evolix/EvoBSD
21
0
Fork 0
Code Issues 2 Pull requests Releases 3 Wiki Activity
349 commits 2 branches 3 tags 671 KiB
Commit graph

279 commits

Author SHA1 Message Date
Jérémy Dubois 91922175cd etc-git: chmod 600 for local periodic files (daily, weekly, monthly) - forgotten ones 2022-07-12 10:30:23 +02:00
Jérémy Dubois 0e9df878e1 etc-git: chmod 600 for local periodic files (daily, weekly, monthly) 2022-07-12 10:16:27 +02:00
Jérémy Dubois 12c8f02884 evocheck: execute evocheck without --cron the first of the month 2022-07-12 09:38:00 +02:00
Jérémy Dubois 17ac3a3a36 etc-git: ansible-commit upstream release 22.05 2022-06-30 17:53:06 +02:00
Jérémy Dubois 8bfc0b1aea base: evomaintenance upstream update 2022-06-30 17:52:35 +02:00
Jérémy Dubois 674a4aa836 update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00
Jérémy Dubois 6667c4b9e8 Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00
Jérémy Dubois e5d1dc96bb Fix various shellcheck violations 2022-06-16 17:25:52 +02:00
Jérémy Dubois 962eefe3d7 evocheck: upstream release 22.06 2022-06-16 17:23:16 +02:00
Jérémy Dubois 0e5922c8d8 base: import last dump-server-state.sh upstream version 2022-06-09 17:12:32 +02:00
Jérémy Dubois e2d0256946 base: import last update-evobackup-canary upstream version 2022-06-09 16:18:43 +02:00
Jérémy Dubois ab7cc1189f base: add update-evobackup-canary script 2022-06-09 15:07:38 +02:00
Jérémy Dubois f4e07b4578 pf : reorder some rules, more details on some comments 2022-05-18 09:57:56 +02:00
Jérémy Dubois b220c1934d yamllint 2022-05-18 09:56:07 +02:00
Jérémy Dubois 19a0ebb8ea base: import last zzz_evobackup upstream version 2022-05-18 09:53:21 +02:00
Jérémy Dubois 950dbaec21 post-install: ignore errors from syspatch 2022-05-03 17:22:20 +02:00
Jérémy Dubois 1f07862c84 etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible 
Using ansible-commit script from ansible-roles
 2022-05-03 15:55:45 +02:00
Jérémy Dubois 6ef04839c4 fix copyright evocommit 2022-05-03 15:22:18 +02:00
Jérémy Dubois 335969ed42 post-install: group root does not exist, fix 2022-04-27 17:14:11 +02:00
Jérémy Dubois 445c6afe1f etc-git: fix when condition for /usr/share/scripts dir 2022-04-27 17:13:44 +02:00
Jérémy Dubois 2dc7d3073f post-install: fix syntax error 2022-04-26 18:06:55 +02:00
Jérémy Dubois be9f183359 Import last evocheck.sh version 2022-04-14 09:54:58 +02:00
Jérémy Dubois bb43bc5370 etc-git: add quote to numerical value so that it is seen as a string 2022-04-13 18:08:15 +02:00
Jérémy Dubois 490b733f1a etc-git: create gitignore files differently so that it stays idempotent 2022-04-13 17:53:09 +02:00
Jérémy Dubois e1ae8fefb9 post-install: add the date into the ldif generated file 2022-04-13 17:26:59 +02:00
Jérémy Dubois 46b9baf601 base: import last zzz_evobackup upstream version 2022-04-13 17:10:52 +02:00
Jérémy Dubois f57e9934ff Applying fix from yamllint and ansible-lint 2022-04-13 16:57:39 +02:00
Jérémy Dubois 1939ca3142 renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file 2022-04-13 16:22:26 +02:00
Jérémy Dubois 04bdff87f4 base: add a "next_part" before executing evobackup in daily.local file 2022-04-13 16:19:41 +02:00
Jérémy Dubois 5481bb4698 evocheck: upstream release 22.04 2022-04-13 15:58:25 +02:00
Jérémy Dubois bd1d29b1bd nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state 2022-04-13 15:41:47 +02:00
Jérémy Dubois bbe56e3422 etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks + add versioning for /usr/share/scripts 2022-04-13 15:28:10 +02:00
Jérémy Dubois e0c27ff083 collectd: add dhcp_pool.pl script 2022-04-08 16:48:02 +02:00
Jérémy Dubois 07f4dadd0e base: import dump-server-state.sh script 2022-03-31 18:18:10 +02:00
Jérémy Dubois ce886fdc1d post-install : improve management of ldif file for ldap 2022-03-31 16:05:19 +02:00
Jérémy Dubois bdda2b7b79 nagios-nrpe : add a check dhcp_pool 2022-03-31 11:57:45 +02:00
Jérémy Dubois 40ed5b0437 nagios-nrpe : handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh 2022-03-31 10:07:40 +02:00
Jérémy Dubois eb96fd41b2 base: zzz_evobackup upstream release 22.03 2022-03-25 18:09:08 +01:00
Jérémy Dubois 30a601b2e1 Import last evocheck.sh version 2022-03-10 16:48:19 +01:00
Jérémy Dubois b114d139d4 post-install: add a version number to motd-carp-state.sh 2022-03-10 15:59:28 +01:00
Jérémy Dubois ecacb00018 Import last evomaintenance and evobackup scripts 2022-02-08 10:19:46 +01:00
Jérémy Dubois 576e13db78 base: set the title of the terminal when connecting to a server 2022-02-07 11:05:36 +01:00
Jérémy Dubois a34f3d606b Fix motd-carp-state.sh 
The current release is not necessarily the first line of dmesg.boot
 2022-01-26 14:54:11 +01:00
Jérémy Dubois fe6235f8fb Multiple fixes 
- accounts : the user.yml task has a loop in a loop, var name need to be changed
- base, kshrc : fix a previously deleted command on which is based the command that follows
- base, ntp : do not display this task as a change, it only gets some information
 2022-01-25 17:28:28 +01:00
Jérémy Dubois 66c84dca6c Delete the deprecated OpenVPN role 2022-01-24 19:11:37 +01:00
Jérémy Dubois 93f21a947c base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history 
"set -A" options are for ksh only
 2022-01-07 18:12:09 +01:00
Jérémy Dubois 4506c835c5 Improve syntax of accounts role and fix missing tags 2022-01-06 12:01:22 +01:00
Jérémy Dubois f0ecc79696 accounts: use "evobsd_internal_group" for SSH authentication 2022-01-05 11:16:18 +01:00
Jérémy Dubois 7b337c2db1 Update README, change needed vars files, edit .gitignore and remove unneeded environment variable 2021-12-17 16:22:31 +01:00
Jérémy Dubois 4522546edd Add NRPE check bioctl for RAID devices and fix CHANGELOG and README syntax 2021-12-15 16:34:34 +01:00
Jérémy Dubois 798a87b0ff Configure locale to en_US.UTF-8, use vim as default git edit, and bump EvoBSD version 
Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly
Use vim as default git editor for the same reason, and because its better than vi
Bump EvoBSD version : OpenBSD 7.0 is out
 2021-12-09 11:03:38 +01:00
Jérémy Dubois 85fe9f6703 Comment out default check_bgpd in NRPE role 
This check is not used as is and must be customized.
I comment it out so we do not confuse it with the customized one.
 2021-12-09 10:31:51 +01:00
Jérémy Dubois e6e05268e5 Fix check_ipsecctl_critiques.sh 2021-11-18 14:53:45 +01:00
Jérémy Dubois 218568fc13 Add comment to check_ipsecctl_critiques.sh : how to use 2021-10-20 16:05:27 +02:00
Jérémy Dubois fe3d2035f5 Add full ipsecctl check script 
Different ipsecctl checks are currently used one the servers with no convention,
so I created one template with all that has to be checked.
 2021-10-15 11:55:46 +02:00
Jérémy Dubois 9269b13123 Convert values in string 2021-10-14 18:07:54 +02:00
Jérémy Dubois 3ccc0ca924 Force task to run in check mode for NTP configuration 2021-10-14 18:06:50 +02:00
Jérémy Dubois 1bfa1d61f0 Import last evocheck.sh version 2021-10-07 15:02:26 +02:00
Jérémy Dubois b68a18a4f5 Import last version of evocheck script 2021-09-17 17:16:17 +02:00
Jérémy Dubois c5f478c584 Update NRPE and doas configuration for checks mailq and openvpn_certificates 
- Fix check_mailq : the check from monitoring-plugins current version is not
  compatible with opensmtpd. I picked the last version from the GIT repository,
  and adjusted nrpe and doas configuration
- Add doas configuration for check_openvpn_certificates.sh : some servers need
  doas, others don't. Better to set it everywhere.
 2021-07-27 18:02:49 +02:00
Jérémy Dubois 1abf0f636c Fix check_dhcpd 
/usr/local/libexec/nagios/check_dhcp does not work on server itself
Using back /usr/local/libexec/nagios/check_procs -c1: -C dhcpd
And removing doas configuration
 2021-07-23 16:34:34 +02:00
Jérémy Dubois 82137026db Import fix of evocheck.sh script 2021-07-23 16:33:36 +02:00
Jérémy Dubois 91ef49f7b3 Import 6.9.1 version of evocheck 2021-07-23 16:02:40 +02:00
Jérémy Dubois 7046e193e0 Configure the ntpd.conf file and bump version 2021-07-19 15:27:57 +02:00
Jérémy Dubois b1aa50a717 Import 6.9.0 evocheck version 2021-07-16 14:58:20 +02:00
Jérémy Dubois 14ec1ca13b Shifting check carp number to match the interface number 2021-07-16 11:27:44 +02:00
Jérémy Dubois 3fc1dabec4 check_openvpn_certificates.sh : fix conf_file var definition 
Sometimes, OpenVPN run multiples processes
 2021-06-10 16:15:35 +02:00
Jérémy Dubois 8cd6b0bda6 Import last version of zzz_evobackup and evocheck.sh scripts 2021-05-25 21:09:23 +02:00
Jérémy Dubois f8a9a86bdd Added info on possible causes of error for openvpn check 2021-05-25 15:19:06 +02:00
Jérémy Dubois a0f8339705 Change evomaintenance files mode 2021-05-17 11:36:36 +02:00
Tristan Pilat 1364451198 Following the release of OpenBSD 6.9, the VERBOSESTATUS variable is no longer valid in the daily.local configuration file 2021-05-06 15:03:37 +02:00
Jérémy Dubois 2dae2d1ae4 Fix typo
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2021-02-15 18:56:24 +01:00
Jérémy Dubois b3496692b2 Fix motd-carp-state.sh 
Update the OpenBSD release in our customized motd
 2021-02-15 18:25:52 +01:00
Jérémy Dubois 54455a63df Fix check_free_mem.sh : cached RAM now is free RAM 2021-02-15 17:30:25 +01:00
Jérémy Dubois d7a427bd7f check_openvpn_certificates.sh : fix date format
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2021-02-08 17:29:46 +01:00
Jérémy Dubois 0c55f87727 Update CHANGELOG and add a check_openvpn_certificates
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2021-02-08 16:30:05 +01:00
Jérémy Dubois 60103070f2 Fix NRPE check_mem
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details 
The percentage sign must be precised. Without it, the check is done checking
the memory in MB.
 2021-02-03 11:57:47 +01:00
Jérémy Dubois 7f5627f6bd Import last version of zzz_evobackup file
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2021-01-07 09:48:38 +01:00
Jérémy Dubois 55745e1a62 nagios-nrpe role : change variables name
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-12-10 19:36:00 +01:00
Jérémy Dubois 8a2111561f Improve PacketFilter role 
Replace hards IP with variable
Add a README file
 2020-12-10 19:23:18 +01:00
Tristan PILAT 48ea75957d Add new exceptions to Logsentry ignore files
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2020-12-02 17:45:38 +01:00
Tristan PILAT 7d24b11fa9 Add tasks to copy customized configuration files 2020-11-24 16:27:29 +01:00
Tristan PILAT 6782746f3c Add customized logsentry configuration 2020-11-24 16:26:02 +01:00
Jérémy Dubois 389f1a8eae Import last zzz_evobackup file version
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/pr Build is failing
Details
2020-11-16 11:24:47 +01:00
Jérémy Dubois 8cddc5e9ae Fix logsentry.sh file name in task
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2020-10-30 10:49:23 +01:00
Tristan PILAT d84fc581d8 Add a new role - Logsentry is a tool that scans system logs to report suspicious/unusual activity 2020-10-30 10:06:36 +01:00
Jérémy Dubois e9a1373a30 Add file to .gitignore
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details 
This file is frequently updated after a user connection to OpenVPN, so we do
not want to track it.
 2020-10-27 11:05:46 +01:00
Jérémy Dubois 9a07552731 Import last zzz_evobackup file version
Some checks failed
continuous-integration/drone/pr Build is failing
Details
continuous-integration/drone/push Build is failing
Details
2020-10-27 10:45:11 +01:00
Jérémy Dubois 381aa50e37 Deletion of simple quotes preventing the task to be correctly executed
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-26 16:40:53 +01:00
Jérémy Dubois 6613c70446 Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
Some checks failed
continuous-integration/drone/push Build is failing
Details 
This reverts commit 4012a014ce.
Versions older than 5.7 are … old.
We do not handle versions that old.
 2020-10-23 10:17:12 +02:00
Jérémy Dubois a26d6e13cb yamllint line-lenght and empty-line
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-23 10:15:57 +02:00
Jérémy Dubois f648f332dd Import 6.7.7 evocheck version
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-22 18:18:28 +02:00
Jérémy Dubois 4012a014ce Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-22 11:52:54 +02:00
Jérémy Dubois 4db9d006a2 Allow evolinux-sudo group to sudo
Some checks failed
continuous-integration/drone/push Build is failing
Details 
evolinux-sudo group can already use doas, it should also
be allowed to use sudo
 2020-10-22 11:28:06 +02:00
Jérémy Dubois d7701d32da Comment on checks that cannot be used as is - v3
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-22 10:34:13 +02:00
Jérémy Dubois 42f5d2c10e Add "create; true" to other task, needed when running in check mode
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-21 15:47:23 +02:00
Jérémy Dubois 44d145e33b Add "create; true" to task, needed when running in check mode
Some checks failed
continuous-integration/drone/push Build is failing
Details
2020-10-21 10:52:39 +02:00
Jérémy Dubois 5ef4a403d2 We should be able to execute evomaintence.sh as soon as we can SSH to the server 2020-10-20 15:57:35 +02:00
Jérémy Dubois 9eeba0c0ab Add a doas authorization for NRPE 2020-10-20 15:10:12 +02:00
Jérémy Dubois 78686b8730 Stricter ssh and doas access - two separate groups actually needed 
Fix #34 again

After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)

We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
 2020-10-15 11:01:52 +02:00