas.conf for sd0 in case we have a hard raid +* base: add munin files in newsyslog.conf by default +* nagios-nrpe: add some information in check_connections_state.sh check ### Changed -- accounts: use "evobsd_internal_group" for SSH authentication -- evocheck: imported version 22.03 -- base: zzz_evobackup upstream release 22.03 -- etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks -- etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible -- etc-git: add versioning for /usr/share/scripts -- nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state -- evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file -- pf: reorder some rules, more details on some comments -- update of tags for each tasks and ease the update of scripts -- evocheck: execute evocheck without --cron the first of the month -- etc-git: chmod 600 for local periodic files (daily, weekly, monthly) -- base: loop over fstab entries instead of copying the same task for each entries -- etc-git: do not erase custom entries of servers in .gitignore files -- nagios-nrpe: check_disk1 returns only alerts -- base: do not erase custom configuration of servers in doas.conf -- base: vmd and pass are not used in our infrastructure, deletion of autocompletion -- nagios-nrpe: do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore -- base: export evomaintenance and evobackup tasks into their own roles -- nagios-nrpe: multiples IP can now be checked with check_ipsecctl_critiques.sh +* accounts: use "evobsd_internal_group" for SSH authentication +* evocheck: imported version 22.03 +* base: zzz_evobackup upstream release 22.03 +* etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks +* etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible +* etc-git: add versioning for /usr/share/scripts +* nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state +* evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file +* pf: reorder some rules, more details on some comments +* update of tags for each tasks and ease the update of scripts +* evocheck: execute evocheck without --cron the first of the month +* etc-git: chmod 600 for local periodic files (daily, weekly, monthly) +* base: loop over fstab entries instead of copying the same task for each entries +* etc-git: do not erase custom entries of servers in .gitignore files +* nagios-nrpe: check_disk1 returns only alerts +* base: do not erase custom configuration of servers in doas.conf +* base: vmd and pass are not used in our infrastructure, deletion of autocompletion +* nagios-nrpe: do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore +* base: export evomaintenance and evobackup tasks into their own roles +* nagios-nrpe: multiples IP can now be checked with check_ipsecctl_critiques.sh ### Fixed -- base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history -- nagios-nrpe: handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh -- post-install: improve management of ldif file for ldap -- post-install: ignore errors from syspatch +* base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history +* nagios-nrpe: handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh +* post-install: improve management of ldif file for ldap +* post-install: ignore errors from syspatch ### Removed -- openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo +* openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo ## [21.12] - 2021-12-17 ### Changed -- Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly -- Use vim as default git editor -- Change version pattern and fix release scheme +* Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly +* Use vim as default git editor +* Change version pattern and fix release scheme ### Added -- Add a bioctl NRPE check for RAID devices +* Add a bioctl NRPE check for RAID devices ## [6.9.2] - 2021-10-15 ### Added -- Add a more complete ipsecctl check script -- Add doas configuration for check_openvpn_certificates.sh +* Add a more complete ipsecctl check script +* Add doas configuration for check_openvpn_certificates.sh ### Fixed -- Fix check_dhcpd for dhcpd server themselves: use back check_procs -c1: -C dhcpd -- Fix check_mailq: check from monitoring-plugins current version is not compatible with opensmtpd +* Fix check_dhcpd for dhcpd server themselves: use back check_procs -c1: -C dhcpd +* Fix check_mailq: check from monitoring-plugins current version is not compatible with opensmtpd ## [6.9.1] - 2021-07-19 ### Added -- Configure the ntpd.conf file +* Configure the ntpd.conf file ## [6.9.0] - 2021-05-06 ### Changed -- Remove the variable VERBOSESTATUS in daily.local configuration file since it is no longer valid. +* Remove the variable VERBOSESTATUS in daily.local configuration file since it is no longer valid. ## [6.8.3] - 2021-02-15 ### Added -- Add a customization of the logsentry configuration -- Add a check_openvpn_certificates in NRPE and OpenVPN role to check expiration date of server CA and certificates files +* Add a customization of the logsentry configuration +* Add a check_openvpn_certificates in NRPE and OpenVPN role to check expiration date of server CA and certificates files ### Fixed -- Fix the check_mem command in the NRPE role, precising the percentage sign for it not to check the memory in MB. -- Fix the check_mem script in the NRPE role, adding cached RAM as free RAM -- Fix motd-carp-state.sh by updating the OpenBSD release in our customized motd after an upgrade +* Fix the check_mem command in the NRPE role, precising the percentage sign for it not to check the memory in MB. +* Fix the check_mem script in the NRPE role, adding cached RAM as free RAM +* Fix motd-carp-state.sh by updating the OpenBSD release in our customized motd after an upgrade ### Changed -- The PF role now use a variable for trusted IPs +* The PF role now use a variable for trusted IPs ## [6.8.2] - 2020-10-30 ### Added -- Add a Logsentry role +* Add a Logsentry role ## [6.8.1] - 2020-10-26 ### Fixed -- Fix a task using a register where simple quotes prevented the register to be properly filled, breaking the following task +* Fix a task using a register where simple quotes prevented the register to be properly filled, breaking the following task ## [6.8.0] - 2020-10-23 ### Added -- Add a PF tag to be able to skip that part when rerunning EvoBSD -- Add a doas authorization for NRPE check_ipsecctl_critiques +* Add a PF tag to be able to skip that part when rerunning EvoBSD +* Add a doas authorization for NRPE check_ipsecctl_critiques ### Changed -- The task mail.yml replace the former boot/reboot message only if it is untouched -- Replace the variable used to set the email address in etc-git role - now using inventory_hostname -- Not checking syspatch when OpenBSD <= 6.1 -- Amend fstab file adding noatime option to each entrie -- Import evocheck v.6.7.7 -- Comment NRPE checks that cannot be used as is +* The task mail.yml replace the former boot/reboot message only if it is untouched +* Replace the variable used to set the email address in etc-git role - now using inventory_hostname +* Not checking syspatch when OpenBSD <= 6.1 +* Amend fstab file adding noatime option to each entrie +* Import evocheck v.6.7.7 +* Comment NRPE checks that cannot be used as is ### Fixed -- Add the creation of the NRPE plugins directory in nagios-nrpe role -- Add collectd doas rights in the base role to avoid broking anything if EvoBSD is rerun without the collectd role included -- Do not add the motd cron if the same line is already there but uncommented -- Amend fstab entries only when the filesystem is ffs +* Add the creation of the NRPE plugins directory in nagios-nrpe role +* Add collectd doas rights in the base role to avoid broking anything if EvoBSD is rerun without the collectd role included +* Do not add the motd cron if the same line is already there but uncommented +* Amend fstab entries only when the filesystem is ffs ## [6.7.2] - 2020-10-13 ### Added -- Now handling deletion of evobackup crontab (replaced by daily.local cron) -- Customize fstab with noexec and softdep -- Collectd role +* Now handling deletion of evobackup crontab (replaced by daily.local cron) +* Customize fstab with noexec and softdep +* Collectd role ### Changed -- Improve rc.local file configuration -- Update evocheck to version 6.7.5 -- Hide default daily output mail content (VERBOSESTATUS=0) -- Add deletion of old log files in the OSPF role +* Improve rc.local file configuration +* Update evocheck to version 6.7.5 +* Hide default daily output mail content (VERBOSESTATUS=0) +* Add deletion of old log files in the OSPF role ### Fixed -- Fix duplicate evobackup cron if the entry is uncommented in daily.local +* Fix duplicate evobackup cron if the entry is uncommented in daily.local ## [6.7.1] - 2020-09-10 ### Added -- Add completions functions in root's profile dotfile -- Add check_connections_state.sh NRPE plugin -- Add an evocheck role -- Add stricter ssh and doas access -- Add an openvpn role -- Add an OpenBGPd NRPE plugin -- Add ospf and bgp roles -- Add an unbound NRPE check since it is part of the base system -- Add a motd-carp-state.sh script that checks the carp state and generates the /etc/motd file +* Add completions functions in root's profile dotfile +* Add check_connections_state.sh NRPE plugin +* Add an evocheck role +* Add stricter ssh and doas access +* Add an openvpn role +* Add an OpenBGPd NRPE plugin +* Add ospf and bgp roles +* Add an unbound NRPE check since it is part of the base system +* Add a motd-carp-state.sh script that checks the carp state and generates the /etc/motd file ### Changed -- Disable sndiod since it is not required on serveurs -- Replace sudo with doas for script executions -- Update evomaintenance version to 0.6.3 -- Disable mouse function in vim configuration -- Drop openup since syspatch can apply stable patches now -- Update evobackup script -- Rewrite newsyslog configuration -- Drop postgresql-client package since evomaintenance use an API now +* Disable sndiod since it is not required on serveurs +* Replace sudo with doas for script executions +* Update evomaintenance version to 0.6.3 +* Disable mouse function in vim configuration +* Drop openup since syspatch can apply stable patches now +* Update evobackup script +* Rewrite newsyslog configuration +* Drop postgresql-client package since evomaintenance use an API now