Page MenuHomeDevCentral
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Jul 25 2016

dereckson added a revision to T945: Upgrade Docker images to PHP 5.6.24: D574: Upgrade PHP to 5.6.24.
Jul 25 2016, 17:21 · Docker images, security
dereckson added a revision to T945: Upgrade Docker images to PHP 5.6.24: D573: Upgrade PHP to 5.6.24.
Jul 25 2016, 17:21 · Docker images, security
dereckson created T945: Upgrade Docker images to PHP 5.6.24.
Jul 25 2016, 17:14 · Docker images, security

Jul 24 2016

dereckson closed T933: Upgrade Apache on Ysul as Resolved.
Jul 24 2016, 20:01 · security, Servers
dereckson added a comment to T933: Upgrade Apache on Ysul.

Without PHP allowance patch for SuEXEC
/var/log/messages.2.bz2:Jul 22 20:29:35 ysul pkg-static: apache24-2.4.20_1 deinstalled
/var/log/messages.2.bz2:Jul 22 20:29:57 ysul pkg-static: apache24-2.4.23_1 installed

Jul 24 2016, 20:01 · security, Servers

Jul 22 2016

dereckson added a parent task for T930: Secrets to migrate from DevCentral to Vault: T928: Deploy Vault to store credentials.
Jul 22 2016, 03:02 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson triaged T933: Upgrade Apache on Ysul as High priority.
Jul 22 2016, 03:01 · security, Servers
dereckson added a subtask for T822: SSL certificates: migrate from Startcom to Let's encrypt: T931: Let's encrypt certificate for stages.wolfplex.be.
Jul 22 2016, 02:59 · Servers, security
dereckson moved T822: SSL certificates: migrate from Startcom to Let's encrypt from Backlog to Pending review on the Servers board.
Jul 22 2016, 02:58 · Servers, security

Jul 21 2016

dereckson created T930: Secrets to migrate from DevCentral to Vault.
Jul 21 2016, 15:55 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Jul 10 2016

dereckson added a project to T853: Deploy a Let's encrypt certificate to the Mumble server: User-Dereckson.
Jul 10 2016, 23:22 · good-first-issue, Mumble, security, Servers

Jul 6 2016

dereckson closed D464: [Eglide] SSH key change for kazuya by committing rOPS9d5cbec5d4ad: [Eglide] SSH key change for kazuya.
Jul 6 2016, 18:58 · security, Salt
dereckson accepted D464: [Eglide] SSH key change for kazuya.
Jul 6 2016, 18:55 · security, Salt
dereckson retitled D464: [Eglide] SSH key change for kazuya from SSH key change for kazuya to [Eglide] SSH key change for kazuya.
Jul 6 2016, 18:49 · security, Salt

Jul 2 2016

dereckson closed D451: Subresource Integrity by committing rGROVEdafb55ce332b: Subresource Integrity.
Jul 2 2016, 15:34 · security
dereckson accepted D451: Subresource Integrity.

Hashes generated through https://www.srihash.org/ managed by Mozilla, and tested under Chrome 51.

Jul 2 2016, 15:33 · security
dereckson added a project to D451: Subresource Integrity: security.
Jul 2 2016, 15:32 · security

Jun 26 2016

dereckson updated the task description for T878: Salt Auth Grove passwords.
Jun 26 2016, 22:07 · security, User-Dereckson, Auth Grove
dereckson closed T878: Salt Auth Grove passwords as Invalid.

That's already the case, see hashing in the Laravel documentation.

Jun 26 2016, 22:06 · security, User-Dereckson, Auth Grove
dereckson moved T878: Salt Auth Grove passwords from Backlog to Next on the User-Dereckson board.
Jun 26 2016, 18:36 · security, User-Dereckson, Auth Grove
dereckson closed T840: Upgrade to Laravel 5.2, a subtask of T878: Salt Auth Grove passwords, as Resolved.
Jun 26 2016, 18:22 · security, User-Dereckson, Auth Grove
dereckson added a parent task for T878: Salt Auth Grove passwords: T271: Deploy Auth Grove to login.nasqueron.org.
Jun 26 2016, 15:44 · security, User-Dereckson, Auth Grove
dereckson added a comment to T878: Salt Auth Grove passwords.

As auth code is currently refactored to be sync'ed with Laravel 5.1 → 5.2 change, I'd suggest to avoid currently to refactor code independently.

Jun 26 2016, 14:41 · security, User-Dereckson, Auth Grove
dereckson added a subtask for T878: Salt Auth Grove passwords: T840: Upgrade to Laravel 5.2.
Jun 26 2016, 14:40 · security, User-Dereckson, Auth Grove
dereckson created T878: Salt Auth Grove passwords.
Jun 26 2016, 14:38 · security, User-Dereckson, Auth Grove

Jun 18 2016

dereckson moved T828: Implement local storage features from New trackers to Dev on the tracker board.
Jun 18 2016, 12:53 · tracker, security, Auth Grove

Jun 15 2016

dereckson added a comment to T866: Switch Uncle Slovius jail to IPv6.

I'm decreasing the TTL of uncle-slovius CNAME DNS entry, so we'll be able to switch > 2016-06-16 4:00.

Jun 15 2016, 01:45 · Servers, security
dereckson added a comment to T866: Switch Uncle Slovius jail to IPv6.

Dedicated IPv6 will be 2001:470:1f13:9e1:0:c0ff:ee:6.

Jun 15 2016, 01:42 · Servers, security
dereckson created T866: Switch Uncle Slovius jail to IPv6.
Jun 15 2016, 01:40 · Servers, security

Jun 12 2016

dereckson updated the task description for T860: Upgrade OpenSSL.
Jun 12 2016, 21:14 · security, Servers
dereckson triaged T860: Upgrade OpenSSL as High priority.
Jun 12 2016, 21:14 · security, Servers

Jun 9 2016

dereckson closed T854: Write a Let's encrypt web server configuration checker, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jun 9 2016, 10:46 · security, Servers
dereckson closed T854: Write a Let's encrypt web server configuration checker as Resolved by committing rOPS0aa61ca254f9: Let's encrypt web server configuration checker.
Jun 9 2016, 10:46 · security, Servers
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

Fixed for Agora.

Jun 9 2016, 02:22 · security, Servers
dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

agora.nasqueron.org still use a StartSSL (has been expired for 4 days)

Jun 9 2016, 02:17 · security, Servers

Jun 5 2016

dereckson added a comment to T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

Testing D396 script, three domains have issues.

Jun 5 2016, 22:22 · security, Servers
dereckson added a revision to T854: Write a Let's encrypt web server configuration checker: D396: Let's encrypt web server configuration checker.
Jun 5 2016, 22:17 · security, Servers
dereckson created T854: Write a Let's encrypt web server configuration checker.
Jun 5 2016, 21:04 · security, Servers

Jun 4 2016

dereckson lowered the priority of T853: Deploy a Let's encrypt certificate to the Mumble server from High to Normal.

We need a script to automate the process.

Jun 4 2016, 14:43 · good-first-issue, Mumble, security, Servers
dereckson added a comment to T853: Deploy a Let's encrypt certificate to the Mumble server.

Done manually.

Jun 4 2016, 14:42 · good-first-issue, Mumble, security, Servers
dereckson moved T853: Deploy a Let's encrypt certificate to the Mumble server from Backlog to Configuration requests on the Mumble board.
Jun 4 2016, 02:11 · good-first-issue, Mumble, security, Servers
dereckson created T853: Deploy a Let's encrypt certificate to the Mumble server.
Jun 4 2016, 02:11 · good-first-issue, Mumble, security, Servers
dereckson updated subscribers of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org.

Following work this week by @Sandlayth (Dwellers) and me (Ysul), all *.nasqueron.org sites are migrated to Let's encrypt certificates.

Jun 4 2016, 02:07 · security, Servers
dereckson closed T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content as Resolved by committing rTSWWWdedcc4e0e4a2: Serve https links.
Jun 4 2016, 00:58 · TrustSpace, security, Servers
dereckson closed T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jun 4 2016, 00:58 · security, Servers

Jun 3 2016

dereckson added a revision to T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content: D388: Serve https links.
Jun 3 2016, 21:52 · TrustSpace, security, Servers
dereckson created T849: https://trustspace.nasqueron.org/css/trustspace.css serves http:// content.
Jun 3 2016, 21:30 · TrustSpace, security, Servers
dereckson closed T848: hotglue.nasqueron.org serves http:// content, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Resolved.
Jun 3 2016, 18:02 · security, Servers
dereckson added a comment to T214: Software security issues on Ysul.

So for reference, we can now customize SuEXEC settings.

Jun 3 2016, 16:58 · security, Servers

Jun 2 2016

dereckson closed T492: When using a front-end server with SSL termination, back-end serves http:// links. as Resolved by committing rGROVE0f370cd5307d: Allow to serve https:// links behind a front-end server with SSL termination.
Jun 2 2016, 04:59 · security, Auth Grove

May 31 2016

dereckson added a parent task for T492: When using a front-end server with SSL termination, back-end serves http:// links.: T271: Deploy Auth Grove to login.nasqueron.org.
May 31 2016, 18:52 · security, Auth Grove

May 21 2016

dereckson closed T656: Ensure every URL is HTTPS or protocol-relative as Resolved.
May 21 2016, 14:32 · security, bioty.co hosting
dereckson moved T656: Ensure every URL is HTTPS or protocol-relative from Backlog to Done on the bioty.co hosting board.
May 21 2016, 14:32 · security, bioty.co hosting

May 20 2016

dereckson updated the task description for T828: Implement local storage features.
May 20 2016, 16:11 · tracker, security, Auth Grove
dereckson updated the task description for T828: Implement local storage features.
May 20 2016, 16:06 · tracker, security, Auth Grove
dereckson created T828: Implement local storage features.
May 20 2016, 16:03 · tracker, security, Auth Grove

May 5 2016

amj added projects to T822: SSL certificates: migrate from Startcom to Let's encrypt: security, Servers.
May 5 2016, 14:28 · Servers, security

Apr 20 2016

dereckson closed T813: Renew www.espace-win.org certificate as Resolved.

So the issue was this nginx block, which deny access to .well-known like anything else starting with a dot:

Apr 20 2016, 22:21 · security, Servers
dereckson added a comment to T813: Renew www.espace-win.org certificate.
$ letsencrypt renew
[...]
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/www.espace-win.org.conf
-------------------------------------------------------------------------------
2016-04-20 22:10:33,464:WARNING:letsencrypt.renewal:Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/www.espace-win.org.conf produced an unexpected error: Failed authorization procedure. dropbox.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://dropbox.espace-win.org/.well-known/acme-challenge/AFcGawsTLFqpJwWWZDmMh4LHjMVRkIbAfbq13_6qM40 [212.83.187.132]: 403, files.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://files.espace-win.org/.well-known/acme-challenge/43QDyWupIPxeAlNMyXgvDezCIMf-6kGxvAn2SzBIrak [212.83.187.132]: 403, forum.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://forum.espace-win.org/.well-known/acme-challenge/rHPn1p3iNsjXBzgAC0Hk-npvdCRF1qmJTrohgFkmugM [212.83.187.132]: 403, espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://espace-win.org/.well-known/acme-challenge/o_7sf9acLUEuHzVQNOHBcHvTG73l7xlP8mMX6nhx22c [212.83.187.132]: 403, pastebin.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://pastebin.espace-win.org/.well-known/acme-challenge/QCzu4WhOSjhRPzH6BvjMgAn2tggV1qbBW0q9tdyYACs [212.83.187.132]: 403, assets.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://assets.espace-win.org/.well-known/acme-challenge/LU-KuSB2bzPYmxw2vACtLu6yZj8ygXkAZiPxwHOMcHE [212.83.187.132]: 403, excel.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://excel.espace-win.org/.well-known/acme-challenge/5iaG0F-_T5a2TKlFWDxTqvBxg6GD50B_YfY5sxolNQ0 [212.83.187.132]: 403, www.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.espace-win.org/.well-known/acme-challenge/Pw6LYupam92EIy330xYlAuHuKvNKpp6unoVU8UAOrmw [212.83.187.132]: 403, gd.espace-win.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gd.espace-win.org/.well-known/acme-challenge/SP1gRHzjZR39Ai9lZXQvEsTi9i7f0dYSL2bbR_bPOY4 [212.83.187.132]: 403. Skipping.
Apr 20 2016, 22:12 · security, Servers
dereckson created T813: Renew www.espace-win.org certificate.
Apr 20 2016, 22:08 · security, Servers

Apr 2 2016

dereckson added a comment to T783: Run an extra SSH server on Ysul for OTP/Yubikey.

This works:

Apr 2 2016, 01:15 · security, Servers

Apr 1 2016

dereckson added a comment to T783: Run an extra SSH server on Ysul for OTP/Yubikey.

Hmmm, we need to recompile another OpenSSH server to be able to change the PAM service name

Apr 1 2016, 21:50 · security, Servers
dereckson raised the priority of T783: Run an extra SSH server on Ysul for OTP/Yubikey from Low to Normal.

New users are puzzled by the prompt.

Apr 1 2016, 21:44 · security, Servers

Mar 28 2016

dereckson updated the task description for T415: Allowed ops@ and dereckson@ to sudo docker or lxc-* commands on Dwellers.
Mar 28 2016, 22:40 · Accounts, security, Servers
dereckson moved T665: Configure DevCentral to approve automatically the user accounts from Backlog to Config on the DevCentral board.
Mar 28 2016, 19:49 · security, DevCentral

Mar 13 2016

dereckson triaged T783: Run an extra SSH server on Ysul for OTP/Yubikey as Low priority.
Mar 13 2016, 20:12 · security, Servers

Mar 10 2016

Sandlayth closed T776: Determine domain name for Eglide as Resolved.

After a conversation on #wolfplex, debating about the domain name to use, we endly concluded that Eglide will be a standalone project, nonetheless supported by Nasqueron.
Therefore, the domain name reserved for this project is eglide.org.

Mar 10 2016, 21:42 · Eglide, discussion, security, IRC, Servers
dereckson updated the task description for T776: Determine domain name for Eglide.
Mar 10 2016, 04:59 · Eglide, discussion, security, IRC, Servers
dereckson created T776: Determine domain name for Eglide.
Mar 10 2016, 04:57 · Eglide, discussion, security, IRC, Servers

Mar 7 2016

dereckson closed D307: Allow to download with wget by committing rSTGf443c0ca9ba8: Allow to download with wget.
Mar 7 2016, 20:38 · security
dereckson accepted D307: Allow to download with wget.

@xcombelle confirmed on #wikipedia-fr the code is safe as far as security is concerned.

Mar 7 2016, 20:22 · security
dereckson updated the diff for D307: Allow to download with wget.

Fixed issue reported by Scoopfinder.

Mar 7 2016, 20:19 · security
dereckson added inline comments to D307: Allow to download with wget.
Mar 7 2016, 18:40 · security
dereckson planned changes to D307: Allow to download with wget.

Regression This commit introduces the following issue when the page IS NOT downloaded through this new method:

Mar 7 2016, 17:15 · security

Feb 29 2016

dereckson updated the diff for D307: Allow to download with wget.

+Page::encodeData

Feb 29 2016, 04:50 · security
dereckson added a task to D307: Allow to download with wget: T697: Le Soir - Redirection limit reached.
Feb 29 2016, 04:35 · security
dereckson updated the test plan for D307: Allow to download with wget.
Feb 29 2016, 04:35 · security
dereckson added inline comments to D307: Allow to download with wget.
Feb 29 2016, 04:24 · security
dereckson added a project to D307: Allow to download with wget: security.
Feb 29 2016, 04:19 · security
dereckson added a project to P175 pkg audit on Ysul: security.
Feb 29 2016, 02:15 · Servers, security
dereckson added a project to P175 pkg audit on Ysul: Servers.
Feb 29 2016, 02:15 · Servers, security

Feb 26 2016

dereckson added a comment to T744: Recycle containers on Dwellers to mitigate CVE-2015-7547.

The packages have been upgraded for the following containers:

Feb 26 2016, 18:53 · security, Nasqueron Docker deployment squad

Feb 21 2016

dereckson updated the title for P168 dereckson@ilium SSH key from dereckson@illium SSH key to dereckson@ilium SSH key.
Feb 21 2016, 02:52 · security, Servers
dereckson edited P168 dereckson@ilium SSH key.
Feb 21 2016, 02:52 · security, Servers
dereckson archived P168 dereckson@ilium SSH key.
Feb 21 2016, 02:50 · security, Servers
dereckson archived P169 `pkg audit` on Ysul.
Feb 21 2016, 02:49 · security, Servers
dereckson added a comment to P169 `pkg audit` on Ysul.

Fixed, silgraphite2 through ports, the others through binary packages.

Feb 21 2016, 02:49 · security, Servers
dereckson updated the title for P169 `pkg audit` on Ysul from Masterwork From Distant Lands to `pkg audit` on Ysul.
Feb 21 2016, 02:41 · security, Servers

Feb 20 2016

dereckson created P168 dereckson@ilium SSH key.
Feb 20 2016, 14:31 · security, Servers

Feb 17 2016

dereckson added a project to T606: Create a let's encrypt certificate generator jail: IPv6.
Feb 17 2016, 02:56 · IPv6, Operations sprint 0, security, Servers
dereckson renamed T744: Recycle containers on Dwellers to mitigate CVE-2015-7547 from Recycle containers on Dwellers to Recycle containers on Dwellers to mitigate CVE-2015-7547.
Feb 17 2016, 00:15 · security, Nasqueron Docker deployment squad
dereckson added a parent task for T744: Recycle containers on Dwellers to mitigate CVE-2015-7547: T743: Mitigate CVE-2015-7547 DNS glibc issue.
Feb 17 2016, 00:15 · security, Nasqueron Docker deployment squad
dereckson created T744: Recycle containers on Dwellers to mitigate CVE-2015-7547.
Feb 17 2016, 00:07 · security, Nasqueron Docker deployment squad

Feb 12 2016

dereckson added a comment to T720: Ysul: cannot stat /etc/login.conf: Not permitted in capability mode.

Could be related to Capsicum — https://lists.cam.ac.uk/pipermail/cl-capsicum-discuss/2014-December/msg00004.html

Feb 12 2016, 04:04 · security, Servers
dereckson created T720: Ysul: cannot stat /etc/login.conf: Not permitted in capability mode.
Feb 12 2016, 04:03 · security, Servers

Feb 2 2016

dereckson added a project to T619: Allow to control from TC2 the Docker engine: Operations sprints (Operations sprint 1).
Feb 2 2016, 05:22 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn
dereckson moved T606: Create a let's encrypt certificate generator jail from Pending review to Done on the Operations sprint 0 board.
Feb 2 2016, 04:23 · IPv6, Operations sprint 0, security, Servers
dereckson moved T606: Create a let's encrypt certificate generator jail from Working on to Pending review on the Operations sprint 0 board.
Feb 2 2016, 04:22 · IPv6, Operations sprint 0, security, Servers

Jan 23 2016

dereckson lowered the priority of T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist from High to Normal.
Jan 23 2016, 03:17 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson added a comment to T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist.

Dwellers is already in the whitelist.

Jan 23 2016, 03:16 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
First
Prev
Next
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator