Page MenuHomeDevCentral
Projects security

securityTag
ActivePublic
Watch Project

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This tag identifies security issue.

Recent Activity
View All

Yesterday

dereckson merged task T1524: Monitor sudo files on servers into T2286: Detect configuration drift by computing difference between Salt states and deployed.
Mon, Mar 23, 09:09 · Eglide, security, Servers
dereckson closed T1524: Monitor sudo files on servers as Wontfix.

With Salt, sudo files content are now managed from rOPS.

Mon, Mar 23, 09:09 · Eglide, security, Servers

Sun, Mar 22

dereckson triaged T2107: j'aimerais avoir une présence permanente sur internet as Wishlist priority.
Sun, Mar 22, 23:58 · Eglide, security
dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

Next: configure DNS records

Sun, Mar 22, 19:08 · security, Servers, IPv6
dereckson changed the visibility for T2143: Hash Tomcat credentials.
Sun, Mar 22, 19:04 · Servers, Nasqueron Docker deployment squad, security
dereckson shifted T2143: Hash Tomcat credentials from the Restricted Space space to the S1 Nasqueron space.
Sun, Mar 22, 19:03 · Servers, Nasqueron Docker deployment squad, security
dereckson closed T2143: Hash Tomcat credentials as Resolved.
Sun, Mar 22, 19:02 · Servers, Nasqueron Docker deployment squad, security
dereckson moved T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts from Backlog to Infra on the Auth Grove board.
Sun, Mar 22, 18:30 · Auth Grove, User-Dereckson, security, Nasqueron Operations Squad
dereckson triaged T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts as Normal priority.
Sun, Mar 22, 18:29 · Auth Grove, User-Dereckson, security, Nasqueron Operations Squad
dereckson placed T1513: Propagate certificate to Openfire server up for grabs.
Sun, Mar 22, 18:21 · XMPP, security, Servers
dereckson triaged T1513: Propagate certificate to Openfire server as Normal priority.
Sun, Mar 22, 18:21 · XMPP, security, Servers

Sat, Mar 21

dereckson added a parent task for T1513: Propagate certificate to Openfire server: T2043: Switch to acme.sh instead of certbot.
Sat, Mar 21, 10:32 · XMPP, security, Servers
dereckson updated subscribers of T1513: Propagate certificate to Openfire server.

Will need to be revisited when we switch to acme.sh.

Sat, Mar 21, 10:31 · XMPP, security, Servers

Fri, Mar 20

dereckson triaged T2281: [irssi] Secure proxy module with TLS connection as Wishlist priority.
Fri, Mar 20, 21:51 · security, upstream, IRC, C
dereckson updated the title for P390 Anubis default botPolicies.yaml from botPolicies.yaml to Anubis default botPolicies.yaml.
Fri, Mar 20, 20:03 · security, Nasqueron Docker deployment squad, Servers

Feb 5 2026

dereckson closed T2210: fullchain.pem isn't automatically generated by acme.sh as Resolved by committing rOPSc9cb237e5e18: Automate acme.sh install-cert cmd.
Feb 5 2026, 22:53 · security, Mail
DorianWinty added a revision to T2210: fullchain.pem isn't automatically generated by acme.sh: D3906: Automate acme.sh install-cert cmd.
Feb 5 2026, 22:04 · security, Mail
dereckson claimed T2210: fullchain.pem isn't automatically generated by acme.sh.

Patched it live.

Feb 5 2026, 21:48 · security, Mail
dereckson updated subscribers of T2210: fullchain.pem isn't automatically generated by acme.sh.
Feb 5 2026, 19:52 · security, Mail
dereckson triaged T2210: fullchain.pem isn't automatically generated by acme.sh as High priority.
Feb 5 2026, 19:52 · security, Mail

Feb 3 2026

dereckson closed T2198: Create new account for duranzed for Samy as Resolved.
Feb 3 2026, 18:57 · security, Servers
dereckson added a revision to T2198: Create new account for duranzed for Samy: D3899: Add duranzed to shell users.
Feb 3 2026, 18:57 · security, Servers
dereckson reassigned T2198: Create new account for duranzed for Samy from dereckson to Duranzed.
Feb 3 2026, 18:56 · security, Servers
dereckson renamed T2198: Create new account for duranzed for Samy from SSH pubkey to add to Create new account for duranzed for Samy.
Feb 3 2026, 18:56 · security, Servers

Nov 10 2025

dereckson added a comment to T2183: Detect legacy SHA-1 RSA keys.

Bruteforce attack scenario possible, so we're only interested by usernames defined in users.sls, not by "root" (can't login by SSH) or generic accounts like "docker" (doesn't exist):

Nov 10 2025, 01:57 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)
dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.
Nov 10 2025, 01:55 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)
dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.
Nov 10 2025, 01:47 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)
dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.
Nov 10 2025, 01:16 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)

Oct 25 2025

dereckson moved T1145: Don't truncate passwords from Backlog to General bug & features on the C board.
Oct 25 2025, 23:15 · C, security, Odderon
dereckson moved T1292: userlist.db is saved in 644 from Backlog to Network / System on the C board.
Oct 25 2025, 23:15 · C, good-first-issue, security, Odderon
dereckson added a project to T1145: Don't truncate passwords: C.
Oct 25 2025, 23:12 · C, security, Odderon
dereckson added a project to T1292: userlist.db is saved in 644: C.
Oct 25 2025, 23:12 · C, good-first-issue, security, Odderon

Oct 24 2025

dereckson added a comment to T2155: Review rotation for acme.sh logs.

Same issue for rhyne-wyse.log. Configuration was copied from acme.sh one.

Oct 24 2025, 23:05 · Restricted Project, security, Servers
dereckson closed T2132: Propagate acme.sh certificate so Dovecot can read it as Resolved.
Oct 24 2025, 19:33 · security, Mail, Restricted Project

Oct 20 2025

dereckson added a parent task for T2155: Review rotation for acme.sh logs: T2043: Switch to acme.sh instead of certbot.
Oct 20 2025, 23:06 · Restricted Project, security, Servers
dereckson triaged T2155: Review rotation for acme.sh logs as Normal priority.
Oct 20 2025, 22:52 · Restricted Project, security, Servers
dereckson added a project to T2154: IPv6 support for ns1.nasqueron.org: security.
Oct 20 2025, 22:49 · Servers, IPv6, DNS

Oct 13 2025

dereckson moved T2143: Hash Tomcat credentials from Backlog to Pending review on the Nasqueron Docker deployment squad board.
Oct 13 2025, 22:43 · Servers, Nasqueron Docker deployment squad, security
dereckson moved T2143: Hash Tomcat credentials from Backlog to Pending review on the Servers board.
Oct 13 2025, 22:43 · Servers, Nasqueron Docker deployment squad, security
dereckson moved T2143: Hash Tomcat credentials from Backlog to Pending review on the security board.
Oct 13 2025, 22:43 · Servers, Nasqueron Docker deployment squad, security
dereckson added a comment to T2143: Hash Tomcat credentials.

Credentials have been hashed directly in Vault, so we don't need to manipulate cleartext password with Salt.
Salt updated the tomcat-users.xml accordingly.

Oct 13 2025, 22:42 · Servers, Nasqueron Docker deployment squad, security
dereckson added a revision to T2143: Hash Tomcat credentials: D3755: Configure Tomcat server explicitly.
Oct 13 2025, 20:47 · Servers, Nasqueron Docker deployment squad, security
dereckson added a revision to T2143: Hash Tomcat credentials: D3754: Use target name instead of generic name for orbeon.xml.
Oct 13 2025, 20:27 · Servers, Nasqueron Docker deployment squad, security
dereckson triaged T2143: Hash Tomcat credentials as High priority.
Oct 13 2025, 20:24 · Servers, Nasqueron Docker deployment squad, security

Oct 11 2025

dereckson moved T1656: Convert daeghrefn. for Uspection use from Backlog to Need dev on the documentation board.
Oct 11 2025, 11:53 · upsection, security, documentation, IRC, Dæghrefn
dereckson moved T1657: Convert docs. for Uspection use from Backlog to Need dev on the documentation board.
Oct 11 2025, 11:53 · upsection, security, documentation
dereckson closed T1765: SELinux context is missing for /etc/nginx configuration files as Resolved.

The full /etc/nginx directories on both docker-002 and dwellers use httpd_config_t for every file.

Oct 11 2025, 11:44 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T1765: SELinux context is missing for /etc/nginx configuration files.
Oct 11 2025, 11:39 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers

Oct 10 2025

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.
Oct 10 2025, 22:25 · security, Mail, Restricted Project
dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Backlog to Pending review on the security board.
Oct 10 2025, 22:24 · security, Mail, Restricted Project
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator