evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity
238 commits 2 branches 3 tags 660 KiB
Commit graph

19 commits

Author SHA1 Message Date
Jérémy Dubois c5f478c584 Update NRPE and doas configuration for checks mailq and openvpn_certificates 
- Fix check_mailq : the check from monitoring-plugins current version is not
  compatible with opensmtpd. I picked the last version from the GIT repository,
  and adjusted nrpe and doas configuration
- Add doas configuration for check_openvpn_certificates.sh : some servers need
  doas, others don't. Better to set it everywhere.
 2021-07-27 18:02:49 +02:00
Jérémy Dubois 1abf0f636c Fix check_dhcpd 
/usr/local/libexec/nagios/check_dhcp does not work on server itself
Using back /usr/local/libexec/nagios/check_procs -c1: -C dhcpd
And removing doas configuration
 2021-07-23 16:34:34 +02:00
Jérémy Dubois 5ef4a403d2 We should be able to execute evomaintence.sh as soon as we can SSH to the server 2020-10-20 15:57:35 +02:00
Jérémy Dubois 9eeba0c0ab Add a doas authorization for NRPE 2020-10-20 15:10:12 +02:00
Jérémy Dubois 78686b8730 Stricter ssh and doas access - two separate groups actually needed 
Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
 2020-10-15 11:01:52 +02:00
Jérémy Dubois ff1f728102 Doas authorization for collectd 
We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.
 2020-10-14 17:39:23 +02:00
Jérémy Dubois 2bf8a7e872 Stricter ssh and doas access - better version
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Fix #34

We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.

I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.
 2020-10-13 16:03:54 +02:00
Jérémy Dubois 3a6cd20ab3 Configure the check_packetfilter in NRPE with doas
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-07-28 17:57:30 +02:00
Jérémy Dubois 27006f8db7 Doas permissions rearrangement 2020-04-21 16:18:07 +02:00
Jérémy Dubois 05d2b707e1 Add OpenBGPD nrpe check with doas configuration 2020-04-21 14:25:42 +02:00
Patrick Marchand 8b1ce861e3 Add stricter ssh and doas access 2019-09-19 17:07:01 -04:00
Patrick Marchand 3e3eb695b4 Merge branch 'replace_sudo_with_doas' into dev 
Any new checks should use doas as well.
 2019-09-03 17:43:22 +02:00
Patrick Marchand 18ac01cbb3 Apply latest dev branch to check_dhcpd branch 2019-09-03 11:38:34 -04:00
Patrick Marchand a994225c27 Merge check_connections_state into dev 2019-09-03 11:34:14 -04:00
Jérémy Dubois f305b3420b Replace all sudo occurences with doas 2019-07-15 18:25:25 +02:00
Jérémy Dubois a23a6efca8 Replace sudo with doas 2019-07-15 17:44:05 +02:00
Jérémy Dubois 1b5196d6a4 Replace sudo with doas 2019-07-15 17:29:36 +02:00
Tristan PILAT 798a482787 Load root's environment when using doas 2019-04-23 20:50:02 +02:00
Tristan PILAT b555fb1222 Add initial project 2018-12-28 11:23:49 +01:00