| Commit message (Collapse) | Author | Age | Files | |
|---|---|---|---|---|
| * | genkeypair.sh: Merge privkey and pubkey for identical filekeys. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | Also, set ‘subjectKeyIdentifier = hash’ in the CSR. | |||
| * | rkhunter: Allow hidden dir /etc/.java | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | | ||||
| * | Configure ikiwiki (website + wiki). | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Install CAcert.org root certificates. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | XXX: this is a workaround the CAcert root CAs not being present in Jessie. In stretch, we would merely install the 'ca-cacert' package. | |||
| * | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Upgrade the MX configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed. | |||
| * | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 3 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | | ||||
| * | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Allow outgoing HKP and WHOIS traffic on the LDAP provider. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Allow outgoing SSH traffic. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Add wildcard Pin version in apt preferences. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Don't instal smartd on KVM guests. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Upgrade the common package list. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | Add a 'root' alias to root@fripost.org. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Upgrade samhain config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Upgrade custom logcheck-database to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Upgrade rkhunter config to Jessie. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | Upgrade amavis config to Jessie. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | Upgrade Postfix config to Jessie (MSA & outgoing proxy). | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Upgrade Dovecot config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Configure the list manager (Sympa). | Guilhem Moulin | 2015-06-07 | 5 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Enable the use of git:// clients. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Disable rsyslog's rate-limiting. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | The default for rsyslog v7, but not for rsyslog v5. | |||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | | ||||
| * | typo | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Key usage 'keyCertSign' is required for self-signed certificates. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | | ||||
| * | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | Amavis is logging to syslog with severity 'notice'. | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Don't install intel-microcode on Xen guests. | Guilhem Moulin | 2015-06-07 | 3 |
| | | | | | It should be installed on the dom0 instead. | |||
| * | Don't install smartd on Xen guests. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | S.M.A.R.T makes little sense for virtual HDDs. | |||
| * | Don't merge amavis' logs into /var/log/syslog. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | As they contain user information, we keep it in /var/log/mail.log only. These logs are kept for 3 days "only", as per our policy. | |||
| * | Install auditd. | Guilhem Moulin | 2015-06-07 | 3 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Replace Postgrey with postscreen. | Guilhem Moulin | 2015-06-07 | 2 |
| | | | | | | | | | | | | See http://www.postfix.org/POSTSCREEN_README.html and http://rob0.nodns4.us/postscreen.html It's infortunate that smtpd(8) cannot be chrooted any longer, which means that we have to un-chroot cleanup(8) as well. Indeed, currently smtpd(8) uses $virtual_alias_maps for recipient validation; later cleanup(8) uses it again for rewriting. So these processes need to be both chrooted, or both not. | |||
| * | wibble | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
| * | Fix NTP configuration. | Guilhem Moulin | 2015-06-07 | 3 |
| | | | | | We've yet to get authenticated time, though. | |||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 |
| | | ||||
| * | Ensure have a TLS policy for each of our host we want to relay to. | Guilhem Moulin | 2015-06-07 | 2 |
| | | ||||
| * | typo | Guilhem Moulin | 2015-06-07 | 1 |
| | | ||||
 |
index : fripost-ansible | |
| Fripost ansible scripts |
| summaryrefslogtreecommitdiffstats |