Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Jun 26 2016

dereckson added a subtask for T878: Salt Auth Grove passwords: T840: Upgrade to Laravel 5.2.
Jun 26 2016, 14:40 · security, User-Dereckson, Auth Grove
dereckson created T878: Salt Auth Grove passwords.
Jun 26 2016, 14:38 · security, User-Dereckson, Auth Grove

Jun 18 2016

dereckson moved T828: Implement local storage features from New trackers to Dev on the tracker board.
Jun 18 2016, 12:53 · tracker, security, Auth Grove

Jun 15 2016

dereckson added a comment to T866: Switch Uncle Slovius jail to IPv6.

I'm decreasing the TTL of uncle-slovius CNAME DNS entry, so we'll be able to switch > 2016-06-16 4:00.

Jun 15 2016, 01:45 · Servers, security
dereckson added a comment to T866: Switch Uncle Slovius jail to IPv6.

Dedicated IPv6 will be 2001:470:1f13:9e1:0:c0ff:ee:6.

Jun 15 2016, 01:42 · Servers, security
dereckson created T866: Switch Uncle Slovius jail to IPv6.
Jun 15 2016, 01:40 · Servers, security

Jun 12 2016

dereckson updated the task description for T860: Upgrade OpenSSL.
Jun 12 2016, 21:14 · security, Servers
dereckson triaged T860: Upgrade OpenSSL as High priority.
Jun 12 2016, 21:14 · security, Servers

Jun 9 2016

dereckson closed T854: Write a Let's encrypt web server configuration checker, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jun 9 2016, 10:46 · TLS certificates, security, Servers
dereckson closed T854: Write a Let's encrypt web server configuration checker as Resolved by committing rOPS0aa61ca254f9: Let's encrypt web server configuration checker.
Jun 9 2016, 10:46 · TLS certificates, security, Servers
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

Fixed for Agora.

Jun 9 2016, 02:22 · TLS certificates, security, Servers
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

agora.nasqueron.org still use a StartSSL (has been expired for 4 days)

Jun 9 2016, 02:17 · TLS certificates, security, Servers

Jun 5 2016

dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

Testing D396 script, three domains have issues.

Jun 5 2016, 22:22 · TLS certificates, security, Servers
dereckson added a revision to T854: Write a Let's encrypt web server configuration checker: D396: Let's encrypt web server configuration checker.
Jun 5 2016, 22:17 · TLS certificates, security, Servers
dereckson created T854: Write a Let's encrypt web server configuration checker.
Jun 5 2016, 21:04 · TLS certificates, security, Servers

Jun 4 2016

dereckson lowered the priority of T853: Deploy a Let's encrypt certificate to the Mumble server from High to Normal.

We need a script to automate the process.

Jun 4 2016, 14:43 · TLS certificates, good-first-issue, Mumble, security, Servers
dereckson added a comment to T853: Deploy a Let's encrypt certificate to the Mumble server.

Done manually.

Jun 4 2016, 14:42 · TLS certificates, good-first-issue, Mumble, security, Servers
dereckson moved T853: Deploy a Let's encrypt certificate to the Mumble server from Backlog to Configuration requests on the Mumble board.
Jun 4 2016, 02:11 · TLS certificates, good-first-issue, Mumble, security, Servers
dereckson created T853: Deploy a Let's encrypt certificate to the Mumble server.
Jun 4 2016, 02:11 · TLS certificates, good-first-issue, Mumble, security, Servers
dereckson updated subscribers of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

Following work this week by @Sandlayth (Dwellers) and me (Ysul), all *.nasqueron.org sites are migrated to Let's encrypt certificates.

Jun 4 2016, 02:07 · TLS certificates, security, Servers
dereckson closed T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content as Resolved by committing rTSWWWdedcc4e0e4a2: Serve https links.
Jun 4 2016, 00:58 · TrustSpace, security, Servers
dereckson closed T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jun 4 2016, 00:58 · TLS certificates, security, Servers

Jun 3 2016

dereckson added a revision to T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content: D388: Serve https links.
Jun 3 2016, 21:52 · TrustSpace, security, Servers
dereckson created T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content.
Jun 3 2016, 21:30 · TrustSpace, security, Servers
dereckson closed T848: hotglue.nasqueron.org serves http:// content, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jun 3 2016, 18:02 · TLS certificates, security, Servers
dereckson added a comment to T214: Software security issues on Ysul.

So for reference, we can now customize SuEXEC settings.

Jun 3 2016, 16:58 · security, Servers

Jun 2 2016

dereckson closed T492: When using a front-end server with SSL termination, back-end serves http:// links. as Resolved by committing rGROVE0f370cd5307d: Allow to serve https:// links behind a front-end server with SSL termination.
Jun 2 2016, 04:59 · security, Auth Grove

May 31 2016

dereckson added a parent task for T492: When using a front-end server with SSL termination, back-end serves http:// links.: T271: Deploy Auth Grove to login.nasqueron.org.
May 31 2016, 18:52 · security, Auth Grove

May 21 2016

dereckson closed T656: Ensure every URL is HTTPS or protocol-relative as Resolved.
May 21 2016, 14:32 · security, bioty.co hosting
dereckson moved T656: Ensure every URL is HTTPS or protocol-relative from Backlog to Done on the bioty.co hosting board.
May 21 2016, 14:32 · security, bioty.co hosting

May 20 2016

dereckson updated the task description for T828: Implement local storage features.
May 20 2016, 16:11 · tracker, security, Auth Grove
dereckson updated the task description for T828: Implement local storage features.
May 20 2016, 16:06 · tracker, security, Auth Grove
dereckson created T828: Implement local storage features.
May 20 2016, 16:03 · tracker, security, Auth Grove

May 5 2016

amj added projects to T822: SSL certificates: migrate from Startcom to Let's encrypt: security, Servers.
May 5 2016, 14:28 · TLS certificates, Servers, security

Apr 20 2016

dereckson closed T813: Renew www.espace-win.org certificate as Resolved.

So the issue was this nginx block, which deny access to .well-known like anything else starting with a dot:

Apr 20 2016, 22:21 · TLS certificates, security, Servers
dereckson added a comment to T813: Renew www.espace-win.org certificate.
$ letsencrypt renew
[...]
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/www.espace-win.org.conf
-------------------------------------------------------------------------------
2016-04-20 22:10:33,464:WARNING:letsencrypt.renewal:Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/www.espace-win.org.conf produced an unexpected error: Failed authorization procedure. dropbox.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dropbox.espace-win.org/.well-known/acme-challenge/AFcGawsTLFqpJwWWZDmMh4LHjMVRkIbAfbq13_6qM40 [212.83.187.132]: 403, files.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://files.espace-win.org/.well-known/acme-challenge/43QDyWupIPxeAlNMyXgvDezCIMf-6kGxvAn2SzBIrak [212.83.187.132]: 403, forum.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://forum.espace-win.org/.well-known/acme-challenge/rHPn1p3iNsjXBzgAC0Hk-npvdCRF1qmJTrohgFkmugM [212.83.187.132]: 403, espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://espace-win.org/.well-known/acme-challenge/o_7sf9acLUEuHzVQNOHBcHvTG73l7xlP8mMX6nhx22c [212.83.187.132]: 403, pastebin.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://pastebin.espace-win.org/.well-known/acme-challenge/QCzu4WhOSjhRPzH6BvjMgAn2tggV1qbBW0q9tdyYACs [212.83.187.132]: 403, assets.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://assets.espace-win.org/.well-known/acme-challenge/LU-KuSB2bzPYmxw2vACtLu6yZj8ygXkAZiPxwHOMcHE [212.83.187.132]: 403, excel.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://excel.espace-win.org/.well-known/acme-challenge/5iaG0F-_T5a2TKlFWDxTqvBxg6GD50B_YfY5sxolNQ0 [212.83.187.132]: 403, www.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.espace-win.org/.well-known/acme-challenge/Pw6LYupam92EIy330xYlAuHuKvNKpp6unoVU8UAOrmw [212.83.187.132]: 403, gd.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gd.espace-win.org/.well-known/acme-challenge/SP1gRHzjZR39Ai9lZXQvEsTi9i7f0dYSL2bbR_bPOY4 [212.83.187.132]: 403. Skipping.
Apr 20 2016, 22:12 · TLS certificates, security, Servers
dereckson created T813: Renew www.espace-win.org certificate.
Apr 20 2016, 22:08 · TLS certificates, security, Servers

Apr 2 2016

dereckson added a comment to T783: Run an extra SSH server on Ysul for OTP/Yubikey.

This works:

Apr 2 2016, 01:15 · security, Servers

Apr 1 2016

dereckson added a comment to T783: Run an extra SSH server on Ysul for OTP/Yubikey.

Hmmm, we need to recompile another OpenSSH server to be able to change the PAM service name

Apr 1 2016, 21:50 · security, Servers
dereckson raised the priority of T783: Run an extra SSH server on Ysul for OTP/Yubikey from Low to Normal.

New users are puzzled by the prompt.

Apr 1 2016, 21:44 · security, Servers

Mar 28 2016

dereckson updated the task description for T415: Allowed ops@ and dereckson@ to sudo docker or lxc-* commands on Dwellers.
Mar 28 2016, 22:40 · Accounts, security, Servers
dereckson moved T665: Configure DevCentral to approve automatically the user accounts from Backlog to Config on the DevCentral board.
Mar 28 2016, 19:49 · security, DevCentral

Mar 13 2016

dereckson triaged T783: Run an extra SSH server on Ysul for OTP/Yubikey as Low priority.
Mar 13 2016, 20:12 · security, Servers

Mar 10 2016

Sandlayth closed T776: Determine domain name for Eglide as Resolved.

After a conversation on #wolfplex, debating about the domain name to use, we endly concluded that Eglide will be a standalone project, nonetheless supported by Nasqueron.
Therefore, the domain name reserved for this project is eglide.org.

Mar 10 2016, 21:42 · Eglide, discussion, security, IRC, Servers
dereckson updated the task description for T776: Determine domain name for Eglide.
Mar 10 2016, 04:59 · Eglide, discussion, security, IRC, Servers
dereckson created T776: Determine domain name for Eglide.
Mar 10 2016, 04:57 · Eglide, discussion, security, IRC, Servers

Mar 7 2016

dereckson closed D307: Allow to download with wget by committing rSTGf443c0ca9ba8: Allow to download with wget.
Mar 7 2016, 20:38 · security
dereckson accepted D307: Allow to download with wget.

@xcombelle confirmed on #wikipedia-fr the code is safe as far as security is concerned.

Mar 7 2016, 20:22 · security
dereckson updated the diff for D307: Allow to download with wget.

Fixed issue reported by Scoopfinder.

Mar 7 2016, 20:19 · security
dereckson added inline comments to D307: Allow to download with wget.
Mar 7 2016, 18:40 · security
dereckson planned changes to D307: Allow to download with wget.

Regression This commit introduces the following issue when the page IS NOT downloaded through this new method:

Mar 7 2016, 17:15 · security

Feb 29 2016

dereckson updated the diff for D307: Allow to download with wget.

+Page::encodeData

Feb 29 2016, 04:50 · security
dereckson added a task to D307: Allow to download with wget: T697: Le Soir - Redirection limit reached.
Feb 29 2016, 04:35 · security
dereckson updated the test plan for D307: Allow to download with wget.
Feb 29 2016, 04:35 · security
dereckson added inline comments to D307: Allow to download with wget.
Feb 29 2016, 04:24 · security
dereckson added a project to D307: Allow to download with wget: security.
Feb 29 2016, 04:19 · security
dereckson added a project to P175 pkg audit on Ysul: security.
Feb 29 2016, 02:15 · Servers, security
dereckson added a project to P175 pkg audit on Ysul: Servers.
Feb 29 2016, 02:15 · Servers, security

Feb 26 2016

dereckson added a comment to T744: Recycle containers on Dwellers to mitigate CVE-2015-7547.

The packages have been upgraded for the following containers:

Feb 26 2016, 18:53 · security, Nasqueron Docker deployment squad

Feb 21 2016

dereckson updated the title for P168 dereckson@ilium SSH key from dereckson@illium SSH key to dereckson@ilium SSH key.
Feb 21 2016, 02:52 · security, Servers
dereckson edited P168 dereckson@ilium SSH key.
Feb 21 2016, 02:52 · security, Servers
dereckson archived P168 dereckson@ilium SSH key.
Feb 21 2016, 02:50 · security, Servers
dereckson archived P169 `pkg audit` on Ysul.
Feb 21 2016, 02:49 · security, Servers
dereckson added a comment to P169 `pkg audit` on Ysul.

Fixed, silgraphite2 through ports, the others through binary packages.

Feb 21 2016, 02:49 · security, Servers
dereckson updated the title for P169 `pkg audit` on Ysul from Masterwork From Distant Lands to `pkg audit` on Ysul.
Feb 21 2016, 02:41 · security, Servers

Feb 20 2016

dereckson created P168 dereckson@ilium SSH key.
Feb 20 2016, 14:31 · security, Servers

Feb 17 2016

dereckson added a project to T606: Create a let's encrypt certificate generator jail: IPv6.
Feb 17 2016, 02:56 · TLS certificates, IPv6, Operations sprint 0, security, Servers
dereckson renamed T744: Recycle containers on Dwellers to mitigate CVE-2015-7547 from Recycle containers on Dwellers to Recycle containers on Dwellers to mitigate CVE-2015-7547.
Feb 17 2016, 00:15 · security, Nasqueron Docker deployment squad
dereckson added a parent task for T744: Recycle containers on Dwellers to mitigate CVE-2015-7547: T743: Mitigate CVE-2015-7547 DNS glibc issue.
Feb 17 2016, 00:15 · security, Nasqueron Docker deployment squad
dereckson created T744: Recycle containers on Dwellers to mitigate CVE-2015-7547.
Feb 17 2016, 00:07 · security, Nasqueron Docker deployment squad

Feb 12 2016

dereckson added a comment to T720: Ysul: cannot stat /etc/login.conf: Not permitted in capability mode.

Could be related to Capsicum — https://lists.cam.ac.uk/pipermail/cl-capsicum-discuss/2014-December/msg00004.html

Feb 12 2016, 04:04 · security, Servers
dereckson created T720: Ysul: cannot stat /etc/login.conf: Not permitted in capability mode.
Feb 12 2016, 04:03 · security, Servers

Feb 2 2016

dereckson added a project to T619: Allow to control from TC2 the Docker engine: Operations sprints (Operations sprint 1).
Feb 2 2016, 05:22 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn
dereckson moved T606: Create a let's encrypt certificate generator jail from Pending review to Done on the Operations sprint 0 board.
Feb 2 2016, 04:23 · TLS certificates, IPv6, Operations sprint 0, security, Servers
dereckson moved T606: Create a let's encrypt certificate generator jail from Working on to Pending review on the Operations sprint 0 board.
Feb 2 2016, 04:22 · TLS certificates, IPv6, Operations sprint 0, security, Servers

Jan 23 2016

dereckson lowered the priority of T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist from High to Normal.
Jan 23 2016, 03:17 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson added a comment to T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist.

Dwellers is already in the whitelist.

Jan 23 2016, 03:16 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson added a project to T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist: security.
Jan 23 2016, 03:13 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson closed T690: Ensure APP_KEY is properly defined as Resolved by committing rDNOTIF73d49d978c97: Ensure APP_KEY is defined.
Jan 23 2016, 00:24 · Notifications center, Docker images, security

Jan 22 2016

dereckson added a revision to T690: Ensure APP_KEY is properly defined: D258: Ensure APP_KEY is defined.
Jan 22 2016, 05:09 · Notifications center, Docker images, security
dereckson updated the task description for T690: Ensure APP_KEY is properly defined.
Jan 22 2016, 05:05 · Notifications center, Docker images, security
dereckson closed T691: Revert APP_KEY to a dummy non 32 character value, a subtask of T690: Ensure APP_KEY is properly defined, as Resolved.
Jan 22 2016, 05:03 · Notifications center, Docker images, security
dereckson closed T691: Revert APP_KEY to a dummy non 32 character value as Resolved.
Jan 22 2016, 05:03 · Notifications center, security
dereckson added revisions to T691: Revert APP_KEY to a dummy non 32 character value: D253: Revert "Set correct default app.key configuration setting", D254: Sync .env.example with .env for APP_KEY, D255: Allow phpunit tests to run without .env file.
Jan 22 2016, 05:01 · Notifications center, security
dereckson created T691: Revert APP_KEY to a dummy non 32 character value.
Jan 22 2016, 04:07 · Notifications center, security
dereckson added a comment to T690: Ensure APP_KEY is properly defined.

Actually, the application itself creates a security risk with a default valid key. That will be SomeRandomString.

Jan 22 2016, 04:02 · Notifications center, Docker images, security
dereckson updated the task description for T690: Ensure APP_KEY is properly defined.
Jan 22 2016, 04:00 · Notifications center, Docker images, security
dereckson added a comment to T690: Ensure APP_KEY is properly defined.

SomeRandomString actually won't work.

Jan 22 2016, 04:00 · Notifications center, Docker images, security
dereckson created T690: Ensure APP_KEY is properly defined.
Jan 22 2016, 03:49 · Notifications center, Docker images, security

Jan 20 2016

dereckson closed T680: SSL certificate for code.zed.dereckson.be as Resolved.
Jan 20 2016, 15:13 · TLS certificates, Nasqueron Docker deployment squad, security, Zed
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:57 · TLS certificates, security, Servers
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

I've generated a SSL certificate valid for all the remaining domains hosted by Dwellers.

Jan 20 2016, 14:45 · TLS certificates, security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:40 · TLS certificates, security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:39 · TLS certificates, security, Servers
dereckson added a subtask for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org: T681: Deployed SSL certificates on mail.*.
Jan 20 2016, 14:39 · TLS certificates, security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:38 · TLS certificates, security, Servers
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

Added domains from Dwellers /etc/nginx.conf.

Jan 20 2016, 14:18 · TLS certificates, security, Servers
dereckson updated the task description for T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.
Jan 20 2016, 14:18 · TLS certificates, security, Servers
dereckson created T680: SSL certificate for code.zed.dereckson.be.
Jan 20 2016, 14:18 · TLS certificates, Nasqueron Docker deployment squad, security, Zed
dereckson closed T679: Generate a SSL certificate for new Dwellers nasqueron.org services, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jan 20 2016, 14:10 · TLS certificates, security, Servers
First
Prev
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator