From 732087235c8378896ac560af4707fd225581a02b Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Wed, 25 Apr 2018 17:36:11 +0200 Subject: [PATCH 01/15] evolinux-users: Fix check_minifirewall path in sudoers file --- evolinux-users/templates/sudoers_jessie.j2 | 2 +- evolinux-users/templates/sudoers_stretch.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/evolinux-users/templates/sudoers_jessie.j2 b/evolinux-users/templates/sudoers_jessie.j2 index ff50f482..391ae898 100644 --- a/evolinux-users/templates/sudoers_jessie.j2 +++ b/evolinux-users/templates/sudoers_jessie.j2 @@ -4,7 +4,7 @@ Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts User_Alias ADMINS = {{ user.name }} nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs -nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_minifirewall +nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt ADMINS ALL = (ALL:ALL) ALL diff --git a/evolinux-users/templates/sudoers_stretch.j2 b/evolinux-users/templates/sudoers_stretch.j2 index 82d9bc97..9a9ea7ed 100644 --- a/evolinux-users/templates/sudoers_stretch.j2 +++ b/evolinux-users/templates/sudoers_stretch.j2 @@ -3,7 +3,7 @@ Defaults umask=0077 Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs -nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_minifirewall +nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt %{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL From 20f63719808c820dc9f77a24560ebd545bea4ece Mon Sep 17 00:00:00 2001 From: Gregory Colpart Date: Thu, 8 Feb 2018 00:46:48 +0100 Subject: [PATCH 02/15] typo --- evolinux-base/tasks/ssh.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evolinux-base/tasks/ssh.yml b/evolinux-base/tasks/ssh.yml index 323ef8ae..225add01 100644 --- a/evolinux-base/tasks/ssh.yml +++ b/evolinux-base/tasks/ssh.yml @@ -13,7 +13,7 @@ # We want to allow any user from a list of IP addresses to login with password, # but users of the "evolix" group can't login with password from other IP addresses -- name: Security directives for Evolinux (Debian 10 or later)" +- name: "Security directives for Evolinux (Debian 10 or later)" blockinfile: dest: /etc/ssh/sshd_config block: | From 74ca43fe05c68ccf0252db83b68b6e149a2ee6ca Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 26 Apr 2018 11:17:42 +0200 Subject: [PATCH 03/15] evolinux-users: add documentation for variables --- evolinux-users/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/evolinux-users/README.md b/evolinux-users/README.md index 439bd898..c41f96b0 100644 --- a/evolinux-users/README.md +++ b/evolinux-users/README.md @@ -31,3 +31,7 @@ evolinux_users: - 'ssh-rsa QWERTYUIOP' - 'ssh-ed25519 QWERTYUIOP' ``` + +* `evolinux_sudo_group`: which group to use for sudo (default: `evolinux-sudo`) +* `evolinux_ssh_group`: which group to use for ssh (default: `evolinux-ssh`) +* `evolinux_root_disable_ssh`: disable root's ssh access (default: `True`) From c87e3ee5764ea852a8b2fd4ed51d19fd518d6147 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 26 Apr 2018 11:18:26 +0200 Subject: [PATCH 04/15] evolinux-users: add user to internal group if defined and Debian >= 9 --- evolinux-users/README.md | 1 + evolinux-users/defaults/main.yml | 1 + evolinux-users/tasks/user.yml | 29 ++++++++++++++++++++++++++++- 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/evolinux-users/README.md b/evolinux-users/README.md index c41f96b0..c0f6e9ef 100644 --- a/evolinux-users/README.md +++ b/evolinux-users/README.md @@ -34,4 +34,5 @@ evolinux_users: * `evolinux_sudo_group`: which group to use for sudo (default: `evolinux-sudo`) * `evolinux_ssh_group`: which group to use for ssh (default: `evolinux-ssh`) +* `evolinux_internal_group`: which group to use for all created users (eg. the company name) * `evolinux_root_disable_ssh`: disable root's ssh access (default: `True`) diff --git a/evolinux-users/defaults/main.yml b/evolinux-users/defaults/main.yml index fe97185c..8ff94551 100644 --- a/evolinux-users/defaults/main.yml +++ b/evolinux-users/defaults/main.yml @@ -3,5 +3,6 @@ evolinux_users: {} evolinux_sudo_group: "evolinux-sudo" evolinux_ssh_group: "evolinux-ssh" +evolinux_internal_group: "" evolinux_root_disable_ssh: True diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml index 21cb97b3..f7cf31ba 100644 --- a/evolinux-users/tasks/user.yml +++ b/evolinux-users/tasks/user.yml @@ -43,6 +43,8 @@ # Unix groups +## Group for SSH authorizations + - name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)" group: name: "{{ evolinux_ssh_group }}" @@ -56,6 +58,29 @@ append: yes when: ansible_distribution_major_version | version_compare('10', '>=') +## Optional group for all evolinux users + +- name: "Unix group '{{ evolinux_internal_group }}' is present (Debian 9 or later)" + group: + name: "{{ evolinux_internal_group }}" + state: present + when: + - evolinux_internal_group is defined + - evolinux_internal_group != "" + - ansible_distribution_major_version | version_compare('9', '>=') + +- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)" + user: + name: '{{ user.name }}' + groups: "{{ evolinux_internal_group }}" + append: yes + when: + - evolinux_internal_group is defined + - evolinux_internal_group != "" + - ansible_distribution_major_version | version_compare('9', '>=') + +## Optional secondary groups, defined per user + - name: "Secondary Unix groups are present" group: name: "{{ group }}" @@ -71,6 +96,8 @@ append: yes when: user.groups is defined +# Permissions on home directory + - name: "Home directory for '{{ user.name }}' is not accessible by group and other users" file: name: '/home/{{ user.name }}' @@ -86,7 +113,7 @@ check_mode: no register: grep_profile_evomaintenance -# Don't add the trap if it is present or commented +## Don't add the trap if it is present or commented - name: "User '{{ user.name }}' has its shell trap for evomaintenance" lineinfile: state: present From 08d5ca56969ae75b4447504c9f22f7ac1b560233 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 2 May 2018 17:13:03 +0200 Subject: [PATCH 05/15] evolinux-users: fix secondary groups With ANsible 2.2 the list of groups must be comma-separated --- CHANGELOG.md | 1 + evolinux-users/tasks/user.yml | 10 +++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c74ef4e5..48e314f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release. ### Changed ### Fixed +* evolinux-users: secondary groups are comma-separated ### Security diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml index f7cf31ba..bd480cfb 100644 --- a/evolinux-users/tasks/user.yml +++ b/evolinux-users/tasks/user.yml @@ -87,14 +87,18 @@ with_items: "{{ user.groups }}" loop_control: loop_var: group - when: user.groups is defined + when: + - user.groups is defined + - user.groups != [] - name: "Unix user '{{ user.name }}' belongs to secondary groups" user: name: '{{ user.name }}' - groups: "{{ user.groups }}" + groups: "{{ user.groups | join(',') }}" append: yes - when: user.groups is defined + when: + - user.groups is defined + - user.groups != [] # Permissions on home directory From 52c728b524de2870f82c1d5b3210f96b48298049 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Wed, 2 May 2018 19:25:31 +0200 Subject: [PATCH 06/15] ntpd: Follow the example config given on https://wiki.evolix.org/HowtoNTP --- ntpd/defaults/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ntpd/defaults/main.yml b/ntpd/defaults/main.yml index 5b86419e..221a829c 100644 --- a/ntpd/defaults/main.yml +++ b/ntpd/defaults/main.yml @@ -1,9 +1,8 @@ --- ntpd_servers: -- 'ntp.evolix.net' +- 'ntp.evolix.net iburst' ntpd_acls: +- '-4 default kod notrap nomodify nopeer noquery' +- '-6 default kod notrap nomodify nopeer noquery' - '127.0.0.1' - '::1' -- '-4 default ignore' -- '-6 default ignore' - From 7fda501eae70765db1c5a2c6f6f458ff2869f4c0 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 4 May 2018 11:38:11 +0200 Subject: [PATCH 07/15] varnish: Add -F to the sustemd unit to not fork at start --- varnish/templates/varnish.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/varnish/templates/varnish.conf.j2 b/varnish/templates/varnish.conf.j2 index a60462e2..257da952 100644 --- a/varnish/templates/varnish.conf.j2 +++ b/varnish/templates/varnish.conf.j2 @@ -2,6 +2,6 @@ [Service] ExecStart= -ExecStart=/usr/sbin/varnishd -a {{ varnish_addresses | join(',') }} -T {{ varnish_management_address }} -f {{ varnish_config_file }} -S {{ varnish_secret_file }} -s {{ varnish_storage }} -p thread_pools={{ varnish_thread_pools }} -p thread_pool_add_delay={{ varnish_thread_pool_add_delay }} -p thread_pool_min={{ varnish_thread_pool_min }} -p thread_pool_max={{ varnish_thread_pool_max }} +ExecStart=/usr/sbin/varnishd -F -a {{ varnish_addresses | join(',') }} -T {{ varnish_management_address }} -f {{ varnish_config_file }} -S {{ varnish_secret_file }} -s {{ varnish_storage }} -p thread_pools={{ varnish_thread_pools }} -p thread_pool_add_delay={{ varnish_thread_pool_add_delay }} -p thread_pool_min={{ varnish_thread_pool_min }} -p thread_pool_max={{ varnish_thread_pool_max }} ExecReload= ExecReload=/etc/varnish/reload-vcl.sh From 10af35bf41040e0e405181f4764e926f24668ea0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 9 May 2018 20:56:48 +0200 Subject: [PATCH 08/15] filebeat: install version 6.x by default --- CHANGELOG.md | 1 + filebeat/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 48e314f7..97ad2329 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release. ### Added ### Changed +* filebeat: install version 6.x by default ### Fixed * evolinux-users: secondary groups are comma-separated diff --git a/filebeat/defaults/main.yml b/filebeat/defaults/main.yml index 89b6e753..9c40c5d9 100644 --- a/filebeat/defaults/main.yml +++ b/filebeat/defaults/main.yml @@ -1,5 +1,5 @@ --- -elastic_stack_version: "5.x" +elastic_stack_version: "6.x" filebeat_kibana_dashboards: False filebeat_logstash_plugin: False From 93642b4afa337c85e1b8a5ce95e81f4cccd64d37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 9 May 2018 20:57:32 +0200 Subject: [PATCH 09/15] filebeat: cleanup unused code --- CHANGELOG.md | 1 + filebeat/defaults/main.yml | 1 - filebeat/tasks/main.yml | 4 ---- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 97ad2329..0b492f51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release. ### Changed * filebeat: install version 6.x by default +* filebeat: cleanup unused code ### Fixed * evolinux-users: secondary groups are comma-separated diff --git a/filebeat/defaults/main.yml b/filebeat/defaults/main.yml index 9c40c5d9..75c8ae0f 100644 --- a/filebeat/defaults/main.yml +++ b/filebeat/defaults/main.yml @@ -1,5 +1,4 @@ --- elastic_stack_version: "6.x" -filebeat_kibana_dashboards: False filebeat_logstash_plugin: False diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml index 89c0f7ab..eebbd8ee 100644 --- a/filebeat/tasks/main.yml +++ b/filebeat/tasks/main.yml @@ -40,10 +40,6 @@ name: filebeat enabled: yes -# - name: Kibana dashboards are imported -# command: /usr/share/filebeat/scripts/import_dashboards -# when: filebeat_kibana_dashboards - - name: is logstash-plugin available? stat: path: /usr/share/logstash/bin/logstash-plugin From a47a787a816c1623b6a392a527e10c8aae9a0ca0 Mon Sep 17 00:00:00 2001 From: Bruno TATU Date: Wed, 9 May 2018 15:58:13 +0200 Subject: [PATCH 10/15] squid: add some domains and fix broken restrictions --- CHANGELOG.md | 1 + squid/files/evolinux-whitelist-defaults.conf | 45 ++++++++++++------ squid/files/whitelist-evolinux.conf | 50 +++++++++++++------- 3 files changed, 65 insertions(+), 31 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b492f51..57331aa9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release. ### Changed * filebeat: install version 6.x by default * filebeat: cleanup unused code +* squid: add some domaine and fix broken restrictions ### Fixed * evolinux-users: secondary groups are comma-separated diff --git a/squid/files/evolinux-whitelist-defaults.conf b/squid/files/evolinux-whitelist-defaults.conf index 125eda7d..e4dc240d 100644 --- a/squid/files/evolinux-whitelist-defaults.conf +++ b/squid/files/evolinux-whitelist-defaults.conf @@ -5,9 +5,9 @@ ^backports\.debian\.org$ ^www\.kernel\.org$ ^hwraid\.le-vert\.net$ -^.*clamav\.net$ +^.*\.clamav\.net$ ^spamassassin\.apache\.org$ -^.*sa-update.*$ +^.*\.sa-update.*$ ^pear\.php\.net$ ^repo\.mysql\.com$ @@ -18,12 +18,15 @@ ^ocsp\.usertrust\.com$ ### CMS / Wordpress / Drupal / ... + # Wordpress -^.*akismet\.com$ -^.*wordpress\.(org|com)$ -^.*gravatar\.com$ +^.*\.akismet\.com$ +^.*\.wordpress\.(org|com)$ +^.*\.gravatar\.com$ ^www\.wordpress-fr\.net$ ^pixel\.wp\.com$ +^wp-updates\.com$ + # Wordpress pingback ^rpc\.pingomatic\.com$ ^blo\.gs$ @@ -53,12 +56,13 @@ ^geourl\.org$ ^ipings\.com$ ^www\.weblogalot\.com$ + # Wordpress plugins -^.*wpml\.org$ +^.*\.wpml\.org$ ^www\.wpcube\.co\.uk$ -^.*wp-rocket\.me$ +^.*\.wp-rocket\.me$ ^www\.yithemes\.com$ -^.*yoast\.com$ +^.*\.yoast\.com$ ^yarpp\.org$ ^repository\.kreaturamedia\.com$ ^api\.wp-events-plugin\.com$ @@ -69,21 +73,27 @@ ^vimeo\.com$ ^api\.genesistheme\.com$ ^www\.bolderelements\.net$ +^wpbakery\.com$ +^backwpup\.com$ + # Magento Plugins ^extensions\.activo\.com$ ^amasty\.com$ + # Joomla -^.*.joomla\.org$ +^.*\.joomla\.org$ ^getk2\.org$ ^miwisoft\.com$ ^mijosoft\.com$ ^www\.joomlaworks\.net$ ^cdn\.joomlaworks\.org$ ^download\.regularlabs\.com$ + # Prestashop -^.*.prestashop\.com$ +^.*\.prestashop\.com$ ^www\.presta-module\.com$ ^www\.presteamshop\.com$ + # Others ^.*.drupal\.org$ ^.*\.dotclear\.(net|org)$ @@ -92,7 +102,9 @@ ^www\.spip\.net$ ### Feeds / API / WS Tools / ... + # Google + ^.*\.googleapis\.com$ ^.*\.google-analytics\.com$ ^blogsearch\.google\.(com|fr)$ @@ -100,16 +112,19 @@ ^maps\.google\..*$ ^translate\.google\.com$ ^www\.google\.com$ + # Facebook ^.*\.facebook\.com$ ^.*\.fbcdn\.net$ + # Maxmind ^geolite\.maxmind\.com$ + # Others -#^.*amazon.com$ -^.*twitter\.com$ -^.*feedburner\.com$ -^.*openx\.(org|com|net)$ +#^.*\.amazon.com$ +^.*\.twitter\.com$ +^.*\.feedburner\.com$ +^.*\.openx\.(org|com|net)$ ^geoip-api\.meteor\.com$ ^www\.bing\.com$ ^www\.telize\.com$ @@ -125,3 +140,5 @@ ^jenkins\.mirror\.isppower\.de$ ^ftp\.icm\.edu\.pl$ ^apt\.newrelic\.com$ +^.*\.cloudfront\.net$ +^api\.mailjet\.com$ diff --git a/squid/files/whitelist-evolinux.conf b/squid/files/whitelist-evolinux.conf index 5c22f4a7..bd3f33e0 100644 --- a/squid/files/whitelist-evolinux.conf +++ b/squid/files/whitelist-evolinux.conf @@ -1,13 +1,13 @@ ### Evolix & System -http://.*evolix.(net|org|com|fr)/.* -http://.*debian.org/.* +http://.*.evolix.(net|org|com|fr)/.* +http://.*.debian.org/.* http://www.backports.org/.* http://backports.debian.org/.* http://www.kernel.org/.* http://hwraid.le-vert.net/.* -http://.*clamav.net/.* +http://.*.clamav.net/.* http://spamassassin.apache.org/.* -http://.*sa-update.* +http://.*.sa-update.* http://pear.php.net/.* http://repo.mysql.com/.* @@ -18,12 +18,15 @@ http://.*.letsencrypt.org/.* http://ocsp.usertrust.com/.* ### CMS / Wordpress / Drupal / ... + # Wordpress -http://.*akismet.com/.* -http://.*wordpress.(org|com)/.* -http://.*gravatar.com/.* +http://.*.akismet.com/.* +http://.*.wordpress.(org|com)/.* +http://.*.gravatar.com/.* http://www.wordpress-fr.net/.* http://pixel.wp.com/.* +http://wp-updates.com/.* + # Wordpress pingback http://rpc.pingomatic.com/.* http://blo.gs/ping.php @@ -53,12 +56,13 @@ http://www.pingmyblog.com/.* http://geourl.org/ping http://ipings.com/.* http://www.weblogalot.com/ping + # Wordpress plugins -http://.*wpml.org/.* +http://.*.wpml.org/.* http://www.wpcube.co.uk/.* -http://.*wp-rocket.me/.* +http://.*.wp-rocket.me/.* http://www.yithemes.com/.* -http://.*yoast.com/.* +http://.*.yoast.com/.* http://yarpp.org/.* http://repository.kreaturamedia.com/.* http://api.wp-events-plugin.com/.* @@ -66,12 +70,16 @@ http://updates.themepunch.com/.* http://themeisle.com/.* http://download.advancedcustomfields.com/.* http://wpcdn.io/.* -http://vimeo.com/channels/wpetourisme/videos/rss +http://vimeo.com/.* http://api.genesistheme.com/update-themes/ http://www.bolderelements.net/updates/.* + # Magento Plugins http://extensions.activo.com/.* http://amasty.com/.* +http://backwpup.com/.* +http://wpbakery.com/.* + # Joomla http://.*.joomla.org/.* http://getk2.org/.* @@ -80,10 +88,12 @@ http://mijosoft.com/.* http://www.joomlaworks.net/.* http://cdn.joomlaworks.org/.* http://download.regularlabs.com/.* + # Prestashop http://.*.prestashop.com/.* http://www.presta-module.com/.* http://www.presteamshop.com/.* + # Others http://.*.drupal.org/.* http://.*.dotclear.(net|org)/.* @@ -92,6 +102,7 @@ http://www.typolight.org/.* http://www.spip.net/.* ### Feeds / API / WS Tools / ... + # Google http://.*.googleapis.com/.* http://.*.google-analytics.com/.* @@ -100,21 +111,24 @@ http://csi.gstatic.com/.* http://maps.google.*/.* http://translate.google.com/.* http://www.google.com/webmasters/tools/.* + # Facebook http://.*.facebook.com/.* http://.*.fbcdn.net/.* + # Maxmind http://geolite.maxmind.com/.* + # Others -http://.*amazon.com/.* -http://.*twitter.com/.* -http://.*feedburner.com/.* -http://.*openx.(org|com|net)/.* +#http://.*.amazon.com/.* +http://.*.twitter.com/.* +http://.*.feedburner.com/.* +http://.*.openx.(org|com|net)/.* http://geoip-api.meteor.com/.* http://www.bing.com/.* http://www.telize.com/.* -http://.*ident.me/.* -http://.*icanhazip.com/.* +http://.*.ident.me/.* +http://.*.icanhazip.com/.* http://www.express-mailing.com/.* http://bot.whatismyipaddress.com/.* http://ipecho.net/.* @@ -125,3 +139,5 @@ http://mirrors.jenkins.io/.* http://jenkins.mirror.isppower.de/.* http://ftp.icm.edu.pl/.* http://apt.newrelic.com/.* +http://.*.cloudfront.net/.* +http://api.mailjet.com/.* From 5091157b186b1be0c1ef2f84e6caec8c8edb5730 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 16 May 2018 11:03:24 +0200 Subject: [PATCH 11/15] Elasticsearch: defaults to version 6.x --- elasticsearch/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elasticsearch/defaults/main.yml b/elasticsearch/defaults/main.yml index 02dd0d5a..8b5dd20e 100644 --- a/elasticsearch/defaults/main.yml +++ b/elasticsearch/defaults/main.yml @@ -1,5 +1,5 @@ --- -elastic_stack_version: "5.x" +elastic_stack_version: "6.x" elasticsearch_cluster_name: Null elasticsearch_node_name: "${HOSTNAME}" From 2451e4d3fa499f7fc44e875909c1b85fbc040da0 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 16 May 2018 11:06:06 +0200 Subject: [PATCH 12/15] Changelog for NTP changes --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 57331aa9..22005a64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ The **patch** part changes incrementally at each release. ### Fixed * evolinux-users: secondary groups are comma-separated +* ntpd: fix configuration (server and ACL) ### Security From 3dd1df82363179d3e7eba62300b6e0d1cb851278 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 16 May 2018 11:07:12 +0200 Subject: [PATCH 13/15] Changelog for varnish changes --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 22005a64..e1e7cea5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ The **patch** part changes incrementally at each release. ### Fixed * evolinux-users: secondary groups are comma-separated * ntpd: fix configuration (server and ACL) +* varnish: don't fork the process on startup with systemd ### Security From 4d148579c4a1a683ca82ff0d596c55f86e5b2573 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 16 May 2018 11:08:18 +0200 Subject: [PATCH 14/15] Changelog for elasticsearch changes --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1e7cea5..79119a0d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ The **patch** part changes incrementally at each release. * filebeat: install version 6.x by default * filebeat: cleanup unused code * squid: add some domaine and fix broken restrictions +* elasticsearch: defaults to version 6.x ### Fixed * evolinux-users: secondary groups are comma-separated From 4f4b7cd8dcb7ff5cc569f28280ca5a4a9216b65e Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 16 May 2018 11:10:31 +0200 Subject: [PATCH 15/15] Release 9.2.0 --- CHANGELOG.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79119a0d..056650ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,14 @@ The **patch** part changes incrementally at each release. ### Added +### Changed + +### Fixed + +### Security + +## [9.2.0] - 2018-05-16 + ### Changed * filebeat: install version 6.x by default * filebeat: cleanup unused code @@ -23,8 +31,6 @@ The **patch** part changes incrementally at each release. * ntpd: fix configuration (server and ACL) * varnish: don't fork the process on startup with systemd -### Security - ## [9.1.9] - 2018-04-24 ### Added