Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

May 5 2016

amj added projects to T822: SSL certificates: migrate from Startcom to Let's encrypt: security, Servers.
May 5 2016, 14:28 · Servers, security

Apr 20 2016

dereckson closed T813: Renew www.espace-win.org certificate as Resolved.

So the issue was this nginx block, which deny access to .well-known like anything else starting with a dot:

Apr 20 2016, 22:21 · security, Servers
dereckson added a comment to T813: Renew www.espace-win.org certificate.
$ letsencrypt renew
[...]
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/www.espace-win.org.conf
-------------------------------------------------------------------------------
2016-04-20 22:10:33,464:WARNING:letsencrypt.renewal:Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/www.espace-win.org.conf produced an unexpected error: Failed authorization procedure. dropbox.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dropbox.espace-win.org/.well-known/acme-challenge/AFcGawsTLFqpJwWWZDmMh4LHjMVRkIbAfbq13_6qM40 [212.83.187.132]: 403, files.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://files.espace-win.org/.well-known/acme-challenge/43QDyWupIPxeAlNMyXgvDezCIMf-6kGxvAn2SzBIrak [212.83.187.132]: 403, forum.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://forum.espace-win.org/.well-known/acme-challenge/rHPn1p3iNsjXBzgAC0Hk-npvdCRF1qmJTrohgFkmugM [212.83.187.132]: 403, espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://espace-win.org/.well-known/acme-challenge/o_7sf9acLUEuHzVQNOHBcHvTG73l7xlP8mMX6nhx22c [212.83.187.132]: 403, pastebin.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://pastebin.espace-win.org/.well-known/acme-challenge/QCzu4WhOSjhRPzH6BvjMgAn2tggV1qbBW0q9tdyYACs [212.83.187.132]: 403, assets.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://assets.espace-win.org/.well-known/acme-challenge/LU-KuSB2bzPYmxw2vACtLu6yZj8ygXkAZiPxwHOMcHE [212.83.187.132]: 403, excel.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://excel.espace-win.org/.well-known/acme-challenge/5iaG0F-_T5a2TKlFWDxTqvBxg6GD50B_YfY5sxolNQ0 [212.83.187.132]: 403, www.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.espace-win.org/.well-known/acme-challenge/Pw6LYupam92EIy330xYlAuHuKvNKpp6unoVU8UAOrmw [212.83.187.132]: 403, gd.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gd.espace-win.org/.well-known/acme-challenge/SP1gRHzjZR39Ai9lZXQvEsTi9i7f0dYSL2bbR_bPOY4 [212.83.187.132]: 403. Skipping.
Apr 20 2016, 22:12 · security, Servers
dereckson created T813: Renew www.espace-win.org certificate.
Apr 20 2016, 22:08 · security, Servers

Apr 2 2016

dereckson added a comment to T783: Run an extra SSH server on Ysul for OTP/Yubikey.

This works:

Apr 2 2016, 01:15 · security, Servers

Apr 1 2016

dereckson added a comment to T783: Run an extra SSH server on Ysul for OTP/Yubikey.

Hmmm, we need to recompile another OpenSSH server to be able to change the PAM service name

Apr 1 2016, 21:50 · security, Servers
dereckson raised the priority of T783: Run an extra SSH server on Ysul for OTP/Yubikey from Low to Normal.

New users are puzzled by the prompt.

Apr 1 2016, 21:44 · security, Servers

Mar 28 2016

dereckson updated the task description for T415: Allowed ops@ and dereckson@ to sudo docker or lxc-* commands on Dwellers.
Mar 28 2016, 22:40 · Accounts, security, Servers
dereckson moved T665: Configure DevCentral to approve automatically the user accounts from Backlog to Config on the DevCentral board.
Mar 28 2016, 19:49 · security, DevCentral

Mar 13 2016

dereckson triaged T783: Run an extra SSH server on Ysul for OTP/Yubikey as Low priority.
Mar 13 2016, 20:12 · security, Servers

Mar 10 2016

Sandlayth closed T776: Determine domain name for Eglide as Resolved.

After a conversation on #wolfplex, debating about the domain name to use, we endly concluded that Eglide will be a standalone project, nonetheless supported by Nasqueron.
Therefore, the domain name reserved for this project is eglide.org.

Mar 10 2016, 21:42 · Eglide, discussion, security, IRC, Servers
dereckson updated the task description for T776: Determine domain name for Eglide.
Mar 10 2016, 04:59 · Eglide, discussion, security, IRC, Servers
dereckson created T776: Determine domain name for Eglide.
Mar 10 2016, 04:57 · Eglide, discussion, security, IRC, Servers

Mar 7 2016

dereckson closed D307: Allow to download with wget by committing rSTGf443c0ca9ba8: Allow to download with wget.
Mar 7 2016, 20:38 · security
dereckson accepted D307: Allow to download with wget.

@xcombelle confirmed on #wikipedia-fr the code is safe as far as security is concerned.

Mar 7 2016, 20:22 · security
dereckson updated the diff for D307: Allow to download with wget.

Fixed issue reported by Scoopfinder.

Mar 7 2016, 20:19 · security
dereckson added inline comments to D307: Allow to download with wget.
Mar 7 2016, 18:40 · security
dereckson planned changes to D307: Allow to download with wget.

Regression This commit introduces the following issue when the page IS NOT downloaded through this new method:

Mar 7 2016, 17:15 · security

Feb 29 2016

dereckson updated the diff for D307: Allow to download with wget.

+Page::encodeData

Feb 29 2016, 04:50 · security
dereckson added a task to D307: Allow to download with wget: T697: Le Soir - Redirection limit reached.
Feb 29 2016, 04:35 · security
dereckson updated the test plan for D307: Allow to download with wget.
Feb 29 2016, 04:35 · security
dereckson added inline comments to D307: Allow to download with wget.
Feb 29 2016, 04:24 · security
dereckson added a project to D307: Allow to download with wget: security.
Feb 29 2016, 04:19 · security
dereckson added a project to P175 pkg audit on Ysul: security.
Feb 29 2016, 02:15 · Servers, security
dereckson added a project to P175 pkg audit on Ysul: Servers.
Feb 29 2016, 02:15 · Servers, security

Feb 26 2016

dereckson added a comment to T744: Recycle containers on Dwellers to mitigate CVE-2015-7547.

The packages have been upgraded for the following containers:

Feb 26 2016, 18:53 · security, Nasqueron Docker deployment squad

Feb 21 2016

dereckson updated the title for P168 dereckson@ilium SSH key from dereckson@illium SSH key to dereckson@ilium SSH key.
Feb 21 2016, 02:52 · security, Servers
dereckson edited P168 dereckson@ilium SSH key.
Feb 21 2016, 02:52 · security, Servers
dereckson archived P168 dereckson@ilium SSH key.
Feb 21 2016, 02:50 · security, Servers
dereckson archived P169 `pkg audit` on Ysul.
Feb 21 2016, 02:49 · security, Servers
dereckson added a comment to P169 `pkg audit` on Ysul.

Fixed, silgraphite2 through ports, the others through binary packages.

Feb 21 2016, 02:49 · security, Servers
dereckson updated the title for P169 `pkg audit` on Ysul from Masterwork From Distant Lands to `pkg audit` on Ysul.
Feb 21 2016, 02:41 · security, Servers

Feb 20 2016

dereckson created P168 dereckson@ilium SSH key.
Feb 20 2016, 14:31 · security, Servers

Feb 17 2016

dereckson added a project to T606: Create a let's encrypt certificate generator jail: IPv6.
Feb 17 2016, 02:56 · IPv6, Operations sprint 0, security, Servers
dereckson renamed T744: Recycle containers on Dwellers to mitigate CVE-2015-7547 from Recycle containers on Dwellers to Recycle containers on Dwellers to mitigate CVE-2015-7547.
Feb 17 2016, 00:15 · security, Nasqueron Docker deployment squad
dereckson added a parent task for T744: Recycle containers on Dwellers to mitigate CVE-2015-7547: T743: Mitigate CVE-2015-7547 DNS glibc issue.
Feb 17 2016, 00:15 · security, Nasqueron Docker deployment squad
dereckson created T744: Recycle containers on Dwellers to mitigate CVE-2015-7547.
Feb 17 2016, 00:07 · security, Nasqueron Docker deployment squad

Feb 12 2016

dereckson added a comment to T720: Ysul: cannot stat /etc/login.conf: Not permitted in capability mode.

Could be related to Capsicum — https://lists.cam.ac.uk/pipermail/cl-capsicum-discuss/2014-December/msg00004.html

Feb 12 2016, 04:04 · security, Servers
dereckson created T720: Ysul: cannot stat /etc/login.conf: Not permitted in capability mode.
Feb 12 2016, 04:03 · security, Servers

Feb 2 2016

dereckson added a project to T619: Allow to control from TC2 the Docker engine: Operations sprints (Operations sprint 1).
Feb 2 2016, 05:22 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn
dereckson moved T606: Create a let's encrypt certificate generator jail from Pending review to Done on the Operations sprint 0 board.
Feb 2 2016, 04:23 · IPv6, Operations sprint 0, security, Servers
dereckson moved T606: Create a let's encrypt certificate generator jail from Working on to Pending review on the Operations sprint 0 board.
Feb 2 2016, 04:22 · IPv6, Operations sprint 0, security, Servers

Jan 23 2016

dereckson lowered the priority of T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist from High to Normal.
Jan 23 2016, 03:17 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson added a comment to T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist.

Dwellers is already in the whitelist.

Jan 23 2016, 03:16 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson added a project to T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist: security.
Jan 23 2016, 03:13 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson closed T690: Ensure APP_KEY is properly defined as Resolved by committing rDNOTIF73d49d978c97: Ensure APP_KEY is defined.
Jan 23 2016, 00:24 · Notifications center, Docker images, security

Jan 22 2016

dereckson added a revision to T690: Ensure APP_KEY is properly defined: D258: Ensure APP_KEY is defined.
Jan 22 2016, 05:09 · Notifications center, Docker images, security
dereckson updated the task description for T690: Ensure APP_KEY is properly defined.
Jan 22 2016, 05:05 · Notifications center, Docker images, security
dereckson closed T691: Revert APP_KEY to a dummy non 32 character value, a subtask of T690: Ensure APP_KEY is properly defined, as Resolved.
Jan 22 2016, 05:03 · Notifications center, Docker images, security
dereckson closed T691: Revert APP_KEY to a dummy non 32 character value as Resolved.
Jan 22 2016, 05:03 · Notifications center, security
dereckson added revisions to T691: Revert APP_KEY to a dummy non 32 character value: D253: Revert "Set correct default app.key configuration setting", D254: Sync .env.example with .env for APP_KEY, D255: Allow phpunit tests to run without .env file.
Jan 22 2016, 05:01 · Notifications center, security
dereckson created T691: Revert APP_KEY to a dummy non 32 character value.
Jan 22 2016, 04:07 · Notifications center, security
dereckson added a comment to T690: Ensure APP_KEY is properly defined.

Actually, the application itself creates a security risk with a default valid key. That will be SomeRandomString.

Jan 22 2016, 04:02 · Notifications center, Docker images, security
dereckson updated the task description for T690: Ensure APP_KEY is properly defined.
Jan 22 2016, 04:00 · Notifications center, Docker images, security
dereckson added a comment to T690: Ensure APP_KEY is properly defined.

SomeRandomString actually won't work.

Jan 22 2016, 04:00 · Notifications center, Docker images, security
dereckson created T690: Ensure APP_KEY is properly defined.
Jan 22 2016, 03:49 · Notifications center, Docker images, security

Jan 20 2016

dereckson closed T680: SSL certificate for code.zed.dereckson.be as Resolved.
Jan 20 2016, 15:13 · Nasqueron Docker deployment squad, security, Zed
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:57 · security, Servers
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

I've generated a SSL certificate valid for all the remaining domains hosted by Dwellers.

Jan 20 2016, 14:45 · security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:40 · security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:39 · security, Servers
dereckson added a subtask for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org: T681: Deployed SSL certificates on mail.*.
Jan 20 2016, 14:39 · security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:38 · security, Servers
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

Added domains from Dwellers /etc/nginx.conf.

Jan 20 2016, 14:18 · security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:18 · security, Servers
dereckson created T680: SSL certificate for code.zed.dereckson.be.
Jan 20 2016, 14:18 · Nasqueron Docker deployment squad, security, Zed
dereckson closed T679: Generate a SSL certificate for new Dwellers nasqueron.org services, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jan 20 2016, 14:10 · security, Servers

Jan 19 2016

dereckson added a subtask for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org: T679: Generate a SSL certificate for new Dwellers nasqueron.org services.
Jan 19 2016, 04:44 · security, Servers
dereckson lowered the priority of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org from Normal to Low.

I've generated and deployed a temporary mega certificate:

Jan 19 2016, 04:20 · security, Servers

Jan 18 2016

dereckson added a project to T415: Allowed ops@ and dereckson@ to sudo docker or lxc-* commands on Dwellers: Accounts.
Jan 18 2016, 18:48 · Accounts, security, Servers

Jan 17 2016

dereckson closed T673: Rebuild images using OpenSSH client as Resolved.

Done for nasqueron/nginx-php-fpm per D245 (and so Phabricator).

Jan 17 2016, 02:23 · security, Docker images
dereckson created T673: Rebuild images using OpenSSH client.
Jan 17 2016, 02:18 · security, Docker images
dereckson added a comment to T667: Mitigate CVE-2016-0777 in SSH clients configuration files.

Ysul OpenSSH_6.6.1p1, OpenSSL 1.0.1l-freebsd 15 Jan 2015
Dwellers OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

Jan 17 2016, 02:16 · security, Servers

Jan 14 2016

dereckson added a parent task for T665: Configure DevCentral to approve automatically the user accounts: T614: Browse and search whole Nasqueron codebase.
Jan 14 2016, 16:29 · security, DevCentral
dereckson lowered the priority of T667: Mitigate CVE-2016-0777 in SSH clients configuration files from High to Normal.

Lowered the priority as we've mitigated at places where there are ssh outgoing connections.

Jan 14 2016, 16:01 · security, Servers
dereckson added a comment to T667: Mitigate CVE-2016-0777 in SSH clients configuration files.

Done for Ysul, Dwellers, the containers for DevCentral and phabricator.wolfplex.be.

Jan 14 2016, 16:00 · security, Servers
dereckson created T667: Mitigate CVE-2016-0777 in SSH clients configuration files.
Jan 14 2016, 15:50 · security, Servers

Jan 12 2016

dereckson updated the task description for T665: Configure DevCentral to approve automatically the user accounts.
Jan 12 2016, 18:57 · security, DevCentral
dereckson created T665: Configure DevCentral to approve automatically the user accounts.
Jan 12 2016, 18:57 · security, DevCentral

Jan 7 2016

dereckson added a parent task for T261: Generate SSL certificate for devcentral.nasqueron.org: T660: Switch DevCentral in https only.
Jan 7 2016, 18:03 · DevCentral, Nasqueron Docker deployment squad, security
dereckson closed T659: Install letsencrypt on Dwellers as Resolved.

The Let's encrypt container is usable as is.

Jan 7 2016, 17:49 · security, Servers
dereckson closed T659: Install letsencrypt on Dwellers, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jan 7 2016, 17:49 · security, Servers
dereckson reopened T659: Install letsencrypt on Dwellers, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Open.
Jan 7 2016, 17:40 · security, Servers
dereckson created T659: Install letsencrypt on Dwellers.
Jan 7 2016, 17:40 · security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 7 2016, 16:58 · security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 7 2016, 16:58 · security, Servers

Jan 5 2016

dereckson added a comment to T606: Create a let's encrypt certificate generator jail.

Deleted jail

Jan 5 2016, 20:24 · IPv6, Operations sprint 0, security, Servers
dereckson updated subscribers of T656: Ensure every URL is HTTPS or protocol-relative.
Jan 5 2016, 19:33 · security, bioty.co hosting
dereckson created T656: Ensure every URL is HTTPS or protocol-relative.
Jan 5 2016, 19:31 · security, bioty.co hosting
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

The 2016-01-05 series works.

Jan 5 2016, 19:17 · security, Servers
dereckson closed T655: setup.nasqueron.org SSL compliance, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jan 5 2016, 19:14 · security, Servers
dereckson reopened T655: setup.nasqueron.org SSL compliance, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Open.
Jan 5 2016, 19:12 · security, Servers
dereckson renamed T654: Apply Let's encrypt SSL certificates for *.nasqueron.org from Generate Let's encrypt server for nasqueron.org to Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 5 2016, 19:07 · security, Servers
dereckson moved T654: Apply Let's encrypt SSL certificates for *.nasqueron.org from Backlog to Working on on the Servers board.
Jan 5 2016, 19:00 · security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 5 2016, 19:00 · security, Servers
dereckson created T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 5 2016, 18:58 · security, Servers
dereckson added projects to P150 /usr/local/etc/nginx/includes/letsencrypt.conf: Servers, security.
Jan 5 2016, 17:52 · security, Servers
dereckson closed T606: Create a let's encrypt certificate generator jail as Wontfix.

Create the jail

Jan 5 2016, 17:39 · IPv6, Operations sprint 0, security, Servers
dereckson claimed T606: Create a let's encrypt certificate generator jail.

Hostname: setstyin.nasqueron.org
IP: 2001:470:1f12:9e1::3

Jan 5 2016, 16:08 · IPv6, Operations sprint 0, security, Servers
dereckson moved T606: Create a let's encrypt certificate generator jail from Product backlog to Working on on the Operations sprint 0 board.
Jan 5 2016, 15:43 · IPv6, Operations sprint 0, security, Servers
First
Prev
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator