Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-02 | Force satellite hosts that only speak to relayhost to have a | Micah Anderson | |
smtp_tls_security_level of 'encrypt', so it is not optional (#1902) Change-Id: I61ad0823e3eb8df6c224767d63f0911dcba42a16 | |||
2014-04-02 | Update TLS apache vhost TLS configuration (#5137): | Micah Anderson | |
. We want to allow for TLS1.2 to be enabled (supported in wheezy) . Explicitly disable SSLCompression. This aids in protecting against the BREACH attack: see http://breachattack.com), and SPDY version 3 is vulnerable to the CRIME attack when compression is on . Switch the cipher suites to match https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for these reasons: . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many implementations support this, and there are no known attacks). . Prefer AES128 to AES256 because the key schedule in AES256 is considered weaker, and maybe AES128 is more resistant to timing attacks . Prefer AES to RC4. BEAST attacks on AES are mitigated in >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and likely to become more dangerous . RC4 is on the path to removal, but still present for backward compatibility Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043 | |||
2014-04-02 | Fix for satellite hosts that are unable to contact their relayhost | Micah Anderson | |
because the DNS lookup is either impossible (.local domain), or incorrect (certain openstack/amazon/piston cloud configurations create this setup when the relayhost is in the same cluster as the satellite). Fixes #5225 Change-Id: Ifbc201678f2c0e97ee0e12bbf1c7f71d035d45c1 | |||
2014-04-02 | Merge branch '5359_design_docs' into 0.6 | varac | |
2014-04-02 | Merge pull request #20 from elijh/feature/openvpn-config | varac | |
allow ability to customize openvpn security options | |||
2014-04-02 | couch design docs should be always deployed, not only on update of the ↵ | varac | |
design docs json files (Feature #5359) | |||
2014-04-01 | Include all the ips that are allowed to send mail through the relay in | Micah Anderson | |
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b | |||
2014-03-31 | Merge branch 'feature/static_site' of https://github.com/elijh/leap_platform ↵ | kwadronaut | |
into elijh-feature/static_site Conflicts: puppet/modules/site_config/manifests/packages/base.pp | |||
2014-03-26 | Merge branch '0.6' of ssh://code.leap.se/leap_platform into 0.6 | varac | |
2014-03-26 | Merge branch '5018_dont_remove_dev_packages_on_couch_node' into 0.6 | varac | |
2014-03-25 | Move setup.pp to a subclass (site_config::setup) (Feature #2993) | varac | |
2014-03-25 | couch node: same packages removed on every (second ?) puppetrun (Feature #5018) | varac | |
2014-03-25 | ignore openvpn TLS initialization errors (Feature #5374) | varac | |
2014-03-24 | modules/site_static: part 2 - apache | elijah | |
2014-03-24 | fixes #5360 adds admin@ as reserved address + linting | kwadronaut | |
2014-03-23 | modules/site_static: part 1 - amber | elijah | |
2014-03-20 | allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵ | elijah | |
cipher config options. | |||
2014-03-19 | Merge branch '5306_ignore_tapicero_PreconditionFailed' into 0.6 | varac | |
2014-03-19 | Merge branch '4798_automatic_compaction' into 0.6 | varac | |
2014-03-13 | catch errors when tapicero fails to create a userdb (Feature #5306) | varac | |
2014-03-13 | Merge branch '5324_nagios_logging' into 0.6 | varac | |
2014-03-13 | deploy automatic compaction via platform (Feature #4798) | varac | |
2014-03-13 | Dont't archive nagios logs, use logrotate for it (Feature #5324) | varac | |
2014-03-13 | Dont't archive nagios logs (#5324) | varac | |
2014-03-13 | removed trailing whitespaces in nagios.cfg | varac | |
2014-03-12 | check if soledad is working (Feature #5239) | varac | |
2014-03-12 | Merge remote-tracking branch 'irregulator/bug/5241' into 0.6 | Micah Anderson | |
2014-03-12 | Indentation fix. | irregulator | |
2014-03-12 | DirPortFrontPage serves a static webpage only when Tor node is exit. | irregulator | |
See leap.se/code/issues/5241 | |||
2014-03-05 | updated submodule rubygems (#3827) | varac | |
2014-03-05 | updated submodule rubygems (#3827) | varac | |
2014-03-05 | use the right package dependencies for site_check_mk::agent class and subclasses | varac | |
2014-03-04 | remove trailing whitespaces from logwatch config files | varac | |
2014-03-04 | updated submodule check_mk | varac | |
2014-03-04 | use curly brackets for variables in check_leap_mx.sh output, see ↵ | varac | |
https://review.leap.se/r/160/#comment156 | |||
2014-03-04 | don't use storedconfigs for check_mk, requires current check_mk module (#5253) | varac | |
2014-03-04 | fix duplicate declarations in /etc/nagios3/conf.d/ on first deploy (Bug #5129) | varac | |
2014-03-04 | fix check_mk resource dependencies (Bug #5145) | varac | |
2014-03-04 | ignore bigcouch 'Shutting down group server' error (#5246) | varac | |
2014-03-04 | ignore failing creation of user-dbs by tapicero, see #5168 | varac | |
2014-03-04 | watch syslog for stunnel issues on couch nodes | varac | |
2014-03-04 | ignore stunnel 'Connection refused' errors that happen too often until we ↵ | varac | |
fix #5218 | |||
2014-03-04 | ignore 'epmd: got partial packet only on file descriptor' (#5244) | varac | |
2014-03-03 | ignore "Uncaught error in HTTP request: {exit, normal}" error (#5226) | varac | |
2014-03-03 | move generic syslog patterns to the end of syslog.cfg so we can ignore ↵ | varac | |
patterns first | |||
2014-03-03 | ignore stunnel pattern "Peer suddenly disconnected" (#5218) | varac | |
2014-03-03 | check syslog for bigcouch error "epmd: got partial packet only on file ↵ | varac | |
descriptor" | |||
2014-03-03 | check soledad.log also for Upper case pattern 'Error' | varac | |
2014-03-03 | check syslog for bigcouch restarts | varac | |
2014-03-03 | check leap_mx (Feature #5175) | varac | |