# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ### Added - base: set the title of the terminal when connecting to a server - base: import dump-server-state.sh script - post-install: add a version number to motd-carp-state.sh - nagios-nrpe: add a check dhcp_pool - collectd: add dhcp_pool.pl script - base: add a "next_part" before executing evobackup in daily.local file - base: add update-evobackup-canary script - base: session timeout is configurable - add a update-utils.yml playbook to update scripts ### Changed - accounts: use "evobsd_internal_group" for SSH authentication - evocheck: imported version 22.03 - base: zzz_evobackup upstream release 22.03 - etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks - etc-git: use "ansible-commit" to efficiently commit all available repositories from Ansible - etc-git: add versioning for /usr/share/scripts - nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state - evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file - pf: reorder some rules, more details on some comments - update of tags for each tasks and ease the update of scripts - evocheck: execute evocheck without --cron the first of the month - etc-git: chmod 600 for local periodic files (daily, weekly, monthly) ### Fixed - base: fix shell configuration, increase $HISTSIZE, and change history alias so it displays full history - nagios-nrpe: handle the case where cached_mem is in GB to convert it in MB in check_free_mem.sh - post-install: improve management of ldif file for ldap - post-install: ignore errors from syspatch ### Removed - openvpn: deleted this deprecated role ; use the one provided in the ansible-roles repo ## [21.12] - 2021-12-17 ### Changed - Configure locale to en_US.UTF-8 in .profile file so that "git log" displays the accents correctly - Use vim as default git editor - Change version pattern and fix release scheme ### Added - Add a bioctl NRPE check for RAID devices ## [6.9.2] - 2021-10-15 ### Added - Add a more complete ipsecctl check script - Add doas configuration for check_openvpn_certificates.sh ### Fixed - Fix check_dhcpd for dhcpd server themselves: use back check_procs -c1: -C dhcpd - Fix check_mailq: check from monitoring-plugins current version is not compatible with opensmtpd ## [6.9.1] - 2021-07-19 ### Added - Configure the ntpd.conf file ## [6.9.0] - 2021-05-06 ### Changed - Remove the variable VERBOSESTATUS in daily.local configuration file since it is no longer valid. ## [6.8.3] - 2021-02-15 ### Added - Add a customization of the logsentry configuration - Add a check_openvpn_certificates in NRPE and OpenVPN role to check expiration date of server CA and certificates files ### Fixed - Fix the check_mem command in the NRPE role, precising the percentage sign for it not to check the memory in MB. - Fix the check_mem script in the NRPE role, adding cached RAM as free RAM - Fix motd-carp-state.sh by updating the OpenBSD release in our customized motd after an upgrade ### Changed - The PF role now use a variable for trusted IPs ## [6.8.2] - 2020-10-30 ### Added - Add a Logsentry role ## [6.8.1] - 2020-10-26 ### Fixed - Fix a task using a register where simple quotes prevented the register to be properly filled, breaking the following task ## [6.8.0] - 2020-10-23 ### Added - Add a PF tag to be able to skip that part when rerunning EvoBSD - Add a doas authorization for NRPE check_ipsecctl_critiques ### Changed - The task mail.yml replace the former boot/reboot message only if it is untouched - Replace the variable used to set the email address in etc-git role - now using inventory_hostname - Not checking syspatch when OpenBSD <= 6.1 - Amend fstab file adding noatime option to each entrie - Import evocheck v.6.7.7 - Comment NRPE checks that cannot be used as is ### Fixed - Add the creation of the NRPE plugins directory in nagios-nrpe role - Add collectd doas rights in the base role to avoid broking anything if EvoBSD is rerun without the collectd role included - Do not add the motd cron if the same line is already there but uncommented - Amend fstab entries only when the filesystem is ffs ## [6.7.2] - 2020-10-13 ### Added - Now handling deletion of evobackup crontab (replaced by daily.local cron) - Customize fstab with noexec and softdep - Collectd role ### Changed - Improve rc.local file configuration - Update evocheck to version 6.7.5 - Hide default daily output mail content (VERBOSESTATUS=0) - Add deletion of old log files in the OSPF role ### Fixed - Fix duplicate evobackup cron if the entry is uncommented in daily.local ## [6.7.1] - 2020-09-10 ### Added - Add completions functions in root's profile dotfile - Add check_connections_state.sh NRPE plugin - Add an evocheck role - Add stricter ssh and doas access - Add an openvpn role - Add an OpenBGPd NRPE plugin - Add ospf and bgp roles - Add an unbound NRPE check since it is part of the base system - Add a motd-carp-state.sh script that checks the carp state and generates the /etc/motd file ### Changed - Disable sndiod since it is not required on serveurs - Replace sudo with doas for script executions - Update evomaintenance version to 0.6.3 - Disable mouse function in vim configuration - Drop openup since syspatch can apply stable patches now - Update evobackup script - Rewrite newsyslog configuration - Drop postgresql-client package since evomaintenance use an API now