Jérémy Lecour
5bf82d117b
Don't copy empty files
2018-04-22 17:23:31 +02:00
Jérémy Lecour
8384e8ba43
evolinux: groups for SSH configuration are used with Debian 10 and later
2018-04-20 14:38:55 +02:00
Jérémy Lecour
e79640d770
evolinux: Name and improve compatibility checks
2018-04-20 14:38:55 +02:00
Benoît S.
cb941bfe61
webapps/evoadmin-web: Add example of logins vars
...
Examples are present in config.php but not config.local.php and can be
disturbing.
2018-04-20 14:18:49 +02:00
Jérémy Lecour
bc3b1182ea
evolinux-users: default to AllowGroups (for SSH) in Debian 10
2018-04-20 10:25:14 +02:00
Jérémy Lecour
792e319694
packweb-apache: install evoadmin as a dependency
...
A bug in Ansible 2.2 disables some included roles when dependencies have
a conditional evaluated to false.
2018-04-20 10:23:35 +02:00
Jérémy Lecour
d9767aeb86
whitespaces
2018-04-20 10:22:11 +02:00
Ludovic Poujol
da13a478c6
webapps/evoadmin-web : Name the fail task
2018-04-19 16:04:21 +02:00
Ludovic Poujol
e37b3f569a
generate-ldif: add a minifirewall service when /etc/default/minifirewall exists
2018-04-19 16:04:21 +02:00
Jérémy Lecour
92bb60495d
mysql: add a name attribute for systemd daemon-reload module
2018-04-19 15:44:05 +02:00
Jérémy Lecour
6daf6877c1
Merge branch 'ssh-groups' into unstable
2018-04-18 18:21:39 +02:00
Jérémy Lecour
43d86f5541
evolinux-users: cover more cases for AllowUsers/Groups in sshd config
2018-04-18 18:21:09 +02:00
Jérémy Lecour
2f631f1ae7
update Changelog
2018-04-18 12:16:57 +02:00
Jérémy Lecour
b0b4e13130
evolinux-users: Add users to group for SSH on Debian 9+
2018-04-18 12:16:04 +02:00
Jérémy Lecour
32c289d915
evolinux: improve case switching
...
A case was missing : no AllowUsers/AllowGroups, on Debian 9
2018-04-18 12:16:04 +02:00
Jérémy Lecour
5bcd7e44cf
evolinux-users: really look for evomaintenance
...
The file was missing in the grep command :/
2018-04-18 12:16:04 +02:00
Jérémy Lecour
a782ef3180
evolinux-users: better names for a fewtasks
2018-04-18 12:16:04 +02:00
Jérémy Lecour
dba26fbbaf
evolinux-users: sudoers file should be 0440 also in Stretch
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f065310ca6
evolinux-users: use command instead of shell when possible
2018-04-18 12:16:04 +02:00
Jérémy Lecour
2027420877
whitespaces
2018-04-18 12:16:04 +02:00
Jérémy Lecour
13abc44992
evolinux-users: use assert instead of fail
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f152ba66cd
evolinux-users: regroup tasks
...
1. create all accounts
2. configure sudo for everyone
3. configure ssh for everyone
2018-04-18 12:16:04 +02:00
Jérémy Lecour
e0ac7760f0
Use AllowGroups mode also if no AllowUsers is present at all
2018-04-18 12:16:04 +02:00
Jérémy Lecour
4fc58e4b1e
evolinux-users: rename included files
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b866b6fa0a
evolinux-base: fail2ban is not enabled by default
2018-04-18 12:15:43 +02:00
Jérémy Lecour
423acc79fd
mysql-oracle: copy evolinux config files in mysql.cond.d
2018-04-18 12:06:15 +02:00
Jérémy Lecour
cdbce0ae24
mysql-oracle: use systemd module to reload daemon
2018-04-18 12:05:09 +02:00
Jérémy Lecour
b843a528be
mysql: abort if MariaDB on Debian 8
...
We can't create other users with 'debian-sys-maint' on Debian 8 with
MariaDB.
We must give it the GRANT privilege before continuing.
2018-04-17 10:24:47 +02:00
Jérémy Lecour
602836a6e7
mysql: whitespaces
2018-04-17 10:24:12 +02:00
Jérémy Lecour
4749667f58
Release 9.1.8
2018-04-16 00:00:13 +02:00
Jérémy Lecour
ae6e376048
mysql: properly reload systemd
2018-04-15 23:58:31 +02:00
Jérémy Lecour
48dad83c4f
evomaintenance: remove double-quotes where not necessary
2018-04-15 22:25:44 +02:00
Victor LABORIE
4612c5ec89
packweb-apache: use check_mode for apg command
...
* Fix usage of packweb-apache role with --check
2018-04-13 12:13:43 +02:00
Victor LABORIE
81861bad80
mysql: use check_mode for apg command
...
* Fix usage of mysql role with --check
2018-04-13 12:08:58 +02:00
Victor LABORIE
f5a914bf63
Fix CHANGELOG
2018-04-13 12:05:48 +02:00
Victor LABORIE
ef127d89dc
packweb-apache: use dependencies instead of include_role for apache and php roles
2018-04-13 11:54:42 +02:00
Jérémy Lecour
619a0a8c72
Release 9.1.7
2018-04-06 10:49:23 +02:00
Jérémy Lecour
1194f75510
Merge branch 'lpoujol-listupgrade' into unstable
2018-04-06 10:44:07 +02:00
Jérémy Lecour
2e375b9506
update CHANGELOG
2018-04-06 10:43:38 +02:00
Ludovic Poujol
602c9fbf3b
listupgrade: Add service restart notification for squid
2018-04-06 10:42:46 +02:00
Ludovic Poujol
5650b79c81
listupgrade: Add service restart notification for libstdc++6
2018-04-06 10:42:46 +02:00
Jérémy Lecour
46a6a35486
evolinux-users: add check_minifirewall in sudoers commands
2018-04-06 10:36:48 +02:00
Jérémy Lecour
831b733dfe
minifirewall: nrpe/sudo config only if possible
2018-04-06 10:35:43 +02:00
Jérémy Lecour
baf6ddd66c
Merge branch 'check_minifirewall' into unstable
2018-04-06 09:54:21 +02:00
Jérémy Lecour
654c0a261f
update CHANGELOG
2018-04-06 09:53:37 +02:00
Jérémy Lecour
61c268b395
nagios-nrpe: add check_minifirewall by default
2018-04-06 09:52:18 +02:00
Jérémy Lecour
e984e46b83
minifirewall: nagios plugins directory is configurable
2018-04-06 09:52:18 +02:00
Jérémy Lecour
03c53433d6
Add minifirewal_status and check_minifirewall
...
minifirewall_status returns "started" on stdout and exit code 0,
or "stopped" on stdout and exit code 1. The state of minifirewall
is determined by looking for common iptables rules applied by
minifirewall.
check_minifirewall is an NRPE plugin for minifirewall. It returns:
* 0 (OK) if the firewall state is consistent with its configuration
(from the alert5 script)
* 1 (WARNING) if the firewall is started but alert5 is not configured
properly
* 2 (CRITICAL) if the firewall is not running but it should be.
2018-04-06 09:52:18 +02:00
Jérémy Lecour
c2ed10e2e4
CHANGELOG cleanup
2018-04-06 09:26:51 +02:00