Romain Dessort
0f12501760
Add security-cdn.debian.org to HTTPSITES whitelist
...
Debian migrated its security.debian.org repository to Fastly CDN
(security-cdn.debian.org) so we have to whitelist it too to make
security upgrades possible.
2018-01-29 11:15:11 -05:00
Gregory Colpart
fb6cb79b41
Keep read right on group for software with non-root access like OpenLDAP
2018-01-28 17:13:23 +01:00
Victor LABORIE
4fd4e0d96d
ldap|nagios-nrpe: use external file for NRPE credentials
2018-01-24 16:49:07 +01:00
Jérémy Lecour
3bbc1be977
nagios-nrpe: document new variable
2018-01-23 18:34:04 +01:00
Jérémy Lecour
8bd94a7c44
fail2ban: fix horrible typo, Python is not Ruby
2018-01-23 18:31:31 +01:00
Jérémy Lecour
6ed1f04c85
nagios-nrpe: allowed_hosts can be updated
2018-01-23 17:41:58 +01:00
Jérémy Lecour
19b2da5b92
evoacme: exclude typical certbot directories
2018-01-22 18:27:37 +01:00
Jérémy Lecour
88bdf270d7
Added emphasis on version number significance
2018-01-22 18:27:37 +01:00
Benoît S.
3ef353761f
nagios-nrpe: Add --sni to check_https
...
Why? Because we want to use the right server name when checking.
And if you have a strict-sni enabled server you will have an error.
CRITICAL - Cannot
make SSL connection. 139749570156288:error:14094458:SSL
routines:ssl3_read_bytes:tlsv1 unrecognized
name:../ssl/record/rec_layer_s3.c:1399:SSL alert number 112
2018-01-22 12:14:27 +01:00
Jérémy Lecour
1f007c1ff0
update changelog
2018-01-20 19:57:58 +01:00
Jérémy Lecour
b4ffe48282
Changelog: backfill of a few releases
2018-01-20 19:55:41 +01:00
Jérémy Lecour
ad80bc9ff7
mongodb: install python-pymongo for monitoring
...
Backport from commit 0858f53b2a70718d8b1f4567a4348c3e9b5c4faf
2018-01-20 19:33:18 +01:00
Jérémy Lecour
141da62b9f
Changelog: backfill previous release notes (9.1.4 and 9.1.3)
2018-01-18 23:37:56 +01:00
Jérémy Lecour
25a5ffd6ef
fail2ban: Install munin plugin if available
2018-01-18 23:17:20 +01:00
Jérémy Lecour
cf8b110abb
Add a changelog
2018-01-18 18:41:15 +01:00
Jérémy Lecour
25a47173b8
create server status parent directory if missing
2018-01-18 17:17:34 +01:00
Jérémy Lecour
86c2bcb398
apache: /usr/share/scripts exists
2018-01-18 17:08:29 +01:00
Jérémy Lecour
1b5cb850fb
evocheck: add tags
2018-01-18 17:05:51 +01:00
Victor LABORIE
a8f7a7748e
unbound: retrieve list of root DNS servers
2018-01-11 12:41:40 +01:00
Victor LABORIE
d9756702f6
redmine: force xpath < 3.0.0 (for ruby 2.1 support)
2018-01-08 14:44:22 +01:00
Jérémy Lecour
ca738edcfa
evomaintenance: explicit quotes
2018-01-05 10:43:04 +01:00
Jérémy Lecour
8f88a48e15
evoacme cron task : improve readability
...
* use long form options
* break line before pipe
2018-01-03 10:12:14 +01:00
Jérémy Lecour
316fabeabe
Merge branch 'server-status-suffix' into unstable
2018-01-03 10:06:47 +01:00
Jérémy Lecour
b634840b42
apache/nginx: server status suffix
2018-01-03 10:05:20 +01:00
Jérémy Lecour
08d544668b
evolinux-base: create /etc/evolinux
2018-01-03 10:05:20 +01:00
Jérémy Lecour
28954e634c
whitespaces
2018-01-03 10:05:20 +01:00
Benoît S.
5c3b375b25
Merge branch 'evoacme-fix-empty-certs-cron-daily' into unstable
2018-01-03 10:01:47 +01:00
Benoît S.
edf7bceee6
Add -r to xargs arguments
...
Why? Because if there is no certificates in /etc/letsencrypt it will call
evoacme with no args, resulting in an error.
2018-01-03 10:00:22 +01:00
Jérémy Lecour
e8c0e43cf0
evomaintenance: add some tags on tasks
2018-01-02 16:45:45 +01:00
Victor LABORIE
f09d93aadb
evolinux-base: purge locate/mlocate by default
2018-01-02 15:11:27 +01:00
Jérémy Lecour
a59b0d8914
squid: fix template path
2017-12-29 15:14:24 +01:00
Jérémy Lecour
d8e88b1958
Redis: fix typo in shell command
2017-12-29 11:18:27 +01:00
Jérémy Lecour
298f3ddcf0
Redis: proetcted-mode is supported in Redis 3.2+
2017-12-28 17:28:31 +01:00
Jérémy Lecour
0884063a69
evocheck: add the commit
...
It helps detecting it's from the sources not the package.
2017-12-28 15:05:27 +01:00
Jérémy Lecour
215d83f0b4
bind: keep 52 weeks of logs
2017-12-28 11:27:36 +01:00
Jérémy Lecour
c1169f86f1
Squid: replace logrotate file if default
2017-12-28 11:16:06 +01:00
Jérémy Lecour
432a89fe40
evomaintenance: force permissions on config file
2017-12-28 11:01:52 +01:00
Jérémy Lecour
290dfd300a
evolinux-users: add users to adm group for Stretch
2017-12-28 11:01:31 +01:00
Jérémy Lecour
03c0f0c536
evocheck: update embedded script
2017-12-27 16:44:54 +01:00
Jérémy Lecour
ec1252f4ba
whitespaces
2017-12-27 15:36:45 +01:00
Jérémy Lecour
3a9d8805de
Rbenv: use Ruby 2.5 by default
2017-12-27 15:36:25 +01:00
Jérémy Lecour
55d31f7288
Redis: configuration for "protected-mode" + tags
2017-12-27 15:10:59 +01:00
Jérémy Lecour
aeba94bcba
default/additional variables
...
List of hosts/ip are a combination of 2 lists allowing overrides
2017-12-20 18:04:54 +01:00
Jérémy Lecour
223bfbdc5a
Elasticsearch logs can have multiple patterns
2017-12-19 18:08:29 +01:00
Victor LABORIE
b3ec1f09b6
slapd: listen on 127.0.0.1:389 by default
2017-12-18 18:05:37 +01:00
Ludovic Poujol
b90260ae28
minifirewall: Make outgoing SSH in IPv6 works
2017-12-15 14:49:21 +01:00
Ludovic Poujol
bfb8a6cee8
evoadmin-web: No need to have config.local.php world readable
2017-12-15 14:48:32 +01:00
Ludovic Poujol
a2acd250a6
evolinux-base: have default_www files chmoded as 644
2017-12-13 15:44:16 +01:00
Ludovic Poujol
806df7d77a
nodejs: remove useless .list so we don't have nodesource.list.list
2017-12-13 15:41:45 +01:00
Benoît S.
9328618d6d
Add check_mysql_slave for nagios nrpe default config
2017-12-13 14:53:21 +01:00