Jérémy Dubois
91922175cd
etc-git: chmod 600 for local periodic files (daily, weekly, monthly) - forgotten ones
2022-07-12 10:30:23 +02:00
Jérémy Dubois
0e9df878e1
etc-git: chmod 600 for local periodic files (daily, weekly, monthly)
2022-07-12 10:16:27 +02:00
Jérémy Dubois
12c8f02884
evocheck: execute evocheck without --cron the first of the month
2022-07-12 09:38:00 +02:00
Jérémy Dubois
17ac3a3a36
etc-git: ansible-commit upstream release 22.05
2022-06-30 17:53:06 +02:00
Jérémy Dubois
8bfc0b1aea
base: evomaintenance upstream update
2022-06-30 17:52:35 +02:00
Jérémy Dubois
674a4aa836
update of tags for each tasks and ease the update of scripts
2022-06-23 18:35:39 +02:00
Jérémy Dubois
6667c4b9e8
Syntax : have all task name between quotes
2022-06-23 16:17:42 +02:00
Jérémy Dubois
e5d1dc96bb
Fix various shellcheck violations
2022-06-16 17:25:52 +02:00
Jérémy Dubois
962eefe3d7
evocheck: upstream release 22.06
2022-06-16 17:23:16 +02:00
Jérémy Dubois
0e5922c8d8
base: import last dump-server-state.sh upstream version
2022-06-09 17:12:32 +02:00
Jérémy Dubois
e2d0256946
base: import last update-evobackup-canary upstream version
2022-06-09 16:18:43 +02:00
Jérémy Dubois
ab7cc1189f
base: add update-evobackup-canary script
2022-06-09 15:07:38 +02:00
Jérémy Dubois
f4e07b4578
pf : reorder some rules, more details on some comments
2022-05-18 09:57:56 +02:00
Jérémy Dubois
b220c1934d
yamllint
2022-05-18 09:56:07 +02:00
Jérémy Dubois
19a0ebb8ea
base: import last zzz_evobackup upstream version
2022-05-18 09:53:21 +02:00
Jérémy Dubois
950dbaec21
post-install: ignore errors from syspatch
2022-05-03 17:22:20 +02:00
Jérémy Dubois
1f07862c84
etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible
...
Using ansible-commit script from ansible-roles
2022-05-03 15:55:45 +02:00
Jérémy Dubois
6ef04839c4
fix copyright evocommit
2022-05-03 15:22:18 +02:00
Jérémy Dubois
335969ed42
post-install: group root does not exist, fix
2022-04-27 17:14:11 +02:00
Jérémy Dubois
445c6afe1f
etc-git: fix when condition for /usr/share/scripts dir
2022-04-27 17:13:44 +02:00
Jérémy Dubois
2dc7d3073f
post-install: fix syntax error
2022-04-26 18:06:55 +02:00
Jérémy Dubois
be9f183359
Import last evocheck.sh version
2022-04-14 09:54:58 +02:00
Jérémy Dubois
bb43bc5370
etc-git: add quote to numerical value so that it is seen as a string
2022-04-13 18:08:15 +02:00
Jérémy Dubois
490b733f1a
etc-git: create gitignore files differently so that it stays idempotent
2022-04-13 17:53:09 +02:00
Jérémy Dubois
e1ae8fefb9
post-install: add the date into the ldif generated file
2022-04-13 17:26:59 +02:00
Jérémy Dubois
46b9baf601
base: import last zzz_evobackup upstream version
2022-04-13 17:10:52 +02:00
Jérémy Dubois
f57e9934ff
Applying fix from yamllint and ansible-lint
2022-04-13 16:57:39 +02:00
Jérémy Dubois
1939ca3142
renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file
2022-04-13 16:22:26 +02:00
Jérémy Dubois
04bdff87f4
base: add a "next_part" before executing evobackup in daily.local file
2022-04-13 16:19:41 +02:00
Jérémy Dubois
5481bb4698
evocheck: upstream release 22.04
2022-04-13 15:58:25 +02:00
Jérémy Dubois
bd1d29b1bd
nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state
2022-04-13 15:41:47 +02:00
Jérémy Dubois
bbe56e3422
etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks + add versioning for /usr/share/scripts
2022-04-13 15:28:10 +02:00
Jérémy Dubois
e0c27ff083
collectd: add dhcp_pool.pl script
2022-04-08 16:48:02 +02:00
Jérémy Dubois
07f4dadd0e
base: import dump-server-state.sh script
2022-03-31 18:18:10 +02:00
Jérémy Dubois
ce886fdc1d
post-install : improve management of ldif file for ldap
2022-03-31 16:05:19 +02:00
Jérémy Dubois
bdda2b7b79
nagios-nrpe : add a check dhcp_pool
2022-03-31 11:57:45 +02:00
Jérémy Dubois
40ed5b0437
nagios-nrpe : handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh
2022-03-31 10:07:40 +02:00
Jérémy Dubois
eb96fd41b2
base: zzz_evobackup upstream release 22.03
2022-03-25 18:09:08 +01:00
Jérémy Dubois
30a601b2e1
Import last evocheck.sh version
2022-03-10 16:48:19 +01:00
Jérémy Dubois
b114d139d4
post-install: add a version number to motd-carp-state.sh
2022-03-10 15:59:28 +01:00
Jérémy Dubois
ecacb00018
Import last evomaintenance and evobackup scripts
2022-02-08 10:19:46 +01:00
Jérémy Dubois
576e13db78
base: set the title of the terminal when connecting to a server
2022-02-07 11:05:36 +01:00
Jérémy Dubois
a34f3d606b
Fix motd-carp-state.sh
...
The current release is not necessarily the first line of dmesg.boot
2022-01-26 14:54:11 +01:00
Jérémy Dubois
fe6235f8fb
Multiple fixes
...
- accounts : the user.yml task has a loop in a loop, var name need to be changed
- base, kshrc : fix a previously deleted command on which is based the command that follows
- base, ntp : do not display this task as a change, it only gets some information
2022-01-25 17:28:28 +01:00
Jérémy Dubois
66c84dca6c
Delete the deprecated OpenVPN role
2022-01-24 19:11:37 +01:00
Jérémy Dubois
93f21a947c
base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history
...
"set -A" options are for ksh only
2022-01-07 18:12:09 +01:00
Jérémy Dubois
4506c835c5
Improve syntax of accounts role and fix missing tags
2022-01-06 12:01:22 +01:00
Jérémy Dubois
f0ecc79696
accounts: use "evobsd_internal_group" for SSH authentication
2022-01-05 11:16:18 +01:00
Jérémy Dubois
7b337c2db1
Update README, change needed vars files, edit .gitignore and remove unneeded environment variable
2021-12-17 16:22:31 +01:00
Jérémy Dubois
4522546edd
Add NRPE check bioctl for RAID devices and fix CHANGELOG and README syntax
2021-12-15 16:34:34 +01:00
Jérémy Dubois
798a87b0ff
Configure locale to en_US.UTF-8, use vim as default git edit, and bump EvoBSD version
...
Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly
Use vim as default git editor for the same reason, and because its better than vi
Bump EvoBSD version : OpenBSD 7.0 is out
2021-12-09 11:03:38 +01:00
Jérémy Dubois
85fe9f6703
Comment out default check_bgpd in NRPE role
...
This check is not used as is and must be customized.
I comment it out so we do not confuse it with the customized one.
2021-12-09 10:31:51 +01:00
Jérémy Dubois
e6e05268e5
Fix check_ipsecctl_critiques.sh
2021-11-18 14:53:45 +01:00
Jérémy Dubois
218568fc13
Add comment to check_ipsecctl_critiques.sh : how to use
2021-10-20 16:05:27 +02:00
Jérémy Dubois
fe3d2035f5
Add full ipsecctl check script
...
Different ipsecctl checks are currently used one the servers with no convention,
so I created one template with all that has to be checked.
2021-10-15 11:55:46 +02:00
Jérémy Dubois
9269b13123
Convert values in string
2021-10-14 18:07:54 +02:00
Jérémy Dubois
3ccc0ca924
Force task to run in check mode for NTP configuration
2021-10-14 18:06:50 +02:00
Jérémy Dubois
1bfa1d61f0
Import last evocheck.sh version
2021-10-07 15:02:26 +02:00
Jérémy Dubois
b68a18a4f5
Import last version of evocheck script
2021-09-17 17:16:17 +02:00
Jérémy Dubois
c5f478c584
Update NRPE and doas configuration for checks mailq and openvpn_certificates
...
- Fix check_mailq : the check from monitoring-plugins current version is not
compatible with opensmtpd. I picked the last version from the GIT repository,
and adjusted nrpe and doas configuration
- Add doas configuration for check_openvpn_certificates.sh : some servers need
doas, others don't. Better to set it everywhere.
2021-07-27 18:02:49 +02:00
Jérémy Dubois
1abf0f636c
Fix check_dhcpd
...
/usr/local/libexec/nagios/check_dhcp does not work on server itself
Using back /usr/local/libexec/nagios/check_procs -c1: -C dhcpd
And removing doas configuration
2021-07-23 16:34:34 +02:00
Jérémy Dubois
82137026db
Import fix of evocheck.sh script
2021-07-23 16:33:36 +02:00
Jérémy Dubois
91ef49f7b3
Import 6.9.1 version of evocheck
2021-07-23 16:02:40 +02:00
Jérémy Dubois
7046e193e0
Configure the ntpd.conf file and bump version
2021-07-19 15:27:57 +02:00
Jérémy Dubois
b1aa50a717
Import 6.9.0 evocheck version
2021-07-16 14:58:20 +02:00
Jérémy Dubois
14ec1ca13b
Shifting check carp number to match the interface number
2021-07-16 11:27:44 +02:00
Jérémy Dubois
3fc1dabec4
check_openvpn_certificates.sh : fix conf_file var definition
...
Sometimes, OpenVPN run multiples processes
2021-06-10 16:15:35 +02:00
Jérémy Dubois
8cd6b0bda6
Import last version of zzz_evobackup and evocheck.sh scripts
2021-05-25 21:09:23 +02:00
Jérémy Dubois
f8a9a86bdd
Added info on possible causes of error for openvpn check
2021-05-25 15:19:06 +02:00
Jérémy Dubois
a0f8339705
Change evomaintenance files mode
2021-05-17 11:36:36 +02:00
Tristan Pilat
1364451198
Following the release of OpenBSD 6.9, the VERBOSESTATUS variable is no longer valid in the daily.local configuration file
2021-05-06 15:03:37 +02:00
Jérémy Dubois
2dae2d1ae4
Fix typo
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-15 18:56:24 +01:00
Jérémy Dubois
b3496692b2
Fix motd-carp-state.sh
...
Update the OpenBSD release in our customized motd
2021-02-15 18:25:52 +01:00
Jérémy Dubois
54455a63df
Fix check_free_mem.sh : cached RAM now is free RAM
2021-02-15 17:30:25 +01:00
Jérémy Dubois
d7a427bd7f
check_openvpn_certificates.sh : fix date format
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-08 17:29:46 +01:00
Jérémy Dubois
0c55f87727
Update CHANGELOG and add a check_openvpn_certificates
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2021-02-08 16:30:05 +01:00
Jérémy Dubois
60103070f2
Fix NRPE check_mem
...
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
The percentage sign must be precised. Without it, the check is done checking
the memory in MB.
2021-02-03 11:57:47 +01:00
Jérémy Dubois
7f5627f6bd
Import last version of zzz_evobackup file
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2021-01-07 09:48:38 +01:00
Jérémy Dubois
55745e1a62
nagios-nrpe role : change variables name
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-12-10 19:36:00 +01:00
Jérémy Dubois
8a2111561f
Improve PacketFilter role
...
Replace hards IP with variable
Add a README file
2020-12-10 19:23:18 +01:00
Tristan PILAT
48ea75957d
Add new exceptions to Logsentry ignore files
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-12-02 17:45:38 +01:00
Tristan PILAT
7d24b11fa9
Add tasks to copy customized configuration files
2020-11-24 16:27:29 +01:00
Tristan PILAT
6782746f3c
Add customized logsentry configuration
2020-11-24 16:26:02 +01:00
Jérémy Dubois
389f1a8eae
Import last zzz_evobackup file version
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
2020-11-16 11:24:47 +01:00
Jérémy Dubois
8cddc5e9ae
Fix logsentry.sh file name in task
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-10-30 10:49:23 +01:00
Tristan PILAT
d84fc581d8
Add a new role - Logsentry is a tool that scans system logs to report suspicious/unusual activity
2020-10-30 10:06:36 +01:00
Jérémy Dubois
e9a1373a30
Add file to .gitignore
...
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
This file is frequently updated after a user connection to OpenVPN, so we do
not want to track it.
2020-10-27 11:05:46 +01:00
Jérémy Dubois
9a07552731
Import last zzz_evobackup file version
continuous-integration/drone/pr Build is failing
continuous-integration/drone/push Build is failing
2020-10-27 10:45:11 +01:00
Jérémy Dubois
381aa50e37
Deletion of simple quotes preventing the task to be correctly executed
continuous-integration/drone/push Build is failing
2020-10-26 16:40:53 +01:00
Jérémy Dubois
6613c70446
Revert "Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7"
...
continuous-integration/drone/push Build is failing
This reverts commit 4012a014ce
.
Versions older than 5.7 are … old.
We do not handle versions that old.
2020-10-23 10:17:12 +02:00
Jérémy Dubois
a26d6e13cb
yamllint line-lenght and empty-line
continuous-integration/drone/push Build is failing
2020-10-23 10:15:57 +02:00
Jérémy Dubois
f648f332dd
Import 6.7.7 evocheck version
continuous-integration/drone/push Build is failing
2020-10-22 18:18:28 +02:00
Jérémy Dubois
4012a014ce
Add user with legacy hash ($2a…) instead of current hash ($2b…) for OpenBSD versions older than 5.7
continuous-integration/drone/push Build is failing
2020-10-22 11:52:54 +02:00
Jérémy Dubois
4db9d006a2
Allow evolinux-sudo group to sudo
...
continuous-integration/drone/push Build is failing
evolinux-sudo group can already use doas, it should also
be allowed to use sudo
2020-10-22 11:28:06 +02:00
Jérémy Dubois
d7701d32da
Comment on checks that cannot be used as is - v3
continuous-integration/drone/push Build is failing
2020-10-22 10:34:13 +02:00
Jérémy Dubois
42f5d2c10e
Add "create; true" to other task, needed when running in check mode
continuous-integration/drone/push Build is failing
2020-10-21 15:47:23 +02:00
Jérémy Dubois
44d145e33b
Add "create; true" to task, needed when running in check mode
continuous-integration/drone/push Build is failing
2020-10-21 10:52:39 +02:00
Jérémy Dubois
5ef4a403d2
We should be able to execute evomaintence.sh as soon as we can SSH to the server
2020-10-20 15:57:35 +02:00
Jérémy Dubois
9eeba0c0ab
Add a doas authorization for NRPE
2020-10-20 15:10:12 +02:00
Jérémy Dubois
78686b8730
Stricter ssh and doas access - two separate groups actually needed
...
Fix #34 again
After some discussions, with actually need two separates groups :
- One group for ssh access (evobsd_ssh_group)
- One group for sudo/doas access (evobsd_sudo_group)
We won't need any client group. A client user will be added to the ssh group,
so that we won't have to think about what specific group a user need to be
added in.
2020-10-15 11:01:52 +02:00