Jérémy Dubois
bd1d29b1bd
nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state
2022-04-13 15:41:47 +02:00
Jérémy Dubois
bbe56e3422
etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks + add versioning for /usr/share/scripts
2022-04-13 15:28:10 +02:00
Jérémy Dubois
e0c27ff083
collectd: add dhcp_pool.pl script
2022-04-08 16:48:02 +02:00
Jérémy Dubois
07f4dadd0e
base: import dump-server-state.sh script
2022-03-31 18:18:10 +02:00
Jérémy Dubois
ce886fdc1d
post-install : improve management of ldif file for ldap
2022-03-31 16:05:19 +02:00
Jérémy Dubois
bdda2b7b79
nagios-nrpe : add a check dhcp_pool
2022-03-31 11:57:45 +02:00
Jérémy Dubois
40ed5b0437
nagios-nrpe : handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh
2022-03-31 10:07:40 +02:00
Jérémy Dubois
eb96fd41b2
base: zzz_evobackup upstream release 22.03
2022-03-25 18:09:08 +01:00
Jérémy Dubois
30a601b2e1
Import last evocheck.sh version
2022-03-10 16:48:19 +01:00
Jérémy Dubois
b114d139d4
post-install: add a version number to motd-carp-state.sh
2022-03-10 15:59:28 +01:00
Jérémy Dubois
ecacb00018
Import last evomaintenance and evobackup scripts
2022-02-08 10:19:46 +01:00
Jérémy Dubois
576e13db78
base: set the title of the terminal when connecting to a server
2022-02-07 11:05:36 +01:00
Jérémy Dubois
a34f3d606b
Fix motd-carp-state.sh
...
The current release is not necessarily the first line of dmesg.boot
2022-01-26 14:54:11 +01:00
Jérémy Dubois
fe6235f8fb
Multiple fixes
...
- accounts : the user.yml task has a loop in a loop, var name need to be changed
- base, kshrc : fix a previously deleted command on which is based the command that follows
- base, ntp : do not display this task as a change, it only gets some information
2022-01-25 17:28:28 +01:00
Jérémy Dubois
66c84dca6c
Delete the deprecated OpenVPN role
2022-01-24 19:11:37 +01:00
Jérémy Dubois
93f21a947c
base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history
...
"set -A" options are for ksh only
2022-01-07 18:12:09 +01:00
Jérémy Dubois
4506c835c5
Improve syntax of accounts role and fix missing tags
2022-01-06 12:01:22 +01:00
Jérémy Dubois
f0ecc79696
accounts: use "evobsd_internal_group" for SSH authentication
2022-01-05 11:16:18 +01:00
Jérémy Dubois
7b337c2db1
Update README, change needed vars files, edit .gitignore and remove unneeded environment variable
2021-12-17 16:22:31 +01:00
Jérémy Dubois
4522546edd
Add NRPE check bioctl for RAID devices and fix CHANGELOG and README syntax
2021-12-15 16:34:34 +01:00
Jérémy Dubois
798a87b0ff
Configure locale to en_US.UTF-8, use vim as default git edit, and bump EvoBSD version
...
Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly
Use vim as default git editor for the same reason, and because its better than vi
Bump EvoBSD version : OpenBSD 7.0 is out
2021-12-09 11:03:38 +01:00
Jérémy Dubois
85fe9f6703
Comment out default check_bgpd in NRPE role
...
This check is not used as is and must be customized.
I comment it out so we do not confuse it with the customized one.
2021-12-09 10:31:51 +01:00
Jérémy Dubois
e6e05268e5
Fix check_ipsecctl_critiques.sh
2021-11-18 14:53:45 +01:00
Jérémy Dubois
218568fc13
Add comment to check_ipsecctl_critiques.sh : how to use
2021-10-20 16:05:27 +02:00
Jérémy Dubois
fe3d2035f5
Add full ipsecctl check script
...
Different ipsecctl checks are currently used one the servers with no convention,
so I created one template with all that has to be checked.
2021-10-15 11:55:46 +02:00
Jérémy Dubois
9269b13123
Convert values in string
2021-10-14 18:07:54 +02:00
Jérémy Dubois
3ccc0ca924
Force task to run in check mode for NTP configuration
2021-10-14 18:06:50 +02:00
Jérémy Dubois
1bfa1d61f0
Import last evocheck.sh version
2021-10-07 15:02:26 +02:00
Jérémy Dubois
b68a18a4f5
Import last version of evocheck script
2021-09-17 17:16:17 +02:00
Jérémy Dubois
c5f478c584
Update NRPE and doas configuration for checks mailq and openvpn_certificates
...
- Fix check_mailq : the check from monitoring-plugins current version is not
compatible with opensmtpd. I picked the last version from the GIT repository,
and adjusted nrpe and doas configuration
- Add doas configuration for check_openvpn_certificates.sh : some servers need
doas, others don't. Better to set it everywhere.
2021-07-27 18:02:49 +02:00
Jérémy Dubois
1abf0f636c
Fix check_dhcpd
...
/usr/local/libexec/nagios/check_dhcp does not work on server itself
Using back /usr/local/libexec/nagios/check_procs -c1: -C dhcpd
And removing doas configuration
2021-07-23 16:34:34 +02:00
Jérémy Dubois
82137026db
Import fix of evocheck.sh script
2021-07-23 16:33:36 +02:00
Jérémy Dubois
91ef49f7b3
Import 6.9.1 version of evocheck
2021-07-23 16:02:40 +02:00
Jérémy Dubois
7046e193e0
Configure the ntpd.conf file and bump version
2021-07-19 15:27:57 +02:00
Jérémy Dubois
b1aa50a717
Import 6.9.0 evocheck version
2021-07-16 14:58:20 +02:00
Jérémy Dubois
14ec1ca13b
Shifting check carp number to match the interface number
2021-07-16 11:27:44 +02:00
Jérémy Dubois
3fc1dabec4
check_openvpn_certificates.sh : fix conf_file var definition
...
Sometimes, OpenVPN run multiples processes
2021-06-10 16:15:35 +02:00
Jérémy Dubois
8cd6b0bda6
Import last version of zzz_evobackup and evocheck.sh scripts
2021-05-25 21:09:23 +02:00
Jérémy Dubois
f8a9a86bdd
Added info on possible causes of error for openvpn check
2021-05-25 15:19:06 +02:00
Jérémy Dubois
a0f8339705
Change evomaintenance files mode
2021-05-17 11:36:36 +02:00
Tristan Pilat
1364451198
Following the release of OpenBSD 6.9, the VERBOSESTATUS variable is no longer valid in the daily.local configuration file
2021-05-06 15:03:37 +02:00
Jérémy Dubois
2dae2d1ae4
Fix typo
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-15 18:56:24 +01:00
Jérémy Dubois
b3496692b2
Fix motd-carp-state.sh
...
Update the OpenBSD release in our customized motd
2021-02-15 18:25:52 +01:00
Jérémy Dubois
54455a63df
Fix check_free_mem.sh : cached RAM now is free RAM
2021-02-15 17:30:25 +01:00
Jérémy Dubois
d7a427bd7f
check_openvpn_certificates.sh : fix date format
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-08 17:29:46 +01:00
Jérémy Dubois
0c55f87727
Update CHANGELOG and add a check_openvpn_certificates
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-08 16:30:05 +01:00
Jérémy Dubois
60103070f2
Fix NRPE check_mem
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
The percentage sign must be precised. Without it, the check is done checking
the memory in MB.
2021-02-03 11:57:47 +01:00
Jérémy Dubois
7f5627f6bd
Import last version of zzz_evobackup file
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-07 09:48:38 +01:00
Jérémy Dubois
55745e1a62
nagios-nrpe role : change variables name
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-12-10 19:36:00 +01:00
Jérémy Dubois
8a2111561f
Improve PacketFilter role
...
Replace hards IP with variable
Add a README file
2020-12-10 19:23:18 +01:00
Tristan PILAT
48ea75957d
Add new exceptions to Logsentry ignore files
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-12-02 17:45:38 +01:00
Tristan PILAT
7d24b11fa9
Add tasks to copy customized configuration files
2020-11-24 16:27:29 +01:00
Tristan PILAT
6782746f3c
Add customized logsentry configuration
2020-11-24 16:26:02 +01:00
Jérémy Dubois
389f1a8eae
Import last zzz_evobackup file version
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-11-16 11:24:47 +01:00
Jérémy Dubois
8cddc5e9ae
Fix logsentry.sh file name in task
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-10-30 10:49:23 +01:00
Tristan PILAT
d84fc581d8
Add a new role - Logsentry is a tool that scans system logs to report suspicious/unusual activity
2020-10-30 10:06:36 +01:00
Jérémy Dubois
e9a1373a30
Add file to .gitignore
...
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
This file is frequently updated after a user connection to OpenVPN, so we do
not want to track it.
2020-10-27 11:05:46 +01:00
Jérémy Dubois
9a07552731
Import last zzz_evobackup file version
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-10-27 10:45:11 +01:00
Jérémy Dubois
381aa50e37
Deletion of simple quotes preventing the task to be correctly executed
continuous-integration/drone/push Build is failing
2020-10-26 16:40:53 +01:00
Jérémy Dubois
6613c70446
Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
...
continuous-integration/drone/push Build is failing
This reverts commit 4012a014ce
.
Versions older than 5.7 are … old.
We do not handle versions that old.
2020-10-23 10:17:12 +02:00
Jérémy Dubois
a26d6e13cb
yamllint line-lenght and empty-line
continuous-integration/drone/push Build is failing
2020-10-23 10:15:57 +02:00
Jérémy Dubois
f648f332dd
Import 6.7.7 evocheck version
continuous-integration/drone/push Build is failing
2020-10-22 18:18:28 +02:00
Jérémy Dubois
4012a014ce
Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
continuous-integration/drone/push Build is failing
2020-10-22 11:52:54 +02:00
Jérémy Dubois
4db9d006a2
Allow evolinux-sudo group to sudo
...
continuous-integration/drone/push Build is failing
evolinux-sudo group can already use doas, it should also
be allowed to use sudo
2020-10-22 11:28:06 +02:00
Jérémy Dubois
d7701d32da
Comment on checks that cannot be used as is - v3
continuous-integration/drone/push Build is failing
2020-10-22 10:34:13 +02:00
Jérémy Dubois
42f5d2c10e
Add "create; true" to other task, needed when running in check mode
continuous-integration/drone/push Build is failing
2020-10-21 15:47:23 +02:00
Jérémy Dubois
44d145e33b
Add "create; true" to task, needed when running in check mode
continuous-integration/drone/push Build is failing
2020-10-21 10:52:39 +02:00
Jérémy Dubois
5ef4a403d2
We should be able to execute evomaintence.sh as soon as we can SSH to the server
2020-10-20 15:57:35 +02:00
Jérémy Dubois
9eeba0c0ab
Add a doas authorization for NRPE
2020-10-20 15:10:12 +02:00
Jérémy Dubois
78686b8730
Stricter ssh and doas access - two separate groups actually needed
...
Fix #34 again
After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)
We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
2020-10-15 11:01:52 +02:00
Jérémy Dubois
4a0e552691
Import evocheck v.6.7.6
2020-10-15 10:21:02 +02:00
Jérémy Dubois
a7b96d9f67
Fstab : we now also add noatime to each partitions
2020-10-15 09:57:02 +02:00
Jérémy Dubois
4c902eda5a
Fstab : change only ffs file system
2020-10-14 18:05:29 +02:00
Jérémy Dubois
4610661299
Fix add of multiple motd cron
...
Do not add motd cron again if the same line is already there but uncommented
2020-10-14 17:39:23 +02:00
Jérémy Dubois
ff1f728102
Doas authorization for collectd
...
We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.
2020-10-14 17:39:23 +02:00
Jérémy Dubois
cc80aefac7
NRPE plugins dir was not created
2020-10-14 17:39:23 +02:00
Jérémy Dubois
6dd4b6b8aa
Syspatch is not available before OpenBSD 6.1
2020-10-14 17:39:23 +02:00
Jérémy Dubois
556d98c170
Variable ansible_fqdn is often not the name of the server
2020-10-14 17:39:23 +02:00
Jérémy Dubois
7ecf7be4a4
Do not remove line that would have a customized subject
2020-10-14 17:39:09 +02:00
Jérémy Dubois
213e4a7bcd
Comment on checks that cannot be used as is - v2
continuous-integration/drone/push Build is failing
2020-10-14 14:55:10 +02:00
Jérémy Dubois
592a2f8337
Comment on checks that cannot be used as is
continuous-integration/drone/push Build is failing
2020-10-14 12:25:55 +02:00
Jérémy Dubois
68586d6450
Fstab role : do not change lines beggining with "#"
continuous-integration/drone/push Build is failing
2020-10-14 12:14:58 +02:00
Jérémy Dubois
37ec518850
The pf_states NRPE check does not contain any variable, it can be in files folder
continuous-integration/drone/push Build is failing
2020-10-14 12:13:52 +02:00
Jérémy Dubois
5adeaa31e1
Add a pf tag that we skip for subsequent use
...
continuous-integration/drone/push Build is failing
PacketFilter need to be customized only once, at the first use.
After that, pf.conf will be modified on the server for the needs of the
network. It must not be overwriten.
2020-10-14 09:40:59 +02:00
Jérémy Dubois
dc2707c004
Fix typo
continuous-integration/drone/push Build is failing
2020-10-13 16:16:52 +02:00
Jérémy Dubois
2bf8a7e872
Stricter ssh and doas access - better version
...
continuous-integration/drone/push Build is failing
Fix #34
We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.
I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
2020-10-13 16:03:54 +02:00
Jérémy Dubois
7ddc1ab72f
Fix NRPE check file name
continuous-integration/drone/push Build is failing
2020-10-13 12:02:48 +02:00
Jérémy Dubois
a9ae1b57d4
Do not use litteral tab in configuration
...
Use "\t" instead of a litteral tab which can easily be broken. Also add a
deletion of line with spaces.
2020-10-13 12:01:18 +02:00
Jérémy Dubois
57acbd6091
Add jinja2 variable for PATH variable environment
2020-10-13 11:44:53 +02:00
Jérémy Dubois
11d3331958
Collectd role : deletion of collectd_plugin_exec variable
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
This variable had to be activated only if collectd_plugin_exec_ifq_drops or
collectd_plugin_exec_dns_stats was also activated, for some configuration to be
taken into account. I changed the role so that the configuration is
automatically taken into account if one of these two variables is activated.
2020-10-12 15:45:13 +02:00
Jérémy Dubois
7cc374ea9e
yamllint : indentation, trailing-spaces and truthy value
2020-10-12 15:26:45 +02:00
Jérémy Dubois
337e80b670
Writing of collectd role
2020-10-12 15:12:31 +02:00
Jérémy Dubois
a40e2b4750
Merge branch 'dev' into customize_fstab
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-12 14:47:02 +02:00
Jérémy Dubois
6b7c7b80c4
yamllint
continuous-integration/drone/push Build is failing
2020-10-12 14:20:59 +02:00
Jérémy Dubois
bd22b0545b
sudoers configuration : the tab was broken
2020-10-12 14:16:00 +02:00
Jérémy Dubois
0615d3b555
Specify order of cron command in daily.local and fix full deletion of the cron
continuous-integration/drone/push Build is failing
2020-10-12 12:00:28 +02:00
Jérémy Dubois
c1f66a92e2
Fix add of multiple evobackup cron
...
continuous-integration/drone/push Build is failing
Do not add evobackup cron again if the same line
is already there but uncommented
2020-10-09 16:14:52 +02:00
Tristan Pilat
01158227eb
Merge pull request 'Force replacement of some NRPE checks' ( #33 ) from force_NRPE_checks_replacement into dev
...
continuous-integration/drone/push Build is failing
Reviewed-on: #33
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
2020-10-09 15:48:14 +02:00
Jérémy Dubois
92837424fb
Fix weird commits
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-10-09 15:35:23 +02:00
Jérémy Dubois
5fa8e0c9bb
Customize fstab with noexec and softdep
...
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
Add softdep to each partitions
Add noexec to /tmp and remount it if necessary
2020-10-09 15:21:10 +02:00