Commit message (Collapse) | Author | Age | Files | ||
---|---|---|---|---|---|
... | |||||
* | Prefer '/usr/sbin/nologin' over '/bin/false' for system users. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Configure ikiwiki (website + wiki). | Guilhem Moulin | 2015-06-07 | 7 | |
| | |||||
* | Git (gitolite + git-http-backend + gitweb) configuration | Guilhem Moulin | 2015-06-07 | 9 | |
| | | | | | | | | | | | By default repos are be readable by gitweb and the web server ('gitweb' and 'www-data' are both in the 'gitolite' group). Private repo owners will have 'chmod -R og-rwx' manually. To automatically add new repos to gitweb's 'project.list' file, make it readable to the special 'gitweb' user. See /usr/share/doc/gitolite3/README.txt.gz for details. | ||||
* | Install CAcert.org root certificates. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | XXX: this is a workaround the CAcert root CAs not being present in Jessie. In stretch, we would merely install the 'ca-cacert' package. | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Enforce "strong" authentication and FPS in LDAP. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | Which is now possible since all LDAP clients and servers have been upgraded to Jessie, and Postfix is now able to perform SASL binds. | ||||
* | Upgrade the webmail configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 6 | |
| | |||||
* | Upgrade the MX configuration from Wheezy to Jessie. | Guilhem Moulin | 2015-06-07 | 11 | |
| | | | | | | In particular, since Postfix is now able to perform LDAP lookups using SASL, previous hacks with simble binds on cn=postfix,ou=services,… can now be removed. | ||||
* | logjam mitigation. | Guilhem Moulin | 2015-06-07 | 10 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Don't restart sympa on logrotate. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | This is unnecessary since it uses syslog. | ||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Allow outgoing HKP and WHOIS traffic on the LDAP provider. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Allow outgoing SSH traffic. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Add wildcard Pin version in apt preferences. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Don't instal smartd on KVM guests. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Upgrade the common package list. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Add a 'root' alias to root@fripost.org. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Upgrade samhain config to Jessie. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Upgrade custom logcheck-database to Jessie. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Fix tab damage. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Upgrade rkhunter config to Jessie. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Upgrade amavis config to Jessie. | Guilhem Moulin | 2015-06-07 | 4 | |
| | |||||
* | Upgrade Postfix config to Jessie (MSA & outgoing proxy). | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Upgrade Dovecot config to Jessie. | Guilhem Moulin | 2015-06-07 | 13 | |
| | |||||
* | Configure the list manager (Sympa). | Guilhem Moulin | 2015-06-07 | 25 | |
| | |||||
* | Upgrade the LDAP config to Jessie. | Guilhem Moulin | 2015-06-07 | 5 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Enable the use of git:// clients. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Disable rsyslog's rate-limiting. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | The default for rsyslog v7, but not for rsyslog v5. | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Don't make Roundcube add a 'X-Sender' header with the sender's identity. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | typo | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Roundcube's 'password' plugin. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Key usage 'keyCertSign' is required for self-signed certificates. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Add a keyring and alternative contact to the LDAP DIT. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | wibble | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 3 | |
| | |||||
* | Remove reject_unknown_sender_domain from the MDA and outgoing SMTP. | Guilhem Moulin | 2015-06-07 | 2 | |
| | | | | | | | | | | We already removed it from the MX:es (see 32e605d4); we need to remove it from the MDA and outgoing SMTP as well, otherwise mails could bounce or get stuck in the middle (the're rejected with 450: deferred by default). However we can keep the restriction on the entry points (MSA and webmail). | ||||
* | More logcheck-database tweaks. | Guilhem Moulin | 2015-06-07 | 2 | |
| | |||||
* | Amavis is logging to syslog with severity 'notice'. | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | typo | Guilhem Moulin | 2015-06-07 | 1 | |
| | |||||
* | Don't install intel-microcode on Xen guests. | Guilhem Moulin | 2015-06-07 | 3 | |
| | | | | It should be installed on the dom0 instead. | ||||
* | Don't install smartd on Xen guests. | Guilhem Moulin | 2015-06-07 | 2 | |
| | | | | S.M.A.R.T makes little sense for virtual HDDs. | ||||
* | Don't merge amavis' logs into /var/log/syslog. | Guilhem Moulin | 2015-06-07 | 1 | |
| | | | | | As they contain user information, we keep it in /var/log/mail.log only. These logs are kept for 3 days "only", as per our policy. | ||||
* | Install auditd. | Guilhem Moulin | 2015-06-07 | 3 | |
| |