sovereign

Autors	SHA1	Ziņojums	Datums
Sebastian Kriems	968abba197	ufw tasks shall have the ufw tag resolves #453	9 gadus atpakaļ
Sven Neuhaus	20bd80c599	Generate 2048 DH group and add it to Postfix	9 gadus atpakaļ
Dan Milon	34f3a483aa	Add SSL stapling cache for apache Fixes #406	9 gadus atpakaļ
Dan Milon	a419d9403b	restart apache on SSL changes	9 gadus atpakaļ
Dan Milon	e063abaa51	properly install changed SSL certificate	9 gadus atpakaļ
Laurent Arnoud	dfb1b764d7	Use common_timezone and fix idempotence Thanks-to: 8e693b3db3	9 gadus atpakaļ
Laurent Arnoud	a09e2e71c1	tar used in place of unarchive module	10 gadus atpakaļ
Laurent Arnoud	311fae7e11	Trailing whitespace	10 gadus atpakaļ
Laurent Arnoud	3b8f15b745	Added whois for fail2ban report Report will print: "missing whois program"	10 gadus atpakaļ
Will McCutchen	16b66cc849	Define apache SSL config in one place	10 gadus atpakaļ
Manfred Touron	16c93ea486	Using more verbose 'dependencies' tag (#393)	10 gadus atpakaļ
Manfred Touron	b49f3a6586	Tagged 'deps' aptitude tasks	10 gadus atpakaļ
Laurent Arnoud	353e69d299	Remove duplication with items unattended upgrades	10 gadus atpakaļ
Laurent Arnoud	89d47731ff	Add molly-guard and unattended-upgrades as common pkgs	10 gadus atpakaļ
Alex Payne	b11fb68559	Automatically set up passwordless sudo for deploy user. Closes #343.	10 gadus atpakaļ
Aleksandr Bogdanov	a849948e8d	Choosing the closest ubuntu mirror before anything else	10 gadus atpakaļ
Sven Neuhaus	ae58053653	Create /decrypted directory even if encfs is not used. Helps with issue #120.	10 gadus atpakaļ
Sven Neuhaus	d5217ea1cd	Create main user without "fuse" group, instead add it later as part of the "encfs" tag. This allows the user to make encfs optional. Helps with issue #120.	10 gadus atpakaļ
Marius Voila	b13ab39f11	cleaning security.yml	10 gadus atpakaļ
fengor	7ed46f590c	renamed templates to be consistent with coding standard. removed comment line in ssh_config	10 gadus atpakaļ
fengor	2fd1e1b722	readded google authenticator lines	10 gadus atpakaļ
fengor	224e8cb339	Setting timezone to UTC	10 gadus atpakaļ
fengor	39566abb6c	More secure defaults for ssh. Ciphers, Kex and MAC can be set via defaults.var	10 gadus atpakaļ
Marius Voila	e62bd7c71a	fail2ban support for Trusty	10 gadus atpakaļ
Anthony Perez-sanz	cdf9ed07bb	Enable UFW after setting firewall rules On fresh installs of Debian 7.6, the current order of steps will lock you out of SSH. This will enable UFW after creating rules for http, https, ssh, and DNS. Fix comes from @Debugreality in issue #303: https://github.com/al3x/sovereign/issues/303	10 gadus atpakaļ
Lorenzo Villani	5d1090d488	Make sure fail2ban is started	11 gadus atpakaļ
Lorenzo Villani	d5ecf673d3	Calm OCD by sorting almost every with_items block in alphabetical order	11 gadus atpakaļ
Lorenzo Villani	e7703d0d9c	Add support for Apache 2.4 on Ubuntu 14.04	11 gadus atpakaļ
Lorenzo Villani	e2e61a2f76	Install 'fuse' instead of 'fuse-utils' The 'fuse-utils' package doesn't exist on Ubuntu 14.04 and is marked as a transitional package on both Debian 7 and Ubuntu 12.04 that installs the 'fuse' package. Since Debian 7 is the officially supported distribution we can safely switch to install 'fuse' instead of 'fuse-utils' and we also gain compatibility with Ubuntu 14.04.	11 gadus atpakaļ
Sven Neuhaus	63ba754eb7	libpam-google-authenticator uses distribution package on Ubuntu 14.04	11 gadus atpakaļ
Gelnior	7995bac36c	put back enc.fs (removed by mistake)	11 gadus atpakaļ
Gelnior	bd57edd5a5	newebe config: fix Newebe config file task	11 gadus atpakaļ
Justin Plock	1d7986fd96	Enable UFW and deny everything by default Removed unused status checks on UFW	11 gadus atpakaļ
Justin Plock	ea0b288818	Moved ufw firewall rules into individual roles	11 gadus atpakaļ
Justin Plock	ed75c9469b	libpam-dev didn't exist for some people so switching to libpam0g-dev instead	11 gadus atpakaļ
Justin Plock	e88fb57cba	Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work.	11 gadus atpakaļ
Justin Plock	2d751ab680	The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token	11 gadus atpakaļ
Justin Plock	c037dce07a	Clarified parameters are bit in a comment	11 gadus atpakaļ
Justin Plock	22a8717f6d	Automatically generate the Google authenticator file for the default user	11 gadus atpakaļ
Justin Plock	84c9febec7	Added Google Authenticator 2FA logins	11 gadus atpakaļ
Justin Plock	89f018bd23	In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely.	11 gadus atpakaļ
Justin Plock	9f918363b9	Set a ServerName for apache (fixes #187)	11 gadus atpakaļ
Benjamin Reitzammer	d957760697	Making main user's shell configurable	11 gadus atpakaļ
Justin Plock	3b0308d69e	Allow both TCP and UDP port 53 for DNS lookups through OpenVPN	11 gadus atpakaļ
Joost Baaij	4837d2e87a	extract NTP logic	11 gadus atpakaļ
Joost Baaij	2033c37982	Enabled unattended-upgrades This works on Debian/Ubuntu only. There are similar packages for other distributions, but they still need manual configuration. It seemed better to go for the common denominator. unattended-upgrades is usually installed by default anyway, so we are just reinforcing best practices.	11 gadus atpakaļ
Joost Baaij	335cef5c9f	Enabled POP3S for old-timeys who dig that added dovecot-pop3d allowed in the firewall monitored with monit added relevant tests	11 gadus atpakaļ
Joshua Lund	4ed07a1e0a	* Made the OpenVPN port and protocol (tcp/udp) configurable * Added 'cipher' and 'auth' lines to the generated client configs	11 gadus atpakaļ
Luke Cyca	4bc4cebf41	Explicit permissions for all cert files	11 gadus atpakaļ
Luke Cyca	76d52b63f3	XMPP cert handling improvements, ufw rules, and tests	11 gadus atpakaļ

Pirmā Iepriekšējā 1 2 Nākamā Pēdējā

83 Revīzijas (c77bef18bd7f40e5255f77d13ce6e13f0b9afe9a)