Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Aug 1 2019

xcombelle added a comment to T1524: Monitor sudo files on servers.

I have no idea how to do it, but looks like a good plan. Apart that, in my opinion, you do a much more of what would be necessary to run nasqueron services (but it is your time, you use it like you want)

Aug 1 2019, 15:37 · Eglide, security, Servers
dereckson added a comment to T1524: Monitor sudo files on servers.

Those are valid concerns.

Aug 1 2019, 14:57 · Eglide, security, Servers
xcombelle added a comment to T1524: Monitor sudo files on servers.

looks an interesting tool, something quite frightening is that it comes with a set of exploit, (if I understand, a common way to exploit sudo flaws).
As a shell script not even indented, it is absolutely unreadable, and more or less one have to trust the creator to not making mistake.
Moreover for full use, you have to give a sudo password in clear text ( I just don't understand the reason)
As such, I would say it would be kind of crazy to run it automatically and I would not comfortable to simply run it for myself in any way.

Aug 1 2019, 14:44 · Eglide, security, Servers
dereckson triaged T1524: Monitor sudo files on servers as Wishlist priority.
Aug 1 2019, 14:16 · Eglide, security, Servers

Jul 29 2019

dereckson added a comment to T1521: Restrict MySQL access.

Tagging security as we could need follow-up ACL to allow to connect to.

Jul 29 2019, 17:29 · Operations sprints (Consolidate them all), security, Servers
dereckson added a project to T1521: Restrict MySQL access: security.
Jul 29 2019, 17:28 · Operations sprints (Consolidate them all), security, Servers

Jul 17 2019

dereckson edited P288 Keys to restore after D2074 side-effect cleanup.
Jul 17 2019, 18:37 · security, Servers
dereckson edited P288 Keys to restore after D2074 side-effect cleanup.
Jul 17 2019, 18:37 · security, Servers
dereckson edited P288 Keys to restore after D2074 side-effect cleanup.
Jul 17 2019, 18:37 · security, Servers
dereckson created P288 Keys to restore after D2074 side-effect cleanup.
Jul 17 2019, 18:37 · security, Servers

Apr 22 2019

dereckson added a revision to T1513: Propagate certificate to Openfire server: D2065: Listen to conference.nasqueron.org for Openfire.
Apr 22 2019, 10:21 · TLS certificates, XMPP, security, Servers
dereckson added a comment to T1513: Propagate certificate to Openfire server.

Actually, for a server point of view, certificates are located in /usr/share/openfire/resources/security.

Apr 22 2019, 10:20 · TLS certificates, XMPP, security, Servers
dereckson claimed T1513: Propagate certificate to Openfire server.
Apr 22 2019, 10:15 · TLS certificates, XMPP, security, Servers

Jan 26 2019

dereckson closed T1500: Migrate user content to a new domain as Resolved.
Jan 26 2019, 21:46 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral
dereckson added a comment to T1500: Migrate user content to a new domain.

DNS configuration

Jan 26 2019, 21:46 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral
dereckson added a revision to T1500: Migrate user content to a new domain: D2055: Switch Phabricator static/user content to specific domain.
Jan 26 2019, 11:03 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral
dereckson added a comment to T1500: Migrate user content to a new domain.

DNS delegation done.

Jan 26 2019, 08:36 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral

Jan 25 2019

dereckson added a comment to T1500: Migrate user content to a new domain.

DNS delegation issues.

Jan 25 2019, 21:31 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral
dereckson added a comment to T1500: Migrate user content to a new domain.

Ordered at OVH. BC 101687018.

Jan 25 2019, 19:45 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral
dereckson claimed T1500: Migrate user content to a new domain.

Ordering domain name nasqueron-user-content.org

Jan 25 2019, 19:41 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral

Dec 13 2018

dereckson added a project to T1500: Migrate user content to a new domain: Operations sprints (The Dreadnought will produce new officers).
Dec 13 2018, 08:45 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral
dereckson added projects to T1500: Migrate user content to a new domain: DevCentral, security, Nasqueron Docker deployment squad, Salt.
Dec 13 2018, 08:44 · Operations sprints (The Dreadnought will produce new officers), Salt, Nasqueron Docker deployment squad, security, DevCentral

Nov 27 2018

dereckson created T1486: Evaluate Archery.
Nov 27 2018, 21:17 · security, Product evaluation, Operations sprints (Move the ambiant lights)

Nov 22 2018

dereckson triaged T1484: Upgrade Laravel framework as Low priority.
Nov 22 2018, 12:50 · Restricted Project, security, Technical debt, Notifications center

Oct 2 2018

dereckson lowered the priority of T1457: Ysul SSH keys have been edited from Unbreak Now! to Normal.
Oct 2 2018, 10:39 · Servers, security
dereckson closed T1457: Ysul SSH keys have been edited as Invalid.

Stale entries in .ssh/known_hosts, from 2016.

Oct 2 2018, 10:38 · Servers, security

Sep 27 2018

dereckson added a project to T1457: Ysul SSH keys have been edited: Servers.
Sep 27 2018, 21:12 · Servers, security
dereckson triaged T1457: Ysul SSH keys have been edited as Unbreak Now! priority.
Sep 27 2018, 20:47 · Servers, security

Sep 21 2018

dereckson added a revision to T1446: Upgrade Ruby from 2.2 to 2.5: D1783: Upgrade Ruby version to 2.5.
Sep 21 2018, 11:57 · Docker images, Tommy, security
dereckson changed the edit policy for T1446: Upgrade Ruby from 2.2 to 2.5.
Sep 21 2018, 11:04 · Docker images, Tommy, security
dereckson closed T1446: Upgrade Ruby from 2.2 to 2.5 as Resolved by committing rTOMMYdee8c80a7244: Upgrade to Ruby 2.5.
Sep 21 2018, 11:03 · Docker images, Tommy, security
dereckson added a revision to T1446: Upgrade Ruby from 2.2 to 2.5: D1780: Upgrade to Ruby 2.5.
Sep 21 2018, 11:02 · Docker images, Tommy, security
dereckson changed the edit policy for T1444: CSRF timing attach in Sinatra rack-protection (CVE-2018-1000119).
Sep 21 2018, 09:56 · Tommy, security
dereckson closed T1444: CSRF timing attach in Sinatra rack-protection (CVE-2018-1000119) as Resolved by committing rTOMMY9ca3ab76bdbc: Update rack-protection.
Sep 21 2018, 09:56 · Tommy, security
dereckson updated the task description for T1446: Upgrade Ruby from 2.2 to 2.5.
Sep 21 2018, 09:02 · Docker images, Tommy, security
dereckson added a project to T1446: Upgrade Ruby from 2.2 to 2.5: Docker images.
Sep 21 2018, 09:02 · Docker images, Tommy, security
dereckson created T1446: Upgrade Ruby from 2.2 to 2.5.
Sep 21 2018, 09:01 · Docker images, Tommy, security

Sep 20 2018

dereckson added a revision to T1444: CSRF timing attach in Sinatra rack-protection (CVE-2018-1000119): D1778: Update rack-protection.
Sep 20 2018, 21:44 · Tommy, security
dereckson triaged T1444: CSRF timing attach in Sinatra rack-protection (CVE-2018-1000119) as Low priority.
Sep 20 2018, 21:40 · Tommy, security

Sep 12 2018

dereckson updated the task description for T1425: Provision secrets through Salt.
Sep 12 2018, 10:26 · security, Nasqueron Operations Squad, Vault, Salt
dereckson updated the task description for T930: Secrets to migrate from DevCentral to Vault.
Sep 12 2018, 10:25 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a revision to T1425: Provision secrets through Salt: D1738: Map the Phabricator credentials ID.
Sep 12 2018, 09:56 · security, Nasqueron Operations Squad, Vault, Salt
dereckson created T1425: Provision secrets through Salt.
Sep 12 2018, 09:54 · security, Nasqueron Operations Squad, Vault, Salt

Sep 8 2018

dereckson closed T1411: Deploy Zemke-Rhyne on PaaS Docker as Resolved.
Sep 8 2018, 09:28 · Salt, security, Servers, Operations sprints (Operations sprint 1)
dereckson added a revision to T1411: Deploy Zemke-Rhyne on PaaS Docker: D1680: Provide a zr wrapper around the SSH command invocation.
Sep 8 2018, 09:27 · Salt, security, Servers, Operations sprints (Operations sprint 1)
dereckson added a revision to T1411: Deploy Zemke-Rhyne on PaaS Docker: D1679: Provision Zemke Rhyne key on Docker servers.
Sep 8 2018, 08:57 · Salt, security, Servers, Operations sprints (Operations sprint 1)
dereckson updated the task description for T1411: Deploy Zemke-Rhyne on PaaS Docker.
Sep 8 2018, 08:49 · Salt, security, Servers, Operations sprints (Operations sprint 1)
dereckson added projects to T1411: Deploy Zemke-Rhyne on PaaS Docker: Operations sprints (Operations sprint 1), Servers, security.
Sep 8 2018, 08:44 · Salt, security, Servers, Operations sprints (Operations sprint 1)

Feb 28 2018

dereckson moved T1342: Let's encrypt on Debian use logrotate from Backlog to Servers config on the Salt board.
Feb 28 2018, 21:38 · TLS certificates, security, Servers, Eglide, Salt

Feb 20 2018

dereckson triaged T1342: Let's encrypt on Debian use logrotate as Low priority.
Feb 20 2018, 14:08 · TLS certificates, security, Servers, Eglide, Salt

Feb 18 2018

dereckson updated the task description for T1342: Let's encrypt on Debian use logrotate.
Feb 18 2018, 00:59 · TLS certificates, security, Servers, Eglide, Salt
dereckson moved T1342: Let's encrypt on Debian use logrotate from Backlog to Server config on the Eglide board.
Feb 18 2018, 00:57 · TLS certificates, security, Servers, Eglide, Salt
dereckson created T1342: Let's encrypt on Debian use logrotate.
Feb 18 2018, 00:57 · TLS certificates, security, Servers, Eglide, Salt

Nov 12 2017

dereckson closed T1316: Audit SSH keys as Resolved.
Nov 12 2017, 23:20 · security, Servers, Eglide
dereckson added a comment to T1316: Audit SSH keys.

D1187 has been applied to Eglide.

Nov 12 2017, 23:20 · security, Servers, Eglide
dereckson updated the task description for T1316: Audit SSH keys.
Nov 12 2017, 13:21 · security, Servers, Eglide
dereckson added a comment to T1316: Audit SSH keys.
In T1316#16785, @dereckson wrote:

So we're waiting on khmerboy confirmation and we can proceed.

Nov 12 2017, 13:09 · security, Servers, Eglide
dereckson updated the task description for T1316: Audit SSH keys.
Nov 12 2017, 13:04 · security, Servers, Eglide

Nov 11 2017

dereckson added a comment to T1316: Audit SSH keys.

So we're waiting on khmerboy confirmation and we can proceed.

Nov 11 2017, 23:58 · security, Servers, Eglide
dereckson updated the task description for T1316: Audit SSH keys.
Nov 11 2017, 23:58 · security, Servers, Eglide
dereckson updated the task description for T1316: Audit SSH keys.
Nov 11 2017, 23:57 · security, Servers, Eglide

Nov 10 2017

dereckson updated the task description for T1316: Audit SSH keys.
Nov 10 2017, 20:16 · security, Servers, Eglide
dereckson created T1316: Audit SSH keys.
Nov 10 2017, 13:44 · security, Servers, Eglide

Nov 6 2017

dereckson added a parent task for T1311: Set sysctl for FreeBSD servers: T1268: Reprovision Ysul.
Nov 6 2017, 21:40 · Operations sprints (The Dreadnought will produce new officers), security, Salt
dereckson closed T1311: Set sysctl for FreeBSD servers as Resolved by committing rOPSe98b274c14b3: Kernel state configuration.
Nov 6 2017, 21:39 · Operations sprints (The Dreadnought will produce new officers), security, Salt
dereckson added a revision to T1311: Set sysctl for FreeBSD servers: D1183: Kernel state configuration.
Nov 6 2017, 21:35 · Operations sprints (The Dreadnought will produce new officers), security, Salt
dereckson added a project to T1311: Set sysctl for FreeBSD servers: Operations sprints (The Dreadnought will produce new officers).
Nov 6 2017, 20:05 · Operations sprints (The Dreadnought will produce new officers), security, Salt
dereckson added a project to T1311: Set sysctl for FreeBSD servers: security.
Nov 6 2017, 20:05 · Operations sprints (The Dreadnought will produce new officers), security, Salt

Nov 4 2017

dereckson merged task T1285: Update tomjerr SSH key into Restricted Maniphest Task.
Nov 4 2017, 23:32 · security, Servers

Nov 1 2017

dereckson closed T1295: Upgrade Docker images to PHP 7.1.11 as Resolved.
Nov 1 2017, 18:44 · security, Docker images
dereckson updated the post content for Blog Post: SSH keys for Ysul.
Nov 1 2017, 18:08 · security, Servers

Oct 31 2017

dereckson added a revision to T1295: Upgrade Docker images to PHP 7.1.11: D1141: Upgrade to PHP 7.1.11.
Oct 31 2017, 20:52 · security, Docker images
dereckson moved T1295: Upgrade Docker images to PHP 7.1.11 from Backlog to Pending review on the Docker images board.
Oct 31 2017, 20:50 · security, Docker images
dereckson triaged T1295: Upgrade Docker images to PHP 7.1.11 as High priority.
Oct 31 2017, 20:50 · security, Docker images

Oct 29 2017

dereckson updated the task description for T1292: userlist.db is saved in 644.
Oct 29 2017, 17:03 · C, good-first-issue, security, Odderon
dereckson moved T1292: userlist.db is saved in 644 from Backlog to Dev on the good-first-issue board.
Oct 29 2017, 17:02 · C, good-first-issue, security, Odderon
dereckson added a project to T1292: userlist.db is saved in 644: good-first-issue.
Oct 29 2017, 17:02 · C, good-first-issue, security, Odderon
dereckson updated subscribers of T1292: userlist.db is saved in 644.
Oct 29 2017, 17:02 · C, good-first-issue, security, Odderon
dereckson updated the task description for T1292: userlist.db is saved in 644.
Oct 29 2017, 17:02 · C, good-first-issue, security, Odderon
dereckson created T1292: userlist.db is saved in 644.
Oct 29 2017, 17:00 · C, good-first-issue, security, Odderon
dereckson closed T1267: Set userlist.db chmod to avoid it's world readable as Resolved by committing rOPS715b85e5d950: Ensure userlist isn't world-readable.
Oct 29 2017, 15:48 · security, Odderon
dereckson closed T1286: Eglide Salt minion doesn't respond, a subtask of T1285: Update tomjerr SSH key, as Resolved.
Oct 29 2017, 15:41 · security, Servers

Oct 28 2017

dereckson added a comment to T1285: Update tomjerr SSH key.

So last step is to propagate the change to Eglide restarting the minion.

Oct 28 2017, 20:50 · security, Servers
dereckson lowered the priority of T1285: Update tomjerr SSH key from High to Normal.
Oct 28 2017, 20:49 · security, Servers
dereckson added a comment to T1285: Update tomjerr SSH key.

I prepared such a change Wednesday, and committed now, as @tomjerr confirmed the key is working fine (per your manual add).

Oct 28 2017, 20:49 · security, Servers
dereckson added a subtask for T1285: Update tomjerr SSH key: T1286: Eglide Salt minion doesn't respond.
Oct 28 2017, 09:33 · security, Servers
dereckson added a revision to T1285: Update tomjerr SSH key: D1119: Update SSH key for tomjerr.
Oct 28 2017, 09:28 · security, Servers

Oct 27 2017

Sandlayth created T1285: Update tomjerr SSH key.
Oct 27 2017, 18:09 · security, Servers

Oct 24 2017

dereckson archived P175 pkg audit on Ysul.
Oct 24 2017, 02:13 · Servers, security
dereckson archived P106 pkg audit.
Oct 24 2017, 02:13 · security, Servers
dereckson archived P43 pkg audit on Ysul.
Oct 24 2017, 02:13 · Servers, security, Nasqueron security operations squad
dereckson archived P36 P35 Packages security issues on Ysul.
Oct 24 2017, 02:13 · security, Servers

Oct 21 2017

dereckson added a revision to T453: Installed AEScrypt on Ysul and Dwellers: D1070: Provision software to Ysul.
Oct 21 2017, 00:44 · security, Servers

Oct 19 2017

dereckson added a revision to T1267: Set userlist.db chmod to avoid it's world readable: D1069: Ensure userlist isn't world-readable.
Oct 19 2017, 22:54 · security, Odderon
dereckson renamed T1267: Set userlist.db chmod to avoid it's world readable from Set userlist2.db chmod to avoid it's world readable to Set userlist.db chmod to avoid it's world readable.
Oct 19 2017, 22:54 · security, Odderon
dereckson created T1267: Set userlist.db chmod to avoid it's world readable.
Oct 19 2017, 22:11 · security, Odderon

Oct 15 2017

dereckson moved T853: Deploy a Let's encrypt certificate to the Mumble server from Backlog to Ops on the good-first-issue board.
Oct 15 2017, 12:02 · TLS certificates, good-first-issue, Mumble, security, Servers

Sep 9 2017

Sandlayth placed T853: Deploy a Let's encrypt certificate to the Mumble server up for grabs.
Sep 9 2017, 16:23 · TLS certificates, good-first-issue, Mumble, security, Servers

Sep 2 2017

dereckson moved T1228: Configure TLS for webserver-core role from Backlog to Analysis / under discussion on the Servers board.
Sep 2 2017, 11:52 · security, Servers
dereckson added a comment to T1228: Configure TLS for webserver-core role.

The more immediate and interesting question: should we drop TLS 1.0?

Sep 2 2017, 11:43 · security, Servers
First
Prev
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator