diff options
Diffstat (limited to 'roles/common/files')
| -rw-r--r-- | roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades | 2 | ||||
| -rw-r--r-- | roles/common/files/etc/apt/listchanges.conf | 2 | ||||
| -rw-r--r-- | roles/common/files/etc/default/rkhunter | 2 | ||||
| -rw-r--r-- | roles/common/files/etc/logcheck/logcheck.conf | 2 | ||||
| -rw-r--r-- | roles/common/files/etc/rkhunter.conf | 2 | ||||
| -rwxr-xr-x | roles/common/files/usr/local/bin/genkeypair.sh | 2 |
6 files changed, 6 insertions, 6 deletions
diff --git a/roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades b/roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades index fd7cf1d..6f71ce6 100644 --- a/roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades +++ b/roles/common/files/etc/apt/apt.conf.d/50unattended-upgrades @@ -74,41 +74,41 @@ Unattended-Upgrade::Package-Blacklist { // they can be interrupted with SIGTERM. This makes the upgrade // a bit slower but it has the benefit that shutdown while a upgrade // is running is possible (with a small delay) //Unattended-Upgrade::MinimalSteps "true"; // Install all updates when the machine is shutting down // instead of doing it in the background while the machine is running. // This will (obviously) make shutdown slower. // Unattended-upgrades increases logind's InhibitDelayMaxSec to 30s. // This allows more time for unattended-upgrades to shut down gracefully // or even install a few packages in InstallOnShutdown mode, but is still a // big step back from the 30 minutes allowed for InstallOnShutdown previously. // Users enabling InstallOnShutdown mode are advised to increase // InhibitDelayMaxSec even further, possibly to 30 minutes. //Unattended-Upgrade::InstallOnShutdown "false"; // Send email to this address for problems or packages upgrades // If empty or unset then no email is sent, make sure that you // have a working mail setup on your system. A package that provides // 'mailx' must be installed. E.g. "user@example.com" -Unattended-Upgrade::Mail "admin@fripost.org"; +Unattended-Upgrade::Mail "root@fripost.org"; // Set this value to one of: // "always", "only-on-error" or "on-change" // If this is not set, then any legacy MailOnlyOnError (boolean) value // is used to chose between "only-on-error" and "on-change" //Unattended-Upgrade::MailReport "on-change"; // Remove unused automatically installed kernel-related packages // (kernel images, kernel headers and kernel version locked tools). //Unattended-Upgrade::Remove-Unused-Kernel-Packages "true"; // Do automatic removal of newly unused dependencies after the upgrade //Unattended-Upgrade::Remove-New-Unused-Dependencies "true"; // Do automatic removal of unused packages after the upgrade // (equivalent to apt-get autoremove) //Unattended-Upgrade::Remove-Unused-Dependencies "false"; // Automatically reboot *WITHOUT CONFIRMATION* if // the file /var/run/reboot-required is found after the upgrade diff --git a/roles/common/files/etc/apt/listchanges.conf b/roles/common/files/etc/apt/listchanges.conf index cee0648..e17e36d 100644 --- a/roles/common/files/etc/apt/listchanges.conf +++ b/roles/common/files/etc/apt/listchanges.conf @@ -1,9 +1,9 @@ [apt] frontend=mail -email_address=admin@fripost.org +email_address=root@fripost.org confirm=0 save_seen=/var/lib/apt/listchanges.db which=news email_format=text headers=false reverse=false diff --git a/roles/common/files/etc/default/rkhunter b/roles/common/files/etc/default/rkhunter index 2e7fae7..49a63e8 100644 --- a/roles/common/files/etc/default/rkhunter +++ b/roles/common/files/etc/default/rkhunter @@ -1,34 +1,34 @@ # Defaults for rkhunter automatic tasks # sourced by /etc/cron.*/rkhunter and /etc/apt/apt.conf.d/90rkhunter # # This is a POSIX shell fragment # # Set this to yes to enable rkhunter daily runs # (default: false) CRON_DAILY_RUN="yes" # Set this to yes to enable rkhunter weekly database updates # (default: false) CRON_DB_UPDATE="yes" # Set this to yes to enable reports of weekly database updates # (default: false) DB_UPDATE_EMAIL="false" # Set this to the email address where reports and run output should be sent # (default: root) -REPORT_EMAIL="admin@fripost.org" +REPORT_EMAIL="root@fripost.org" # Set this to yes to enable automatic database updates # (default: false) APT_AUTOGEN="false" # Nicenesses range from -20 (most favorable scheduling) to 19 (least favorable) # (default: 0) NICE="10" # Should daily check be run when running on battery # powermgmt-base is required to detect if running on battery or on AC power # (default: false) RUN_CHECK_ON_BATTERY="false" diff --git a/roles/common/files/etc/logcheck/logcheck.conf b/roles/common/files/etc/logcheck/logcheck.conf index 4c7ff10..6e06450 100644 --- a/roles/common/files/etc/logcheck/logcheck.conf +++ b/roles/common/files/etc/logcheck/logcheck.conf @@ -8,41 +8,41 @@ # Controls the presence of boilerplate at the top of each message: # Alternatively, set to "0" to disable the introduction. # # If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt # are present their contents will be read and used as the header and # footer of any generated mails. INTRO=0 # Controls the level of filtering: # Can be Set to "workstation", "server" or "paranoid" for different # levels of filtering. Defaults to server if not set. REPORTLEVEL="server" # Controls the address mail goes to: # *NOTE* the script does not set a default value for this variable! # Should be set to an offsite "emailaddress@some.domain.tld" -SENDMAILTO="admin@fripost.org" +SENDMAILTO="root@fripost.org" # Send the results as attachment or not. # 0=not as attachment; 1=as attachment; 2=as gzip attachment # Default is 0 MAILASATTACH=0 # Should the hostname in the subject of generated mails be fully qualified? FQDN=1 # Controls whether "sort -u" is used on log entries (which will # eliminate duplicates but destroy the original ordering); the # default is to use "sort -k 1,3 -s": # Alternatively, set to "1" to enable unique sorting #SORTUNIQ=0 # Controls whether /etc/logcheck/cracking.ignore.d is scanned for # exceptions to the rules in /etc/logcheck/cracking.d: diff --git a/roles/common/files/etc/rkhunter.conf b/roles/common/files/etc/rkhunter.conf index e76ab77..8040c88 100644 --- a/roles/common/files/etc/rkhunter.conf +++ b/roles/common/files/etc/rkhunter.conf @@ -116,41 +116,41 @@ UPDATE_MIRRORS=0 # # Local and remote mirrors can be defined in the mirrors file by using the # 'local=' and 'remote=' keywords respectively. # # The default value is '0'. # MIRRORS_MODE=1 # # Email a message to this address if a warning is found when the system is # being checked. Multiple addresses may be specified simply be separating # them with a space. To disable the option, simply set it to the null string # or comment it out. # # The option may be specified more than once. # # The default value is the null string. # # Also see the MAIL_CMD option. # -MAIL-ON-WARNING=admin@fripost.org +MAIL-ON-WARNING=root@fripost.org # # This option specifies the mail command to use if MAIL-ON-WARNING is set. # # NOTE: Double quotes are not required around the command, but are required # around the subject line if it contains spaces. # # The default is to use the 'mail' command, with a subject line # of '[rkhunter] Warnings found for ${HOST_NAME}'. # #MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" # # This option specifies the directory to use for temporary files. # # NOTE: Do not use '/tmp' as your temporary directory. Some important files # will be written to this directory, so be sure that the directory permissions # are secure. # # The installer program will set the default directory. If this default is diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh index 72102f4..aecdaaf 100755 --- a/roles/common/files/usr/local/bin/genkeypair.sh +++ b/roles/common/files/usr/local/bin/genkeypair.sh @@ -145,41 +145,41 @@ fi if [ -z "$config" -a \( "$cmd" = x509 -o "$cmd" = csr \) ]; then config=$(mktemp) || exit 2 trap 'rm -f "$config"' EXIT # see /usr/share/ssl-cert/ssleay.cnf cat >"$config" <<- EOF [ req ] distinguished_name = req_distinguished_name prompt = no policy = policy_anything req_extensions = v3_req x509_extensions = v3_req [ req_distinguished_name ] organizationName = Fripost organizationalUnitName = SSLcerts $(echo "$ou") commonName = ${cn:-/} [ v3_req ] - subjectAltName = email:admin@fripost.org${dns:+, $dns} + subjectAltName = email:root@fripost.org${dns:+, $dns} basicConstraints = critical, CA:FALSE # https://security.stackexchange.com/questions/24106/which-key-usages-are-required-by-each-key-exchange-method keyUsage = critical, ${usage:-digitalSignature, keyEncipherment, keyCertSign} subjectKeyIdentifier = hash EOF fi if [ -s "$privkey" -a $force -eq 0 ]; then echo "Error: private key exists: $privkey" >&2 exit 1 elif [ ! -s "$privkey" -o $force -ge 2 ]; then install --mode="${mode:-0600}" ${owner:+--owner="$owner"} ${group:+--group="$group"} /dev/null "$privkey" || exit 2 openssl $genkey $genkeyargs >"$privkey" || exit 2 [ "$cmd" = dkim ] && exit fi if [ "$cmd" = x509 -a "$pubkey" = "$privkey" ]; then pubkey=$(mktemp) openssl req -config "$config" -new -x509 ${hash:+-$hash} -days 3650 -key "$privkey" >"$pubkey" || exit 2 cat "$pubkey" >>"$privkey" || exit 2 |