Page MenuHomeDevCentral
Projects security

securityTag
ActivePublic
Watch Project

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This tag identifies security issue.

Recent Activity
View All

Sat, Nov 2

dereckson created Blog Post: SSH keys fingerprints for Dwellers.
Sat, Nov 2, 18:17 · Servers, security

Sun, Oct 27

dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Backup infrastructure on the Backups board.
Sun, Oct 27, 01:09 · security, Servers, Backups, Salt
dereckson moved T2075: Generate SSH keys for backup purpose from Servers config to Require Salt dev on the Salt board.
Sun, Oct 27, 01:00 · security, Servers, Backups, Salt
dereckson moved T2075: Generate SSH keys for backup purpose from Backlog to Servers config on the Salt board.
Sun, Oct 27, 01:00 · security, Servers, Backups, Salt
dereckson triaged T2075: Generate SSH keys for backup purpose as Normal priority.
Sun, Oct 27, 00:58 · security, Servers, Backups, Salt

Wed, Oct 23

dereckson closed T2051: Can't renew TLS certificates verified through HTTP on docker engines as Resolved by committing rOPSb99907864885: Allow nginx to read /.well-known/acme-challenge.
Wed, Oct 23, 16:38 · security, Nasqueron Docker deployment squad, Servers

Oct 13 2024

dereckson moved T1861: Configure static IPv6 on WindRiver from Backlog to Knowledge sharing is needed on the IPv6 board.
Oct 13 2024, 12:04 · security, Servers, IPv6
dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

So, to get routing back:

Oct 13 2024, 12:03 · security, Servers, IPv6

Oct 12 2024

dereckson moved T1765: SELinux context is missing for /etc/nginx configuration files from Backlog - Docker to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.
Oct 12 2024, 10:21 · Operations sprints (Ignite Alkane Propulsion), Salt, security, Nasqueron Docker deployment squad, Servers
dereckson closed T619: Allow to control from TC2 the Docker engine as Wontfix.

Not sure of the current benefit to use TC2.

Oct 12 2024, 10:16 · Operations sprints (Operations sprint 1), security, Nasqueron Docker deployment squad, Servers, Dæghrefn
dereckson moved T1486: Evaluate Archery from Backlog to Not for this sprint on the Operations sprints (Move the ambiant lights) board.
Oct 12 2024, 10:07 · security, Product evaluation, Operations sprints (Move the ambiant lights)
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Backlog to Backlog - Alkane/Webservers on the Operations sprints (Ignite Alkane Propulsion) board.
Oct 12 2024, 09:48 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson edited projects for T1602: Provision ACME DNS credentials for core domains on each servers, added: Operations sprints (Ignite Alkane Propulsion); removed Operations sprints (Consolidate them all).
Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Pending review to Not for this sprint on the Operations sprints (Consolidate them all) board.
Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson added a comment to T1602: Provision ACME DNS credentials for core domains on each servers.

This is still needed for acme.sh if we want to provision different *.nasqueron.org certificates on different servers.

Oct 12 2024, 09:47 · Operations sprints (Ignite Alkane Propulsion), security, Servers
dereckson added a subtask for T1602: Provision ACME DNS credentials for core domains on each servers: T1599: Install TLS wildcard certificates for nginx fallback vhost.
Oct 12 2024, 09:44 · Operations sprints (Ignite Alkane Propulsion), security, Servers

Oct 9 2024

dereckson lowered the priority of T2051: Can't renew TLS certificates verified through HTTP on docker engines from High to Normal.
Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson added a comment to T2051: Can't renew TLS certificates verified through HTTP on docker engines.

Salt SELinux module issue

Oct 9 2024, 18:45 · security, Nasqueron Docker deployment squad, Servers
dereckson updated the task description for T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Oct 9 2024, 18:07 · security, Nasqueron Docker deployment squad, Servers
dereckson added a revision to T2051: Can't renew TLS certificates verified through HTTP on docker engines: D3501: Allow nginx to read /.well-known/acme-challenge.
Oct 9 2024, 17:48 · security, Nasqueron Docker deployment squad, Servers
dereckson moved T2051: Can't renew TLS certificates verified through HTTP on docker engines from Backlog to Pending review on the Servers board.
Oct 9 2024, 17:43 · security, Nasqueron Docker deployment squad, Servers
dereckson moved T2051: Can't renew TLS certificates verified through HTTP on docker engines from Backlog to Working on on the Nasqueron Docker deployment squad board.

SELinux context was the default for anything created under /var, which we didn't allow and aren't interested to allow for nginx.

Oct 9 2024, 17:43 · security, Nasqueron Docker deployment squad, Servers
dereckson triaged T2051: Can't renew TLS certificates verified through HTTP on docker engines as High priority.
Oct 9 2024, 16:02 · security, Nasqueron Docker deployment squad, Servers
dereckson created T2051: Can't renew TLS certificates verified through HTTP on docker engines.
Oct 9 2024, 16:01 · security, Nasqueron Docker deployment squad, Servers

Oct 3 2024

dereckson created Blog Post: WindRiver moved to a new home. New SSH keys..
Oct 3 2024, 19:42 · security, Servers
dereckson added a comment to T2040: Supersede Vault by OpenBao.

Yes, it's a fork from Vault 1.14 so we've all the features of token generation. back to the shorter s. tokens).

Oct 3 2024, 17:26 · security, Servers, Vault
DorianWinty added a comment to T2040: Supersede Vault by OpenBao.
  • about the UI it could be usefull managing secrets more easyly
Oct 3 2024, 17:23 · security, Servers, Vault
dereckson moved T2040: Supersede Vault by OpenBao from Backlog to Analysis / under discussion on the Servers board.
Oct 3 2024, 15:21 · security, Servers, Vault
dereckson triaged T2040: Supersede Vault by OpenBao as Normal priority.
Oct 3 2024, 15:21 · security, Servers, Vault

Sep 12 2024

dereckson shifted T1996: Servers on hyper-001 have network issues from the Restricted Space space to the S1 Nasqueron space.
Sep 12 2024, 18:16 · security, Servers
dereckson closed T1996: Servers on hyper-001 have network issues as Wontfix.

Can't repro

Sep 12 2024, 18:15 · security, Servers
dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D3441: Prune Zemke-Rhyne.
Sep 12 2024, 17:02 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Sep 8 2024

Sandlayth closed T2013: Add new public ssh-key belonging to user sandlayth as Resolved by committing rOPS257aa8d9e00c: Add new public ssh-key belonging to user sandlayth.
Sep 8 2024, 09:07 · security, Servers
Sandlayth added a revision to T2013: Add new public ssh-key belonging to user sandlayth: D3433: Add new public ssh-key belonging to user sandlayth.
Sep 8 2024, 09:06 · security, Servers

Sep 5 2024

Sandlayth triaged T2013: Add new public ssh-key belonging to user sandlayth as Low priority.
Sep 5 2024, 20:40 · security, Servers

Aug 17 2024

dereckson closed T853: Deploy a Let's encrypt certificate to the Mumble server as Wontfix.

Mumble isn't currently in scope.

Aug 17 2024, 14:56 · good-first-issue, Mumble, security, Servers
dereckson closed T853: Deploy a Let's encrypt certificate to the Mumble server, a subtask of T654: Apply Let's encrypt SSL certificates for *.nasqueron.org, as Wontfix.
Aug 17 2024, 14:56 · security, Servers

Aug 4 2024

dereckson closed T1928: Serve CAA DNS records as Resolved.

Both are already set in DNS:

Aug 4 2024, 17:45 · Servers, DNS, security
dereckson added a comment to T1928: Serve CAA DNS records.

We use a wildcard certificate, so issuewild is needed, yes.

Aug 4 2024, 17:44 · Servers, DNS, security
dereckson claimed T1928: Serve CAA DNS records.
Aug 4 2024, 17:43 · Servers, DNS, security
dereckson moved T1879: Draft a 2FA policy from Backlog to Nasqueron Operations SIG on the discussion board.
Aug 4 2024, 17:42 · discussion, security, DevCentral
dereckson updated subscribers of T1879: Draft a 2FA policy.

@Ash-Crow @fauve @rama @replicatorbe @Sandlayth @xcombelle Any feedback on this?

Aug 4 2024, 17:41 · discussion, security, DevCentral
dereckson triaged T1879: Draft a 2FA policy as High priority.
Aug 4 2024, 17:39 · discussion, security, DevCentral
dereckson triaged T1928: Serve CAA DNS records as High priority.
Aug 4 2024, 17:37 · Servers, DNS, security

Aug 3 2024

dereckson added a comment to T1996: Servers on hyper-001 have network issues.

From router-001 network looks good:

Aug 3 2024, 13:59 · security, Servers
dereckson added a comment to T1996: Servers on hyper-001 have network issues.

Stopped currently not needed salt and node-exporter on router-001 to see if that helps.

Aug 3 2024, 13:58 · security, Servers
dereckson renamed T1996: Servers on hyper-001 have network issues from Server outage: complector to Servers on hyper-001 have network issues.
Aug 3 2024, 13:23 · security, Servers
dereckson shifted T1996: Servers on hyper-001 have network issues from the S1 Nasqueron space to the Restricted Space space.
Aug 3 2024, 13:23 · security, Servers
dereckson lowered the priority of T1996: Servers on hyper-001 have network issues from Unbreak Now! to High.

Could be at hypervisor level. SSH failed until 13:22 where it worked immediately.

Aug 3 2024, 13:23 · security, Servers
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator