Age | Commit message (Collapse) | Author |
|
Change-Id: I3d733b6645c804a5fb337ad4b8edc59a66ad50b5
|
|
Change-Id: Icaab817870d005b7a854a3fb8c402705d0b2d77f
|
|
Change-Id: Iab9597f5f0336f66df9b73fea9d79c789cbb8302
|
|
The Trace method is enabled because of the Apache module, but it is not the
default in Debian, and it should not be enabled, for more information see the
following:
https://www.kb.cert.org/vuls/id/867593
Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268
|
|
The onlyif check was incorrectly specified in the original implementation in
commit id: 15b83d88dcedab496a19cef57f11c5c8e091dd4a this inverts it so it
is properly detected.
Change-Id: I531e206fff1ca61780adcd195e1f917011e50fb4
|
|
Change-Id: Ic12b243b195e40482a70dd70219212c3697899ba
|
|
Change-Id: I772c3b6e489e3c1848c45c6bcaa240324fc88928
|
|
|
|
Change-Id: I7675dbaba4d896a62dab9fcf4817092ea69f1298
|
|
It turns out that in some corner-cases, the script is not called:
(1) start the deploy, create files in /var/lib/puppet/stunnel4/config
(2) halt puppet before apply finishes
(3) re-run deploy
in this scenario, next time you run deploy, refresh_stunnel will never
get called to populate /etc/stunnel, because the files in
/var/lib/puppet/stunnel4/config haven't changed.
This problem can be really confusing when it happens.
To fix this, we just run refresh_stunnel every, it is pretty fast and
the script has more complete logic for what to do than puppet, which has
only an asymmetrical view on the situation.
Change-Id: I9e5fad1d081c2fe07f3ac8f07cfb87d86b88f7c9
|
|
|
|
|
|
if this is set in the config, the deamons do not
start anymore. From the debian changelog:
clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium
* Import new Upstream.
* Drop AllowSupplementaryGroups option which is default now
(Closes: #822444).
|
|
The unix socket method for connecting to the milter was incorrectly
reverted, this puts it back to how it should be.
Change-Id: Ifde669c920a249c782f577a112f4d45e60a889a2
|
|
|
|
The agent wakes up every two minutes and tries to connect to the default
server, failing with a certificate warning. We don't use the agent, so
we can safely disable it (#8032)
Change-Id: I707f42b59205993325431aba283552b1b73a0ad1
|
|
check_mk operations can take a long time (such as when doing a
re-inventory using "check_mk -II") when multiple hosts are down. This
decreases the connect timeout to 5 seconds.
Change-Id: I1eac5f14bad2afc2ffc4cbf8c950c24b052a0d6e
|
|
Change-Id: I5d5595d2da8770d61cc2328e3e9b7ac482527e89
|
|
Change-Id: I696af649806a7321f92baaf55dc5d404ce5c3d93
|
|
|
|
Otherwise, the nagios config will get regenerated and nagios gets
reloaded before all checks are registered by a check_mk inventory.
- Related: #6873
|
|
After upgrading the platform, there might be old check_mk checks
registered on the monitor hosts. We now run a check_mk inventory
on every run that also purged old non-existng checks.
- Resolves: #6873
|
|
|
|
Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb
|
|
Shorewall in jessie doesn't come with a proper unit file, and
as a result, it doesn't properly start with systemd.
To solve this, we provide the systemd unit file that comes with stretch,
add a systemd submodule that provides the exec resources needed for when
systemd units or configuration files are changed
Change-Id: I861fa951835928b4741abfbf969adcee4b8f147b
|
|
|
|
|
|
- ignore puppet lint error about inheriting from different namespace
|
|
If clamd is not running, the helpful cronjob tries to start it again,
but the way it is being started can only be run as root, and the cronjob
is run as the clamav user, so you get an error on each cron run. This
fixes that problem
Change-Id: I4cdb29dc651bee8a2eef1655ad4748d885afae0f
|
|
|
|
I used `puppet-lint -f FILE` to fix most issues, while
finishing with manual intervention.
|
|
|
|
|
|
|
|
Change-Id: I23d7fcea3755e9ecab561ecf69d8a6ecb8bdeca4
|
|
Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to
/var/log/daemon.log.
Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719
|
|
stunnel server logs were not going to /var/log/stunnel4/*, but to
/var/log/syslog instead. This was different from stunnel client
logging, now its the same.
Change-Id: I2dc2024b77dbb65554fc7865b0e46aedf930c6d8
|
|
Add a site_rsyslog config that removes duplicate mail logging.
Previously mail logs would be copied to /var/log/syslog, mail.log,
mail.err, mail.info, maillog and to the console. This removes those and
only puts them in /var/log/mail.log.
It also removes other superfluous configurations, either because they
are commented out already, or because they are uucp or nntp.
Change-Id: Ib05036787d2c818bf8802c22a4b8050f945a6e6d
|
|
In order for postfix to access the opendkim milter socket, we need to
remove the chroot option for the cleanup service.
See e97a9d3800b173375a630e18e4b1aa0894eb96e1 for opendkim
implementation.
Change-Id: I2742650965e61273fb804ebe9ce3f9bd38796582
|
|
a thing.
|
|
|
|
|
|
|
|
latest develop branch leap_cli)
|
|
|
|
|
|
|
|
|
|
|
|
It failed to calculate the sessions and tokens db names.
- Resolves: #7658
|