Page MenuHomeDevCentral

securityTag
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This tag identifies security issue.

Recent Activity

Jun 3 2020

dereckson added a revision to T1616: Build a bastion - load balancers - private instances network topology: D2293: Provide a PaaS front-end role.
Jun 3 2020, 17:43 · security, Operations sprints (Consolidate them all)
dereckson added a parent task for T1616: Build a bastion - load balancers - private instances network topology: Unknown Object (Maniphest Task).
Jun 3 2020, 17:37 · security, Operations sprints (Consolidate them all)
dereckson triaged T1616: Build a bastion - load balancers - private instances network topology as Normal priority.
Jun 3 2020, 17:36 · security, Operations sprints (Consolidate them all)

Feb 23 2020

dereckson moved T1602: Provision ACME DNS credentials for core domains on each servers from Backlog to Pending review on the Operations sprints (Consolidate them all) board.
Feb 23 2020, 12:31 · security, Operations sprints (Consolidate them all), Servers
dereckson added a revision to T1602: Provision ACME DNS credentials for core domains on each servers: D2249: Allow to update ACME DNS accounts.
Feb 23 2020, 11:40 · security, Operations sprints (Consolidate them all), Servers
dereckson created T1602: Provision ACME DNS credentials for core domains on each servers.
Feb 23 2020, 11:40 · security, Operations sprints (Consolidate them all), Servers

Feb 15 2020

dereckson created Blog Post: New SSH keys for servers.
Feb 15 2020, 23:50 · security, Servers

Feb 14 2020

dereckson closed T667: Mitigate CVE-2016-0777 in SSH clients configuration files as Resolved.

OpenSSH now mitigates this.

Feb 14 2020, 17:40 · security, Servers
dereckson closed T693: Add dwellers.nasqueron.org to Ysul sshguard whitelist as Wontfix.

We do'nt use sshguard anymore, as login by password is disabled, keys are required.

Feb 14 2020, 17:37 · security, Nasqueron Docker deployment squad, Servers, Restricted Project
dereckson closed T744: Recycle containers on Dwellers to mitigate CVE-2015-7547 as Resolved.
Feb 14 2020, 17:35 · security, Nasqueron Docker deployment squad
dereckson claimed T744: Recycle containers on Dwellers to mitigate CVE-2015-7547.

Done during the migration to EquaTower and Salt for aphlict cachet devcentral wolfphab acquisitariat etherpad tommy ci silly_bardeen.

Feb 14 2020, 17:35 · security, Nasqueron Docker deployment squad
dereckson added a comment to T1594: Acquisitariat and Etherpad issue.

The option is the same for Etherpad and DevCentral:

Feb 14 2020, 15:52 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson added a project to T1594: Acquisitariat and Etherpad issue: Operations sprints (Consolidate them all).
Feb 14 2020, 15:44 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson updated the task description for T1594: Acquisitariat and Etherpad issue.
Feb 14 2020, 15:44 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad
dereckson created T1594: Acquisitariat and Etherpad issue.
Feb 14 2020, 15:42 · Operations sprints (Consolidate them all), Vault, security, Nasqueron Docker deployment squad

Feb 8 2020

dereckson closed T1580: Deploy ACME-specific DNS server, a subtask of T1513: Propagate certificate to Openfire server, as Resolved.
Feb 8 2020, 18:39 · security, Servers
dereckson closed T1580: Deploy ACME-specific DNS server as Resolved.
Feb 8 2020, 18:39 · Operations sprints (Consolidate them all), DNS, security, Servers

Feb 4 2020

dereckson added a revision to T1580: Deploy ACME-specific DNS server: D2181: Allow certbot to use acme.nasqueron.org on Docker engines.
Feb 4 2020, 22:22 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson added a comment to T1580: Deploy ACME-specific DNS server.

The server works fine. Next step is to integrate Certbot or any other client with it and create relevant CNAMEs.

Feb 4 2020, 20:07 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson added a revision to T1580: Deploy ACME-specific DNS server: D2180: Provide homepage for ACME DNS Server.
Feb 4 2020, 19:58 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson added a revision to T1580: Deploy ACME-specific DNS server: D2179: Restrict access to ACME DNS.
Feb 4 2020, 19:29 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson added a comment to T1580: Deploy ACME-specific DNS server.

Server is deployed on Equatower.

Feb 4 2020, 18:11 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson added a revision to T1580: Deploy ACME-specific DNS server: D2178: Provide nginx configuration for ACME DNS.
Feb 4 2020, 17:49 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson added a revision to T1580: Deploy ACME-specific DNS server: D2177: Serve acme.nasqueron.org DNS.
Feb 4 2020, 16:15 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson moved T1580: Deploy ACME-specific DNS server from Backlog to Working on on the Operations sprints (Consolidate them all) board.
Feb 4 2020, 15:03 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson added a project to T1580: Deploy ACME-specific DNS server: Operations sprints (Consolidate them all).
Feb 4 2020, 15:03 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson created T1580: Deploy ACME-specific DNS server.
Feb 4 2020, 15:02 · Operations sprints (Consolidate them all), DNS, security, Servers
dereckson added a revision to T1513: Propagate certificate to Openfire server: D2050: WIP: deploy certificate to Openfire.
Feb 4 2020, 14:54 · security, Servers

Jan 25 2020

dereckson added a project to T1109: Switch all OAuth GitHub applications to Nasqueron organization accounts: Administrative.
Jan 25 2020, 01:33 · Administrative, security, Nasqueron Operations Squad, User-Dereckson

Jan 15 2020

dereckson added a project to T1521: Restrict MySQL access: Operations sprints (Consolidate them all).
Jan 15 2020, 11:23 · Operations sprints (Consolidate them all), security, Servers
dereckson added a comment to T1484: Upgrade Laravel framework.

5.4 migration is done for the running source code, but tests require to cope with the undocumented internal framework mechanisms changes for events.

Jan 15 2020, 11:21 · security, Technical debt, Notifications center

Jan 14 2020

dereckson added a comment to T1486: Evaluate Archery.

Still maintained.

Jan 14 2020, 15:19 · security, Product evaluation, Operations sprints (Move the ambiant lights)
dereckson updated the task description for T1486: Evaluate Archery.
Jan 14 2020, 15:18 · security, Product evaluation, Operations sprints (Move the ambiant lights)
dereckson moved T1211: Implement ACL to the exchanges/queues we can subscribe to in delivery API from Zboing! Zboing! to Backlog on the Notifications center board.
Jan 14 2020, 00:38 · Notifications center, security

Jan 13 2020

dereckson added a revision to T1484: Upgrade Laravel framework: D2129: Upgrade to Laravel 5.3.
Jan 13 2020, 22:29 · security, Technical debt, Notifications center
dereckson added a parent task for T1484: Upgrade Laravel framework: T1336: Migrate tests to PHPUnit 8.
Jan 13 2020, 02:52 · security, Technical debt, Notifications center

Dec 5 2019

dereckson moved T1484: Upgrade Laravel framework from Backlog to Dev on the Technical debt board.
Dec 5 2019, 13:12 · security, Technical debt, Notifications center

Oct 14 2019

dereckson closed T1530: pam_nologin link issue in FreeBSD as Resolved.

No more log messages.

Oct 14 2019, 14:30 · security, Servers
dereckson added a comment to T1530: pam_nologin link issue in FreeBSD.
$ sudo service cron restart
Stopping cron.
Waiting for PIDS: 1043.
Starting cron.
Oct 14 2019, 14:19 · security, Servers
dereckson added a comment to T1530: pam_nologin link issue in FreeBSD.

Known similar issue: https://forums.freebsd.org/threads/crontab-not-working-after-upgrading-to-freebsd-12-0-release.68675/

Oct 14 2019, 14:16 · security, Servers
dereckson triaged T1530: pam_nologin link issue in FreeBSD as High priority.
Oct 14 2019, 14:15 · security, Servers

Aug 1 2019

xcombelle added a comment to T1524: Monitor sudo files on servers.

I have no idea how to do it, but looks like a good plan. Apart that, in my opinion, you do a much more of what would be necessary to run nasqueron services (but it is your time, you use it like you want)

Aug 1 2019, 15:37 · Eglide, security, Servers
dereckson added a comment to T1524: Monitor sudo files on servers.

Those are valid concerns.

Aug 1 2019, 14:57 · Eglide, security, Servers
xcombelle added a comment to T1524: Monitor sudo files on servers.

looks an interesting tool, something quite frightening is that it comes with a set of exploit, (if I understand, a common way to exploit sudo flaws).
As a shell script not even indented, it is absolutely unreadable, and more or less one have to trust the creator to not making mistake.
Moreover for full use, you have to give a sudo password in clear text ( I just don't understand the reason)
As such, I would say it would be kind of crazy to run it automatically and I would not comfortable to simply run it for myself in any way.

Aug 1 2019, 14:44 · Eglide, security, Servers
dereckson triaged T1524: Monitor sudo files on servers as Wishlist priority.
Aug 1 2019, 14:16 · Eglide, security, Servers

Jul 29 2019

dereckson added a comment to T1521: Restrict MySQL access.

Tagging security as we could need follow-up ACL to allow to connect to.

Jul 29 2019, 17:29 · Operations sprints (Consolidate them all), security, Servers
dereckson added a project to T1521: Restrict MySQL access: security.
Jul 29 2019, 17:28 · Operations sprints (Consolidate them all), security, Servers

Jul 17 2019

dereckson edited P288 Keys to restore after D2074 side-effect cleanup.
Jul 17 2019, 18:37 · security, Servers
dereckson edited P288 Keys to restore after D2074 side-effect cleanup.
Jul 17 2019, 18:37 · security, Servers
dereckson edited P288 Keys to restore after D2074 side-effect cleanup.
Jul 17 2019, 18:37 · security, Servers