Page MenuHomeDevCentral

securityTag
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

This tag identifies security issue.

Recent Activity

Feb 17 2024

dereckson closed T1953: sshd-otp returns fatal error recv_rexec_state: parse config: incomplete message as Resolved.
Ysul
$ /usr/local/etc/rc.d/sshd-otp restart
Performing sanity check on sshd_otp configuration.
Stopping sshd_otp.
Waiting for PIDS: 1331.
Performing sanity check on sshd_otp configuration.
Starting sshd_otp.
Feb 17 2024, 14:50 · security, Servers
dereckson created T1953: sshd-otp returns fatal error recv_rexec_state: parse config: incomplete message.
Feb 17 2024, 14:50 · security, Servers

Jan 28 2024

dereckson added a revision to T930: Secrets to migrate from DevCentral to Vault: D3302: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path.
Jan 28 2024, 19:11 · User-Dereckson, Vault, Nasqueron Operations Squad, security
dereckson added a comment to T930: Secrets to migrate from DevCentral to Vault.

Secrets have been migrated from dot notation to slash notation.

Jan 28 2024, 19:10 · User-Dereckson, Vault, Nasqueron Operations Squad, security

Jan 15 2024

dereckson added a comment to T1877: Evaluate Alcali - Salt front-end.

Alcali is still alive.

Jan 15 2024, 21:50 · security, Salt, Servers, Product evaluation

Jan 8 2024

dereckson added a revision to T1935: OPENSSH 9.6: D3265: Disable Terrapin sensible ciphers and algorithms.
Jan 8 2024, 21:54 · security
DorianWinty closed T1935: OPENSSH 9.6 as Resolved.
Jan 8 2024, 21:13 · security
DorianWinty shifted T1935: OPENSSH 9.6 from the Restricted Space space to the S1 Nasqueron space.
Jan 8 2024, 21:13 · security
DorianWinty shifted T1935: OPENSSH 9.6 from the S1 Nasqueron space to the Restricted Space space.
Jan 8 2024, 21:11 · security
DorianWinty shifted T1935: OPENSSH 9.6 from the Restricted Space space to the S1 Nasqueron space.
Jan 8 2024, 21:11 · security

Jan 7 2024

dereckson updated the task description for T1935: OPENSSH 9.6.
Jan 7 2024, 18:05 · security
dereckson updated the task description for T1935: OPENSSH 9.6.
Jan 7 2024, 18:01 · security
dereckson updated the task description for T1935: OPENSSH 9.6.
Jan 7 2024, 00:21 · security

Jan 5 2024

DorianWinty updated the task description for T1935: OPENSSH 9.6.
Jan 5 2024, 19:55 · security
DorianWinty updated the task description for T1935: OPENSSH 9.6.
Jan 5 2024, 19:55 · security
DorianWinty added a comment to T1935: OPENSSH 9.6.

For Hervil

Jan 5 2024, 12:32 · security
dereckson added a comment to T1935: OPENSSH 9.6.

FreeBSD integrates OpenSSH to the base OS.

Jan 5 2024, 12:06 · security
DorianWinty added a comment to T1935: OPENSSH 9.6.
Jan 5 2024, 11:45 · security
DorianWinty added a comment to T1935: OPENSSH 9.6.

cloudhugger:

OpenSSH_8.4p1 Debian-5+deb11u3, OpenSSL 1.1.1w  11 Sep 2023

windriver:

OpenSSH_9.5p1, OpenSSL 3.0.12 24 Oct 2023

dwellers:

OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022

windriver:

OpenSSH_9.5p1, OpenSSL 3.0.12 24 Oct 2023

windriver:

OpenSSH_9.5p1, OpenSSL 3.0.12 24 Oct 2023

docker-002:

OpenSSH_8.7p1, OpenSSL 3.0.7 1 Nov 2022

hervil:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

complector:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

db-A-001:

OpenSSH_9.3p2, OpenSSL 1.1.1t-freebsd  7 Feb 2023

db-B-001:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

web-001:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

router-001:

OpenSSH_9.3p1, OpenSSL 1.1.1t-freebsd  7 Feb 2023

ysul:

Minion did not return. [Not connected]

thrayce:

Minion did not return. [Not connected]
Jan 5 2024, 11:31 · security
DorianWinty created T1935: OPENSSH 9.6.
Jan 5 2024, 11:12 · security

Dec 17 2023

dereckson created T1928: Serve CAA DNS records.
Dec 17 2023, 14:03 · Servers, DNS, security
dereckson added a revision to T1228: Configure TLS for webserver-core role: D3251: Provide TLS 1.3 only nginx configuration.
Dec 17 2023, 14:00 · security, Servers
dereckson added a comment to T1228: Configure TLS for webserver-core role.

Situation has evolved since 2017, we currently configure nginx with TLSv1.2 + TLSv1.3,
per Mozilla intermediate configuration https://ssl-config.mozilla.org/

Dec 17 2023, 13:59 · security, Servers
dereckson updated the task description for T1228: Configure TLS for webserver-core role.
Dec 17 2023, 13:57 · security, Servers
dereckson renamed T1228: Configure TLS for webserver-core role from Configure TLS for Ysul to Configure TLS for webserver-core role.
Dec 17 2023, 13:57 · security, Servers

Jun 16 2023

dereckson updated subscribers of T1877: Evaluate Alcali - Salt front-end.
Jun 16 2023, 14:06 · security, Salt, Servers, Product evaluation

Jun 11 2023

dereckson added a comment to T1861: Configure static IPv6 on WindRiver.

Worked before (dhclient + routes), but on boot:

  • we've a correct fe80 address
  • no dhclient, but /usr/local/etc/rc.d/dhclient6 start does NOT complain dhclient6_enable="YES" is missing
  • when dhclient is started, our correct prefix is returned
  • no static IP assignment in current state (missing from /etc/netif/igb0_ipv6)
  • we can add manually IP in our prefix
  • routing is missing and can't be easily figured (the expectation was dhclient would take care of that)
Jun 11 2023, 11:23 · security, Servers, IPv6

Jun 7 2023

dereckson added a revision to T1861: Configure static IPv6 on WindRiver: D3185: Configure IPv6 with DUID for Online network.
Jun 7 2023, 00:41 · security, Servers, IPv6

Jun 3 2023

dereckson raised the priority of T1861: Configure static IPv6 on WindRiver from Normal to High.

Taking it as we've issues with the /128 one and I'd prefer to fix the /56 config than the /128 one.

Jun 3 2023, 21:31 · security, Servers, IPv6

May 29 2023

dereckson closed T1890: Deploy Vault on Eglide as Resolved.
May 29 2023, 17:18 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3154: Help to configure Salt for Vault access on shellserver.
May 29 2023, 17:14 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3153: Help operations to unseal Eglide Vault.
May 29 2023, 14:43 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3152: Configure Vault on shellserver.
May 29 2023, 10:56 · Odderon, IRC, Vault, security, Eglide
dereckson added a comment to T1890: Deploy Vault on Eglide.

Server log

May 29 2023, 10:54 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1739: Add SASL capability to Darkbot.
May 29 2023, 02:29 · Odderon, IRC, Vault, security, Eglide
dereckson added a revision to T1890: Deploy Vault on Eglide: D3151: Install Vault on shellserver.
May 29 2023, 02:28 · Odderon, IRC, Vault, security, Eglide
dereckson added a parent task for T1890: Deploy Vault on Eglide: T1721: Move IRC bots from Freenode to Libera.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson moved T1890: Deploy Vault on Eglide from Backlog to Next to deploy on the Odderon board.
May 29 2023, 00:06 · Odderon, IRC, Vault, security, Eglide
dereckson triaged T1890: Deploy Vault on Eglide as Normal priority.
May 29 2023, 00:01 · Odderon, IRC, Vault, security, Eglide

May 25 2023

dereckson triaged T1878: Allow to run queries for reporting as Wishlist priority.
May 25 2023, 04:23 · Monitoring and reporting, security, DBA, Servers
dereckson moved T1878: Allow to run queries for reporting from Backlog to Services / Features on the DBA board.
May 25 2023, 04:23 · Monitoring and reporting, security, DBA, Servers

May 20 2023

dereckson added a revision to T1879: Draft a 2FA policy: D3115: Publish SQL queries for DevCentral reports.
May 20 2023, 18:20 · security, DevCentral
dereckson added a comment to T1879: Draft a 2FA policy.

Documentation available at https://devcentral.nasqueron.org/w/setup_2fa/

May 20 2023, 17:36 · security, DevCentral
dereckson edited the content of Setup 2FA.
May 20 2023, 17:32 · DevCentral, security
dereckson attached a referenced file: F2221257: Screenshot 2023-05-20 at 18.52.56.png.
May 20 2023, 17:31 · DevCentral, security
dereckson created an object: Setup 2FA.
May 20 2023, 17:31 · DevCentral, security
dereckson added a comment to T1879: Draft a 2FA policy.

2FA enabled

May 20 2023, 16:48 · security, DevCentral
dereckson created T1879: Draft a 2FA policy.
May 20 2023, 16:48 · security, DevCentral
dereckson updated the task description for T1878: Allow to run queries for reporting.
May 20 2023, 15:45 · Monitoring and reporting, security, DBA, Servers
dereckson added a comment to T1878: Allow to run queries for reporting.

As a minimum, to have somewhere (a reports repository?) where we can write those report queries could already be useful, so we don't lose them.

May 20 2023, 15:43 · Monitoring and reporting, security, DBA, Servers