Projects security

securityTag
ActivePublic
Watch Project

Members (1)

dereckson (Sébastien Santoro)
Nasqueron founder
View All

Watchers

This project does not have any watchers.
View All

Details

Description

This tag identifies security issue.

Recent Activity
View All

Mon, Nov 10

dereckson added a comment to T2183: Detect legacy SHA-1 RSA keys.

Bruteforce attack scenario possible, so we're only interested by usernames defined in users.sls, not by "root" (can't login by SSH) or generic accounts like "docker" (doesn't exist):

Mon, Nov 10, 01:57 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)

dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.

Mon, Nov 10, 01:55 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)

dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.

Mon, Nov 10, 01:47 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)

dereckson updated the task description for T2183: Detect legacy SHA-1 RSA keys.

Mon, Nov 10, 01:16 · security, Python, Eglide, Servers, Operations sprints (Echoes in the Void)

Oct 25 2025

dereckson moved T1145: Don't truncate passwords from Backlog to General bug & features on the C board.

Oct 25 2025, 23:15 · C, security, Odderon

dereckson moved T1292: userlist.db is saved in 644 from Backlog to Network / System on the C board.

Oct 25 2025, 23:15 · C, good-first-issue, security, Odderon

dereckson added a project to T1145: Don't truncate passwords: C.

Oct 25 2025, 23:12 · C, security, Odderon

dereckson added a project to T1292: userlist.db is saved in 644: C.

Oct 25 2025, 23:12 · C, good-first-issue, security, Odderon

Oct 24 2025

dereckson added a comment to T2155: Review rotation for acme.sh logs.

Same issue for rhyne-wyse.log. Configuration was copied from acme.sh one.

Oct 24 2025, 23:05 · Restricted Project, security, Servers

dereckson closed T2132: Propagate acme.sh certificate so Dovecot can read it as Resolved.

Oct 24 2025, 19:33 · security, Mail, Restricted Project

Oct 20 2025

dereckson added a parent task for T2155: Review rotation for acme.sh logs: T2043: Switch to acme.sh instead of certbot.

Oct 20 2025, 23:06 · Restricted Project, security, Servers

dereckson triaged T2155: Review rotation for acme.sh logs as Normal priority.

Oct 20 2025, 22:52 · Restricted Project, security, Servers

dereckson added a project to T2154: IPv6 support for ns1.nasqueron.org: security.

Oct 20 2025, 22:49 · Servers, IPv6, DNS

Oct 11 2025

dereckson moved T1656: Convert daeghrefn. for Uspection use from Backlog to Need dev on the documentation board.

Oct 11 2025, 11:53 · upsection, security, documentation, IRC, Dæghrefn

dereckson moved T1657: Convert docs. for Uspection use from Backlog to Need dev on the documentation board.

Oct 11 2025, 11:53 · upsection, security, documentation

dereckson closed T1765: SELinux context is missing for /etc/nginx configuration files as Resolved.

The full /etc/nginx directories on both docker-002 and dwellers use httpd_config_t for every file.

Oct 11 2025, 11:44 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers

dereckson updated the task description for T1765: SELinux context is missing for /etc/nginx configuration files.

Oct 11 2025, 11:39 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers

Oct 10 2025

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.

Oct 10 2025, 22:25 · security, Mail, Restricted Project

dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Backlog to Pending review on the security board.

Oct 10 2025, 22:24 · security, Mail, Restricted Project

dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Backlog - On hold pending T1475 to Pending review on the Mail board.

Oct 10 2025, 22:24 · security, Mail, Restricted Project

dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3732: Enforce correct attributes for acme.sh private keys.

Oct 10 2025, 22:19 · security, Mail, Restricted Project

dereckson claimed T2132: Propagate acme.sh certificate so Dovecot can read it.

Oct 10 2025, 22:07 · security, Mail, Restricted Project

Oct 9 2025

dereckson added a comment to T1878: Allow to run queries for reporting.

Alternatively, we made a lot of progress on this in T2124.

Oct 9 2025, 14:41 · Monitoring and reporting, security, DBA, Servers

Oct 6 2025

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.

Oct 6 2025, 09:43 · security, Mail, Restricted Project

Sep 23 2025

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.

Sep 23 2025, 17:19 · security, Mail, Restricted Project

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.

Sep 23 2025, 17:18 · security, Mail, Restricted Project

dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3712: Share /var/certificates/<domain> for all mail services.

Sep 23 2025, 17:14 · security, Mail, Restricted Project

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.

Sep 23 2025, 16:42 · security, Mail, Restricted Project

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.

Sep 23 2025, 16:42 · security, Mail, Restricted Project

dereckson updated the task description for T2132: Propagate acme.sh certificate so Dovecot can read it.

Sep 23 2025, 16:22 · security, Mail, Restricted Project

dereckson moved T2132: Propagate acme.sh certificate so Dovecot can read it from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Sep 23 2025, 16:21 · security, Mail, Restricted Project

dereckson added a revision to T2132: Propagate acme.sh certificate so Dovecot can read it: D3711: Correct path for dovecot certificates.

Sep 23 2025, 16:19 · security, Mail, Restricted Project

Sep 22 2025

dereckson triaged T2132: Propagate acme.sh certificate so Dovecot can read it as High priority.

Sep 22 2025, 21:32 · security, Mail, Restricted Project

Sep 18 2025

dereckson updated the task description for T2040: Supersede Vault by OpenBao.

Sep 18 2025, 22:22 · security, Servers, Vault

dereckson updated the task description for T2040: Supersede Vault by OpenBao.

Sep 18 2025, 22:05 · security, Servers, Vault

dereckson added a comment to T2040: Supersede Vault by OpenBao.

So, there is a new reason to do the upgrade.

Sep 18 2025, 22:04 · security, Servers, Vault

Sep 14 2025

dereckson moved T1580: Deploy ACME-specific DNS server from DNS Server / KnotDNS to AcmeDNS on the DNS board.

Sep 14 2025, 23:11 · Operations sprints (Consolidate them all), DNS, security, Servers

dereckson moved T1580: Deploy ACME-specific DNS server from Backlog to DNS Server / KnotDNS on the DNS board.

Sep 14 2025, 23:10 · Operations sprints (Consolidate them all), DNS, security, Servers

dereckson moved T1928: Serve CAA DNS records from Backlog to DNS records on the DNS board.

Sep 14 2025, 23:10 · Servers, DNS, security

Sep 10 2025

dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTPS certificate automatically to Renew Vault web server certificate automatically.

Sep 10 2025, 19:38 · security, Servers

dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault HTTP certificate automatically to Renew Vault HTTPS certificate automatically.

Sep 10 2025, 19:38 · security, Servers

dereckson renamed T2112: Renew Vault web server certificate automatically from Renew Vault certificate to Renew Vault HTTP certificate automatically.

Sep 10 2025, 19:38 · security, Servers

dereckson added a revision to T2112: Renew Vault web server certificate automatically: D3657: Renew Vault intermediate authority certificate.

Sep 10 2025, 19:34 · security, Servers

dereckson added a comment to T2112: Renew Vault web server certificate automatically.

First step is to create a script to renew all needed certificates:

Sep 10 2025, 19:31 · security, Servers

May 18 2025

dereckson added a project to T2115: Update Dwellers packages: security.

May 18 2025, 09:06 · Servers

dereckson triaged T2112: Renew Vault web server certificate automatically as High priority.

May 18 2025, 08:46 · security, Servers

Apr 5 2025

dereckson added a comment to T2107: j'aimerais avoir une présence permanente sur internet.

Une fois que tu as retrouvé les accès SSH pour le web statique:

WindRiver: automatiquement https://windriver.nasqueron.org/~xcombelle est disponible si tu places des fichiers dans /var/home-wwwroot/xcombelle (je ne sais plus si ça se crée automatiquement avec symlink vers $HOME/public_html, à vérifier)
Eglide: https://www.eglide.org/~xcombelle pour $HOME/public_html

Apr 5 2025, 13:55 · Eglide, security

dereckson added projects to T2107: j'aimerais avoir une présence permanente sur internet: security, Eglide.

Apr 5 2025, 13:51 · Eglide, security

Nov 2 2024

dereckson created Blog Post: SSH keys fingerprints for Dwellers.

Nov 2 2024, 18:17 · Servers, security

Oct 27 2024

dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Backup infrastructure on the Backups board.

Oct 27 2024, 01:09 · security, Servers, Backups, Salt