summaryrefslogtreecommitdiffstats
path: root/roles/common/files
Commit message (Expand)AuthorAgeFiles
* Upgrade baseline to Debian 10.Guilhem Moulin2020-05-1611
* Improve/harden fail2ban configuration.Guilhem Moulin2020-01-255
* Convert firewall to nftables.Guilhem Moulin2020-01-234
* MSA: Open 465/TCP for Email Submission over TLS.Guilhem Moulin2019-03-191
* firewall: gracefully close invalid connections.Guilhem Moulin2018-12-221
* Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.Guilhem Moulin2018-12-093
* Disable resume device.Guilhem Moulin2018-12-091
* systemd.service: Tighten hardening options.Guilhem Moulin2018-12-092
* bacula-*.service: Don't fork in the background.Guilhem Moulin2018-12-091
* Upgrade 'lists' role to Debian Stretch.Guilhem Moulin2018-12-091
* systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.Guilhem Moulin2018-12-092
* Firewall: REJECT outgoing connections instead of DROPing them.Guilhem Moulin2018-12-091
* DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.Guilhem Moulin2018-12-051
* Postfix: replace cdb & btree tables with lmdb ones.Guilhem Moulin2018-12-031
* IPsec: allow ISAKMP over IPv6.Guilhem Moulin2018-12-031
* Upgrade baseline to Debian Stretch.Guilhem Moulin2018-12-039
* Skip samhain installation.Guilhem Moulin2018-12-031
* Harden anti spam on the MX:es.Guilhem Moulin2018-06-091
* More logcheck-database tweaks.Guilhem Moulin2018-04-043
* sympa: wibbleGuilhem Moulin2018-04-041
* Perform recipient address verification on the MSA itself.Guilhem Moulin2018-04-041
* More logcheck-database tweaks.Guilhem Moulin2017-09-143
* rkhunter: Disable remote updates to fix CVE-2017-7480.Guilhem Moulin2017-07-291
* Use MariaDB as default MySQL flavor.Guilhem Moulin2017-07-291
* More logcheck-database tweaks.Guilhem Moulin2017-06-071
* postfix-sender-login: wibbleGuilhem Moulin2017-06-051
* dovecot: enable user iteration and add a cronjob for `doveadm purge -A`Guilhem Moulin2017-06-051
* postfix: don't rate-limit our IPsec subnet.Guilhem Moulin2017-06-021
* /lib/systemd/system → /etc/systemd/systemGuilhem Moulin2017-05-313
* MSA: reject null sender address.Guilhem Moulin2017-05-141
* More logcheck-database tweaks.Guilhem Moulin2016-12-081
* Firewall: allow duplicates rules.Guilhem Moulin2016-09-181
* More logcheck-database tweaks.Guilhem Moulin2016-08-222
* Postfix: don't share the master.cf between the instances.Guilhem Moulin2016-07-101
* More logcheck-database tweaks.Guilhem Moulin2016-07-092
* IPSec → IPsecGuilhem Moulin2016-06-291
* More logcheck-database tweaks.Guilhem Moulin2016-06-293
* update-firewall.sh: COMMIT empty iptables rule files.Guilhem Moulin2016-06-291
* typoGuilhem Moulin2016-05-241
* IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication.Guilhem Moulin2016-05-241
* genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH par...Guilhem Moulin2016-05-222
* Tunnel bacula (dir → {fd,sd} and fd → sd) traffic through IPSec.Guilhem Moulin2016-05-221
* Set up IPSec tunnels between each pair of hosts.Guilhem Moulin2016-05-224
* postfix: master.cf wibbleGuilhem Moulin2016-05-181
* postfix: Update to recommended TLS settings.Guilhem Moulin2016-05-181
* Move /etc/ssl/private/dhparams.pem to /etc/ssl/dhparams.pem and make it public.Guilhem Moulin2016-05-181
* Add hardening options to our systemd unit files.Guilhem Moulin2016-05-121
* Use systemd unit files for stunnel4.Guilhem Moulin2016-05-123
* More logcheck-database tweaks.Guilhem Moulin2016-03-131
* More logcheck-database tweaks.Guilhem Moulin2016-02-171