Jérémy Dubois
5adeaa31e1
Add a pf tag that we skip for subsequent use
...
continuous-integration/drone/push Build is failing
PacketFilter need to be customized only once, at the first use.
After that, pf.conf will be modified on the server for the needs of the
network. It must not be overwriten.
2020-10-14 09:40:59 +02:00
Jérémy Dubois
dc2707c004
Fix typo
continuous-integration/drone/push Build is failing
2020-10-13 16:16:52 +02:00
Jérémy Dubois
2bf8a7e872
Stricter ssh and doas access - better version
...
continuous-integration/drone/push Build is failing
Fix #34
We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.
I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Jérémy Dubois
a606230d93
We always need these Evolix vars_files which overwrite defaults values
continuous-integration/drone/push Build is failing
2020-10-13 16:01:16 +02:00
Tristan PILAT
b925a9f84d
Update CHANGELOG and bump to version 6.7.2
continuous-integration/drone/push Build is failing
2020-10-13 14:46:14 +02:00
Jérémy Dubois
7ddc1ab72f
Fix NRPE check file name
continuous-integration/drone/push Build is failing
2020-10-13 12:02:48 +02:00
Jérémy Dubois
a9ae1b57d4
Do not use litteral tab in configuration
...
Use "\t" instead of a litteral tab which can easily be broken. Also add a
deletion of line with spaces.
2020-10-13 12:01:18 +02:00
Jérémy Dubois
57acbd6091
Add jinja2 variable for PATH variable environment
2020-10-13 11:44:53 +02:00
Tristan Pilat
20e7f950be
Merge pull request 'Writing of collectd role' ( #28 ) from collectd into dev
...
continuous-integration/drone/push Build is failing
Reviewed-on: #28
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
2020-10-13 11:24:05 +02:00
Jérémy Dubois
11d3331958
Collectd role : deletion of collectd_plugin_exec variable
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
This variable had to be activated only if collectd_plugin_exec_ifq_drops or
collectd_plugin_exec_dns_stats was also activated, for some configuration to be
taken into account. I changed the role so that the configuration is
automatically taken into account if one of these two variables is activated.
2020-10-12 15:45:13 +02:00
Jérémy Dubois
7cc374ea9e
yamllint : indentation, trailing-spaces and truthy value
2020-10-12 15:26:45 +02:00
Jérémy Dubois
337e80b670
Writing of collectd role
2020-10-12 15:12:31 +02:00
Jérémy Dubois
6abf573fae
Merge pull request 'Customize fstab with noexec and softdep' ( #36 ) from customize_fstab into dev
...
continuous-integration/drone/push Build is failing
Reviewed-on: #36
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
2020-10-12 14:48:22 +02:00
Jérémy Dubois
a40e2b4750
Merge branch 'dev' into customize_fstab
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-12 14:47:02 +02:00
Jérémy Dubois
3255566edf
yamllint : disable rule:line-length for complete file evolixisation.yml
continuous-integration/drone/push Build is failing
2020-10-12 14:29:37 +02:00
Jérémy Dubois
6b7c7b80c4
yamllint
continuous-integration/drone/push Build is failing
2020-10-12 14:20:59 +02:00
Jérémy Dubois
bd22b0545b
sudoers configuration : the tab was broken
2020-10-12 14:16:00 +02:00
Jérémy Dubois
0615d3b555
Specify order of cron command in daily.local and fix full deletion of the cron
continuous-integration/drone/push Build is failing
2020-10-12 12:00:28 +02:00
Jérémy Dubois
c1f66a92e2
Fix add of multiple evobackup cron
...
continuous-integration/drone/push Build is failing
Do not add evobackup cron again if the same line
is already there but uncommented
2020-10-09 16:14:52 +02:00
Tristan Pilat
01158227eb
Merge pull request 'Force replacement of some NRPE checks' ( #33 ) from force_NRPE_checks_replacement into dev
...
continuous-integration/drone/push Build is failing
Reviewed-on: #33
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
2020-10-09 15:48:14 +02:00
Jérémy Dubois
92837424fb
Fix weird commits
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-09 15:35:23 +02:00
Jérémy Dubois
5fa8e0c9bb
Customize fstab with noexec and softdep
...
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:10 +02:00
Jérémy Dubois
bd4748b403
Customize root crontab and daily.local
...
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 15:21:09 +02:00
Jérémy Dubois
0a4e970ab8
Customize fstab with noexec and softdep
...
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:08 +02:00
Jérémy Dubois
4f201d3a73
Customize root crontab and daily.local
...
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 15:21:07 +02:00
Jérémy Dubois
e019b79723
yamllint + correction /tmp softdep
...
softdep is not added anymore if noexec is
already defined after rw
2020-10-09 15:21:06 +02:00
Jérémy Dubois
88df904282
Customize fstab with noexec and softdep
...
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:06 +02:00
Jérémy Dubois
c9d1bff1c6
Customize root crontab and daily.local
...
continuous-integration/drone/push Build is failing
Add custome PATH to root crontab
Add environment variable to daily.local
Add a "next_part" before the evocheck line in daily.local
2020-10-09 14:15:46 +02:00
Jérémy Dubois
fe0c7f6add
Import evocheck v.6.7.5
2020-10-09 14:15:14 +02:00
Jérémy Dubois
07d83d4994
Delete empty line - yamllint
continuous-integration/drone/push Build is failing
2020-10-09 10:45:23 +02:00
Jérémy Dubois
fa497b280e
Configure sudoers umask
...
continuous-integration/drone/push Build is failing
This configuration is checked by evocheck,
so it should be present by default
2020-10-08 15:42:52 +02:00
Jérémy Dubois
12b2f3d280
Delete evobackup root crontab replaced by daily.local cron
2020-10-08 15:39:50 +02:00
Jérémy Dubois
f97317b767
Better rc.local configuration
...
continuous-integration/drone/push Build is failing
Add line before the "echo '.'" line instead of the end
Delete old entry not precising the hostname if still there
2020-10-08 15:19:52 +02:00
Jérémy Dubois
b0f1f9c2ca
Fix OSPF role : add deletion of old log files
continuous-integration/drone/push Build is failing
2020-09-24 16:11:49 +02:00
Tristan PILAT
f4d9ec7359
New naming conventing based OpenBSD's one
continuous-integration/drone/push Build is failing
2020-09-10 11:58:25 +02:00
Tristan PILAT
070046b5ee
Add a CHANGELOG file
continuous-integration/drone/push Build is failing
2020-09-10 11:55:43 +02:00
Tristan PILAT
8ecaf81314
Update evocheck to 6.7.4
2020-09-10 11:55:43 +02:00
Tristan PILAT
a2aec3f4a6
Rewrite README.md file
2020-09-10 11:55:43 +02:00
Tristan PILAT
3f0b3cff1c
Update copyright to 2020
2020-09-10 11:55:43 +02:00
Jérémy Dubois
655099101c
LDAP script replace "ram0" name with "mem"
continuous-integration/drone/push Build is failing
2020-09-02 15:10:16 +02:00
Jérémy Dubois
04ffb90b0c
Add NRPE check unbound since OpenBSD use it more than bind
continuous-integration/drone/push Build is failing
2020-08-31 17:29:57 +02:00
Jérémy Dubois
5bc2d87000
Fix commit_etc_git.yml task author
...
continuous-integration/drone/push Build is failing
Author in two parts was considered as "author" + "<file>" instead of "author
<author>"
2020-08-26 09:50:05 +02:00
Jérémy Dubois
b586b1fafe
Write and deploy motd-carp-state.sh
...
continuous-integration/drone/push Build is failing
A script that checks the carp state and writes in the /etc/motd file if the
server is in backup or master state. Script is copied in /usr/share/scripts/
directory and a cron job is installed but disabled by default.
2020-08-25 17:57:22 +02:00
Jérémy Dubois
deafd82337
For local modifications of nrpe conf, use zzz_evolix.cfg instead of zzz-evolix.cfg which is buggy
continuous-integration/drone/push Build is failing
2020-08-21 15:26:32 +02:00
Jérémy Dubois
829df74567
ldap.sh : Fix computerOS and add case for HardwareSerial if computer is a VM
continuous-integration/drone/push Build is failing
2020-08-21 14:33:53 +02:00
Jérémy Dubois
d956d5c6ba
Import evocheck 6.7.3
continuous-integration/drone/push Build is failing
2020-07-31 14:32:44 +02:00
Jérémy Dubois
708ffcc538
Add packetfilter service and update other services version in LDIF creation for LDAP
continuous-integration/drone/push Build is failing
2020-07-29 14:52:46 +02:00
Jérémy Dubois
3a6cd20ab3
Configure the check_packetfilter in NRPE with doas
continuous-integration/drone/push Build is failing
2020-07-28 17:57:30 +02:00
Jérémy Dubois
5166977025
Change mode : make check_packetfilter.sh executable
continuous-integration/drone/push Build is failing
2020-07-28 17:47:01 +02:00
Jérémy Dubois
62515ca5b5
Add a new NRPE check : check_packetfilter
continuous-integration/drone/push Build is failing
2020-07-28 17:45:14 +02:00