214 commits

Author	SHA1	Message	Date
Jérémy Dubois	14ec1ca13b	Shifting check carp number to match the interface number	2021-07-16 11:27:44 +02:00
Jérémy Dubois	3fc1dabec4	check_openvpn_certificates.sh : fix conf_file var definition ... Sometimes, OpenVPN run multiples processes	2021-06-10 16:15:35 +02:00
Jérémy Dubois	8cd6b0bda6	Import last version of zzz_evobackup and evocheck.sh scripts	2021-05-25 21:09:23 +02:00
Jérémy Dubois	f8a9a86bdd	Added info on possible causes of error for openvpn check	2021-05-25 15:19:06 +02:00
Jérémy Dubois	a0f8339705	Change evomaintenance files mode	2021-05-17 11:36:36 +02:00
Tristan Pilat	1364451198	Following the release of OpenBSD 6.9, the VERBOSESTATUS variable is no longer valid in the daily.local configuration file	2021-05-06 15:03:37 +02:00
Jérémy Dubois	2dae2d1ae4	Fix typo	2021-02-15 18:56:24 +01:00
Jérémy Dubois	b3496692b2	Fix motd-carp-state.sh ... Update the OpenBSD release in our customized motd	2021-02-15 18:25:52 +01:00
Jérémy Dubois	54455a63df	Fix check_free_mem.sh : cached RAM now is free RAM	2021-02-15 17:30:25 +01:00
Jérémy Dubois	d7a427bd7f	check_openvpn_certificates.sh : fix date format	2021-02-08 17:29:46 +01:00
Jérémy Dubois	0c55f87727	Update CHANGELOG and add a check_openvpn_certificates	2021-02-08 16:30:05 +01:00
Jérémy Dubois	60103070f2	Fix NRPE check_mem ... The percentage sign must be precised. Without it, the check is done checking the memory in MB.	2021-02-03 11:57:47 +01:00
Jérémy Dubois	7f5627f6bd	Import last version of zzz_evobackup file	2021-01-07 09:48:38 +01:00
Jérémy Dubois	55745e1a62	nagios-nrpe role : change variables name	2020-12-10 19:36:00 +01:00
Jérémy Dubois	8a2111561f	Improve PacketFilter role ... Replace hards IP with variable Add a README file	2020-12-10 19:23:18 +01:00
Tristan PILAT	48ea75957d	Add new exceptions to Logsentry ignore files	2020-12-02 17:45:38 +01:00
Tristan PILAT	7d24b11fa9	Add tasks to copy customized configuration files	2020-11-24 16:27:29 +01:00
Tristan PILAT	6782746f3c	Add customized logsentry configuration	2020-11-24 16:26:02 +01:00
Jérémy Dubois	389f1a8eae	Import last zzz_evobackup file version	2020-11-16 11:24:47 +01:00
Jérémy Dubois	8cddc5e9ae	Fix logsentry.sh file name in task	2020-10-30 10:49:23 +01:00
Tristan PILAT	d84fc581d8	Add a new role - Logsentry is a tool that scans system logs to report suspicious/unusual activity	2020-10-30 10:06:36 +01:00
Jérémy Dubois	e9a1373a30	Add file to .gitignore ... This file is frequently updated after a user connection to OpenVPN, so we do not want to track it.	2020-10-27 11:05:46 +01:00
Jérémy Dubois	9a07552731	Import last zzz_evobackup file version	2020-10-27 10:45:11 +01:00
Jérémy Dubois	381aa50e37	Deletion of simple quotes preventing the task to be correctly executed	2020-10-26 16:40:53 +01:00
Jérémy Dubois	6613c70446	Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7" ... This reverts commit 4012a014ce. Versions older than 5.7 are … old. We do not handle versions that old.	2020-10-23 10:17:12 +02:00
Jérémy Dubois	a26d6e13cb	yamllint line-lenght and empty-line	2020-10-23 10:15:57 +02:00
Jérémy Dubois	f648f332dd	Import 6.7.7 evocheck version	2020-10-22 18:18:28 +02:00
Jérémy Dubois	4012a014ce	Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7	2020-10-22 11:52:54 +02:00
Jérémy Dubois	4db9d006a2	Allow evolinux-sudo group to sudo ... evolinux-sudo group can already use doas, it should also be allowed to use sudo	2020-10-22 11:28:06 +02:00
Jérémy Dubois	d7701d32da	Comment on checks that cannot be used as is - v3	2020-10-22 10:34:13 +02:00
Jérémy Dubois	42f5d2c10e	Add "create; true" to other task, needed when running in check mode	2020-10-21 15:47:23 +02:00
Jérémy Dubois	44d145e33b	Add "create; true" to task, needed when running in check mode	2020-10-21 10:52:39 +02:00
Jérémy Dubois	5ef4a403d2	We should be able to execute evomaintence.sh as soon as we can SSH to the server	2020-10-20 15:57:35 +02:00
Jérémy Dubois	9eeba0c0ab	Add a doas authorization for NRPE	2020-10-20 15:10:12 +02:00
Jérémy Dubois	78686b8730	Stricter ssh and doas access - two separate groups actually needed ... Fix #34 again After some discussions, with actually need two separates groups : - One group for ssh access (evobsd_ssh_group) - One group for sudo/doas access (evobsd_sudo_group) We won't need any client group. A client user will be added to the ssh group, so that we won't have to think about what specific group a user need to be added in.	2020-10-15 11:01:52 +02:00
Jérémy Dubois	4a0e552691	Import evocheck v.6.7.6	2020-10-15 10:21:02 +02:00
Jérémy Dubois	a7b96d9f67	Fstab : we now also add noatime to each partitions	2020-10-15 09:57:02 +02:00
Jérémy Dubois	4c902eda5a	Fstab : change only ffs file system	2020-10-14 18:05:29 +02:00
Jérémy Dubois	4610661299	Fix add of multiple motd cron ... Do not add motd cron again if the same line is already there but uncommented	2020-10-14 17:39:23 +02:00
Jérémy Dubois	ff1f728102	Doas authorization for collectd ... We put the doas authorization for collectd in the global file and we let it if collectd is not there, because otherwise the authorization would be removed if the base role was run without the collectd role, even if collectd was still running. Collectd would have been broken.	2020-10-14 17:39:23 +02:00
Jérémy Dubois	cc80aefac7	NRPE plugins dir was not created	2020-10-14 17:39:23 +02:00
Jérémy Dubois	6dd4b6b8aa	Syspatch is not available before OpenBSD 6.1	2020-10-14 17:39:23 +02:00
Jérémy Dubois	556d98c170	Variable ansible_fqdn is often not the name of the server	2020-10-14 17:39:23 +02:00
Jérémy Dubois	7ecf7be4a4	Do not remove line that would have a customized subject	2020-10-14 17:39:09 +02:00
Jérémy Dubois	213e4a7bcd	Comment on checks that cannot be used as is - v2	2020-10-14 14:55:10 +02:00
Jérémy Dubois	592a2f8337	Comment on checks that cannot be used as is	2020-10-14 12:25:55 +02:00
Jérémy Dubois	68586d6450	Fstab role : do not change lines beggining with "#"	2020-10-14 12:14:58 +02:00
Jérémy Dubois	37ec518850	The pf_states NRPE check does not contain any variable, it can be in files folder	2020-10-14 12:13:52 +02:00
Jérémy Dubois	5adeaa31e1	Add a pf tag that we skip for subsequent use ... PacketFilter need to be customized only once, at the first use. After that, pf.conf will be modified on the server for the needs of the network. It must not be overwriten.	2020-10-14 09:40:59 +02:00
Jérémy Dubois	dc2707c004	Fix typo	2020-10-13 16:16:52 +02:00
Jérémy Dubois	2bf8a7e872	Stricter ssh and doas access - better version ... Fix #34 We now use a unique evobsd_group (evolix by default). Each user has 2 groups : evobsd_group and user.name. Only evobsd_group can ssh to server and use doas. I also added a password restrictions block for IPs/group. And we make sure the home folder is only readable by owner.	2020-10-13 16:03:54 +02:00
Jérémy Dubois	7ddc1ab72f	Fix NRPE check file name	2020-10-13 12:02:48 +02:00
Jérémy Dubois	a9ae1b57d4	Do not use litteral tab in configuration ... Use "\t" instead of a litteral tab which can easily be broken. Also add a deletion of line with spaces.	2020-10-13 12:01:18 +02:00
Jérémy Dubois	57acbd6091	Add jinja2 variable for PATH variable environment	2020-10-13 11:44:53 +02:00
Jérémy Dubois	11d3331958	Collectd role : deletion of collectd_plugin_exec variable ... This variable had to be activated only if collectd_plugin_exec_ifq_drops or collectd_plugin_exec_dns_stats was also activated, for some configuration to be taken into account. I changed the role so that the configuration is automatically taken into account if one of these two variables is activated.	2020-10-12 15:45:13 +02:00
Jérémy Dubois	7cc374ea9e	yamllint : indentation, trailing-spaces and truthy value	2020-10-12 15:26:45 +02:00
Jérémy Dubois	337e80b670	Writing of collectd role	2020-10-12 15:12:31 +02:00
Jérémy Dubois	a40e2b4750	Merge branch 'dev' into customize_fstab	2020-10-12 14:47:02 +02:00
Jérémy Dubois	6b7c7b80c4	yamllint	2020-10-12 14:20:59 +02:00
Jérémy Dubois	bd22b0545b	sudoers configuration : the tab was broken	2020-10-12 14:16:00 +02:00
Jérémy Dubois	0615d3b555	Specify order of cron command in daily.local and fix full deletion of the cron	2020-10-12 12:00:28 +02:00
Jérémy Dubois	c1f66a92e2	Fix add of multiple evobackup cron ... Do not add evobackup cron again if the same line is already there but uncommented	2020-10-09 16:14:52 +02:00
Tristan Pilat	01158227eb	Merge pull request 'Force replacement of some NRPE checks' (#33) from force_NRPE_checks_replacement into dev ... Reviewed-on: #33 Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>	2020-10-09 15:48:14 +02:00
Jérémy Dubois	92837424fb	Fix weird commits	2020-10-09 15:35:23 +02:00
Jérémy Dubois	5fa8e0c9bb	Customize fstab with noexec and softdep ... Add softdep to each partitions Add noexec to /tmp and remount it if necessary	2020-10-09 15:21:10 +02:00
Jérémy Dubois	bd4748b403	Customize root crontab and daily.local ... Add custome PATH to root crontab Add environment variable to daily.local Add a "next_part" before the evocheck line in daily.local	2020-10-09 15:21:09 +02:00
Jérémy Dubois	0a4e970ab8	Customize fstab with noexec and softdep ... Add softdep to each partitions Add noexec to /tmp and remount it if necessary	2020-10-09 15:21:08 +02:00
Jérémy Dubois	4f201d3a73	Customize root crontab and daily.local ... Add custome PATH to root crontab Add environment variable to daily.local Add a "next_part" before the evocheck line in daily.local	2020-10-09 15:21:07 +02:00
Jérémy Dubois	e019b79723	yamllint + correction /tmp softdep ... softdep is not added anymore if noexec is already defined after rw	2020-10-09 15:21:06 +02:00
Jérémy Dubois	88df904282	Customize fstab with noexec and softdep ... Add softdep to each partitions Add noexec to /tmp and remount it if necessary	2020-10-09 15:21:06 +02:00
Jérémy Dubois	c9d1bff1c6	Customize root crontab and daily.local ... Add custome PATH to root crontab Add environment variable to daily.local Add a "next_part" before the evocheck line in daily.local	2020-10-09 14:15:46 +02:00
Jérémy Dubois	fe0c7f6add	Import evocheck v.6.7.5	2020-10-09 14:15:14 +02:00
Jérémy Dubois	07d83d4994	Delete empty line - yamllint	2020-10-09 10:45:23 +02:00
Jérémy Dubois	fa497b280e	Configure sudoers umask ... This configuration is checked by evocheck, so it should be present by default	2020-10-08 15:42:52 +02:00
Jérémy Dubois	12b2f3d280	Delete evobackup root crontab replaced by daily.local cron	2020-10-08 15:39:50 +02:00
Jérémy Dubois	f97317b767	Better rc.local configuration ... Add line before the "echo '.'" line instead of the end Delete old entry not precising the hostname if still there	2020-10-08 15:19:52 +02:00
Jérémy Dubois	b0f1f9c2ca	Fix OSPF role : add deletion of old log files	2020-09-24 16:11:49 +02:00
Tristan PILAT	8ecaf81314	Update evocheck to 6.7.4	2020-09-10 11:55:43 +02:00
Jérémy Dubois	655099101c	LDAP script replace "ram0" name with "mem"	2020-09-02 15:10:16 +02:00
Jérémy Dubois	04ffb90b0c	Add NRPE check unbound since OpenBSD use it more than bind	2020-08-31 17:29:57 +02:00
Jérémy Dubois	b586b1fafe	Write and deploy motd-carp-state.sh ... A script that checks the carp state and writes in the /etc/motd file if the server is in backup or master state. Script is copied in /usr/share/scripts/ directory and a cron job is installed but disabled by default.	2020-08-25 17:57:22 +02:00
Jérémy Dubois	deafd82337	For local modifications of nrpe conf, use zzz_evolix.cfg instead of zzz-evolix.cfg which is buggy	2020-08-21 15:26:32 +02:00
Jérémy Dubois	829df74567	ldap.sh : Fix computerOS and add case for HardwareSerial if computer is a VM	2020-08-21 14:33:53 +02:00
Jérémy Dubois	d956d5c6ba	Import evocheck 6.7.3	2020-07-31 14:32:44 +02:00
Jérémy Dubois	708ffcc538	Add packetfilter service and update other services version in LDIF creation for LDAP	2020-07-29 14:52:46 +02:00
Jérémy Dubois	3a6cd20ab3	Configure the check_packetfilter in NRPE with doas	2020-07-28 17:57:30 +02:00
Jérémy Dubois	5166977025	Change mode : make check_packetfilter.sh executable	2020-07-28 17:47:01 +02:00
Jérémy Dubois	62515ca5b5	Add a new NRPE check : check_packetfilter	2020-07-28 17:45:14 +02:00
Jérémy Dubois	cdc811b3de	New NRPE check : check_packetfilter	2020-07-28 17:43:24 +02:00
Jérémy Dubois	05898cc188	Change NTP check host	2020-07-21 14:12:45 +02:00
Jérémy Dubois	c6e55ea4c0	Correct yamllint : spaces inside braces	2020-07-09 16:09:19 +02:00
Jérémy Dubois	5c11472e9a	Force replacement of some NRPE checks ... We cannot simply put "force: true" because some checks are customizable, some are not. We do not force to replace customizable ones for the customizations not to be lost.	2020-07-09 15:44:25 +02:00
Jérémy Dubois	30c1b70e2b	Modified openbgpd check to be in NRPE critical state when BGPD is not running	2020-07-08 17:28:12 +02:00
Jérémy Dubois	3dd9e461c4	Corrects yaml line break. ... Indentation is not allowed and breaks the tasks.	2020-07-02 16:40:17 +02:00
Jérémy Dubois	dedbdf9822	Added a package needed for the OpenVPN check and changed the default location of the checks	2020-06-23 15:38:21 +02:00
Jérémy Dubois	593df07f09	We do not net postgresql-client anymore ... We now use an API for evomaintenance instead of a direct call to postgresql	2020-06-16 17:17:20 +02:00
Jérémy Dubois	87d0c8aca4	We do not use pfstatd anymore	2020-06-16 17:16:55 +02:00
Patrick Marchand	9f378fc1f9	Misunderstood syntax for unordered lists in markdown ... So an unordered list needs three spaces and an ordered list needs a dot and two spaces.	2020-06-04 13:27:03 -04:00
Patrick Marchand	b711154722	Apply fix in last commit to other markdown files ... So a markdown list should be no indentation followed by two spaces. ' ' * one * two	2020-06-04 13:23:06 -04:00
Patrick Marchand	db488ba8ef	Split long lines in git role	2020-06-04 13:10:08 -04:00