| Commit message (Collapse) | Author | Age | Files | |
|---|---|---|---|---|
| * | Send internal system mails to root@f.o. | Guilhem Moulin | 39 hours | 5 |
| | | | | | Instead of admin@f.o. Per msgid=<ad724342-b3bb-48d9-9984-6d277714910d@fripost.org>. | |||
| * | Update logcheck database. | Guilhem Moulin | 2025-04-04 | 2 |
| | | ||||
| * | Update /etc/rkhunter.conf. | Guilhem Moulin | 2025-02-01 | 1 |
| | | ||||
| * | fail2ban: set 'allowipv6 = auto'. | Guilhem Moulin | 2025-01-28 | 1 |
| | | ||||
| * | Update logcheck database. | Guilhem Moulin | 2025-01-28 | 3 |
| | | ||||
| * | Update charon.conf for bookworm. | Guilhem Moulin | 2025-01-28 | 1 |
| | | ||||
| * | Update logcheck database. | Guilhem Moulin | 2025-01-28 | 3 |
| | | ||||
| * | Fail2ban: Remove obsolete filter dovecot.conf. | Guilhem Moulin | 2024-09-08 | 1 |
| | | ||||
| * | logcheck-database update. | Guilhem Moulin | 2024-09-08 | 2 |
| | | ||||
| * | Improve Debian 11's fail2ban rules. | Guilhem Moulin | 2022-12-18 | 4 |
| | | ||||
| * | Port baseline to Debian 11 (codename Bullseye). | Guilhem Moulin | 2022-10-13 | 9 |
| | | ||||
| * | logcheck-database update. | Guilhem Moulin | 2022-10-11 | 3 |
| | | ||||
| * | logcheck-database update. | Guilhem Moulin | 2021-02-13 | 1 |
| | | | | | ansible 2.10.7 uses "ansible-ansible.legacy.stat: Invoked with […]". | |||
| * | rkhunter: workaround for mix usrmerge/non-usrmerge environments. | Guilhem Moulin | 2020-11-15 | 1 |
| | | | | | See https://bugs.debian.org/932594#15 . | |||
| * | logcheck-database update. | Guilhem Moulin | 2020-11-15 | 4 |
| | | ||||
| * | Bacula: refactor systemd service files. | Guilhem Moulin | 2020-11-03 | 1 |
| | | | | | | | Use unit overrides on top of upstream's service files instead of overriding entire service files. In particular, upstream uses flag `-P` so we don't need to use RuntimeDirectory= anymore. | |||
| * | IMAP: Update role to Debian Buster. | Guilhem Moulin | 2020-05-19 | 1 |
| | | | | | | | | | For `ssl_cipher_list` we pick the suggested value from https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’ to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’. | |||
| * | stunnel4: Harden and socket-activate. | Guilhem Moulin | 2020-05-18 | 1 |
| | | ||||
| * | Upgrade baseline to Debian 10. | Guilhem Moulin | 2020-05-16 | 10 |
| | | ||||
| * | Improve/harden fail2ban configuration. | Guilhem Moulin | 2020-01-25 | 5 |
| | | | | | | | | | | * Use nftables sets with a timeout * Start daemon with a hardened unit file and restricted Capability Bounding Set. (This requires to change the log path to /var/log/fail2ban/*.) * Skip database as we don't care about persistence. * Refactor jail.local | |||
| * | Convert firewall to nftables. | Guilhem Moulin | 2020-01-23 | 2 |
| | | | | | Debian Buster uses the nftables framework by default. | |||
| * | MSA: Open 465/TCP for Email Submission over TLS. | Guilhem Moulin | 2019-03-19 | 1 |
| | | | | | See RFC 8314 sec. 3.3 "Cleartext Considered Obsolete". | |||
| * | Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch. | Guilhem Moulin | 2018-12-09 | 3 |
| | | ||||
| * | Disable resume device. | Guilhem Moulin | 2018-12-09 | 1 |
| | | | | | We don't need suspend-on-disk (hibernation). | |||
| * | systemd.service: Tighten hardening options. | Guilhem Moulin | 2018-12-09 | 2 |
| | | ||||
| * | bacula-*.service: Don't fork in the background. | Guilhem Moulin | 2018-12-09 | 1 |
| | | | | | Inspired from /lib/systemd/system/bacula-fd.service. | |||
| * | Upgrade 'lists' role to Debian Stretch. | Guilhem Moulin | 2018-12-09 | 1 |
| | | ||||
| * | systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’. | Guilhem Moulin | 2018-12-09 | 2 |
| | | | | | And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’. | |||
| * | Postfix: replace cdb & btree tables with lmdb ones. | Guilhem Moulin | 2018-12-03 | 1 |
| | | | | | Cf. lmdb_table(5). | |||
| * | IPsec: allow ISAKMP over IPv6. | Guilhem Moulin | 2018-12-03 | 1 |
| | | ||||
| * | Upgrade baseline to Debian Stretch. | Guilhem Moulin | 2018-12-03 | 8 |
| | | ||||
| * | Skip samhain installation. | Guilhem Moulin | 2018-12-03 | 1 |
| | | | | | It's become too verbose (too many false-positive)… | |||
| * | Harden anti spam on the MX:es. | Guilhem Moulin | 2018-06-09 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2018-04-04 | 3 |
| | | ||||
| * | sympa: wibble | Guilhem Moulin | 2018-04-04 | 1 |
| | | ||||
| * | Perform recipient address verification on the MSA itself. | Guilhem Moulin | 2018-04-04 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2017-09-14 | 3 |
| | | ||||
| * | rkhunter: Disable remote updates to fix CVE-2017-7480. | Guilhem Moulin | 2017-07-29 | 1 |
| | | ||||
| * | Use MariaDB as default MySQL flavor. | Guilhem Moulin | 2017-07-29 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2017-06-07 | 1 |
| | | ||||
| * | postfix-sender-login: wibble | Guilhem Moulin | 2017-06-05 | 1 |
| | | ||||
| * | dovecot: enable user iteration and add a cronjob for `doveadm purge -A` | Guilhem Moulin | 2017-06-05 | 1 |
| | | ||||
| * | postfix: don't rate-limit our IPsec subnet. | Guilhem Moulin | 2017-06-02 | 1 |
| | | ||||
| * | /lib/systemd/system → /etc/systemd/system | Guilhem Moulin | 2017-05-31 | 3 |
| | | ||||
| * | MSA: reject null sender address. | Guilhem Moulin | 2017-05-14 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2016-12-08 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2016-08-22 | 2 |
| | | ||||
| * | Postfix: don't share the master.cf between the instances. | Guilhem Moulin | 2016-07-10 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2016-07-09 | 2 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2016-06-29 | 3 |
| | | ||||
 |
index : fripost-ansible | |
| Fripost ansible scripts |
| summaryrefslogtreecommitdiffstats |