Release 10.0.0 #100
|
@ -15,8 +15,9 @@ The **patch** part changes incrementally at each release.
|
||||||
* apt: remove jessie/buster sources from Gandi servers
|
* apt: remove jessie/buster sources from Gandi servers
|
||||||
* certbot : new role to install and configure certbot
|
* certbot : new role to install and configure certbot
|
||||||
* evocheck: upstream version 19.10
|
* evocheck: upstream version 19.10
|
||||||
* evolinux-base: On debian 10 and later, add noexec on /dev/shm
|
|
||||||
* evolinux-base: default value for "evolinux_ssh_group"
|
* evolinux-base: default value for "evolinux_ssh_group"
|
||||||
|
* evolinux-base: install /sbin/deny
|
||||||
|
* evolinux-base: on debian 10 and later, add noexec on /dev/shm
|
||||||
* generate-ldif: support MariaDB 10.3
|
* generate-ldif: support MariaDB 10.3
|
||||||
* haproxy: add a variable to keep the existing configuration
|
* haproxy: add a variable to keep the existing configuration
|
||||||
* listupgrade: install old-kernel-autoremoval script
|
* listupgrade: install old-kernel-autoremoval script
|
||||||
|
|
3
evolinux-base/files/deny.sh
Normal file
3
evolinux-base/files/deny.sh
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
iptables -I INPUT -s $1 -j DROP
|
||||||
|
echo $1 >> /root/BLACKLIST-SSH
|
|
@ -191,4 +191,15 @@
|
||||||
replace: "auto"
|
replace: "auto"
|
||||||
when: evolinux_system_eni_auto and grep_hotplug_eni.rc == 0
|
when: evolinux_system_eni_auto and grep_hotplug_eni.rc == 0
|
||||||
|
|
||||||
|
## /sbin/deny
|
||||||
|
|
||||||
|
- name: "/sbin/deny script is present"
|
||||||
|
copy:
|
||||||
|
src: deny.sh
|
||||||
|
dest: /sbin/deny
|
||||||
|
mode: "0700"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: no
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
Loading…
Reference in a new issue