summaryrefslogtreecommitdiffstats
path: root/roles/common/files/usr
Commit message (Expand)AuthorAgeFiles
* firewall: gracefully close invalid connections.Guilhem Moulin2018-12-221
* Firewall: REJECT outgoing connections instead of DROPing them.Guilhem Moulin2018-12-091
* DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.Guilhem Moulin2018-12-051
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-031
* Firewall: allow duplicates rules.Guilhem Moulin2016-09-181
* IPSec → IPsecGuilhem Moulin2016-06-291
* update-firewall.sh: COMMIT empty iptables rule files.Guilhem Moulin2016-06-291
* typoGuilhem Moulin2016-05-241
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-241
* genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...Guilhem Moulin2016-05-222
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-221
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-181
* typoGuilhem Moulin2015-12-041
* genkeypair: use install(1) for atomic file creation with permission mode.Guilhem Moulin2015-10-282
* Use a single LDAP connection per Munin round to collect slapd statistics.Guilhem Moulin2015-06-112
* slapd monitoring.Guilhem Moulin2015-06-101
* Configure munin nodes & master.Guilhem Moulin2015-06-107
* firewall: allow 127.0.0.1/8 on lo.Guilhem Moulin2015-06-071
* genkeypair.sh: Merge privkey and pubkey for identical filekeys.Guilhem Moulin2015-06-071
* logjam mitigation.Guilhem Moulin2015-06-072
* Key usage 'keyCertSign' is required for self-signed certificates.Guilhem Moulin2015-06-071
* 'default_days' in openssl.cnf doesn't work, use -days instead.Guilhem Moulin2015-06-071
* Add ability to add custom OrganizationalUnits in genkeypair.Guilhem Moulin2015-06-071
* Add ability to chmod, chown and set the key usage in genkeypair.Guilhem Moulin2015-06-071
* Install amavisd-new on the outgoing SMTP proxy.Guilhem Moulin2015-06-071
* Make genkeypair.sh able to display TXT record for DKIM signatures.Guilhem Moulin2015-06-071
* Add support for CSR and subjectAltName in genkeypair.sh.Guilhem Moulin2015-06-071
* Don't require a PKI for IPSec.Guilhem Moulin2015-06-071
* Replace mktemp's deprecated -t option by --tmpdir.Guilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-071
* Reformulate the headers showing the license.Guilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-071
* Replace the 'syslog' facility (5) by 'user' (1).Guilhem Moulin2015-06-071
* wibbleGuilhem Moulin2015-06-071
* Be more specific regarding the protocol in use for IPSec policies.Guilhem Moulin2015-06-071
* Prohibit binding against the IP reserved for IPSec.Guilhem Moulin2015-06-071
* Prefer maching on policy rather than marks.Guilhem Moulin2015-06-071
* Preserve canonical the order of IP tables.Guilhem Moulin2015-06-071
* Documentation.Guilhem Moulin2015-06-071
* Use a dedicated, non-routable, IPv4 for IPSec.Guilhem Moulin2015-06-071
* Major refactoring of the firewall.Guilhem Moulin2015-06-071
* Don't save dynamic rules.Guilhem Moulin2015-06-071
* Use a dedicated 'fail2ban' chain for fail2ban.Guilhem Moulin2015-06-071
* Add a 'check' switch to the firewall.Guilhem Moulin2015-06-071
* Configure v4 and v6 iptable rulesets.Guilhem Moulin2015-06-071