summaryrefslogtreecommitdiffstats
path: root/roles/common/handlers
Commit message (Collapse)AuthorAgeFiles
* Configure NTP.Guilhem Moulin2015-06-071
| | | | | | We use a "master" NTP server, which synchronizes against stratum 1 servers (hence is a stratum 2 itself); all other clients synchronize to this master server through IPSec.
* Reorganization.Guilhem Moulin2015-06-071
|
* Common LDAP (slapd) configuration.Guilhem Moulin2015-06-071
|
* Postfix master (nullmailer) configurationGuilhem Moulin2015-06-071
| | | | We use a dedicated instance for each role: MDA, MTA out, MX, etc.
* Don't start daemons when there is a triggered handler.Guilhem Moulin2015-06-071
| | | | This is pointless since the service will be restarted anyway.
* Use a dedicated, non-routable, IPv4 for IPSec.Guilhem Moulin2015-06-071
| | | | | | | At the each IPSec end-point the traffic is DNAT'ed to / MASQUERADE'd from our dedicated IP after ESP decapsulation. Also, some IP tables ensure that alien (not coming from / going to the tunnel end-point) is dropped.
* Don't save dynamic rules.Guilhem Moulin2015-06-071
| | | | | These rules are automatically included by third-party servers such as strongSwan or fail2ban.
* Configure IPSec.Guilhem Moulin2015-06-071
|
* Configure fail2ban.Guilhem Moulin2015-06-071
|
* Configure rkhunter.Guilhem Moulin2015-06-071
|
* Configure samhain.Guilhem Moulin2015-06-071
|
* Configure v4 and v6 iptable rulesets.Guilhem Moulin2015-06-071
|
* Configure APT.Guilhem Moulin2015-06-071
|
* Configure /etc/{hosts,hostname,mailname}.Guilhem Moulin2015-06-071