Wed, 17 Apr 2019 12:05:32 +0100 |
IBBoard |
Separate the two Fail2ban SSH rules in iptables
puppet-3.6
|
Wed, 17 Apr 2019 12:00:31 +0100 |
IBBoard |
Separate out SSH repeats from web/email repeats
puppet-3.6
|
Wed, 10 Apr 2019 20:11:55 +0100 |
IBBoard |
Add a named.conf file to control cache/memory size
puppet-3.6
|
Sun, 10 Mar 2019 10:07:52 +0000 |
IBBoard |
Add imagick for PHP to staisfy a NextCloud recommendation
puppet-3.6
|
Tue, 12 Feb 2019 21:04:51 +0000 |
IBBoard |
Update logwatch fail2ban handling for v0.10 log changes
puppet-3.6
|
Sun, 10 Feb 2019 19:30:34 +0000 |
IBBoard |
Fix log level for repeat offender checks
puppet-3.6
|
Sun, 10 Feb 2019 16:17:05 +0000 |
IBBoard |
Add missing GPG key
puppet-3.6
|
Sun, 10 Feb 2019 16:13:24 +0000 |
IBBoard |
Switch to new Postfix SASL filter (no longer a separate file)
puppet-3.6
|
Sun, 10 Feb 2019 16:12:45 +0000 |
IBBoard |
Add custom IBBoard repo again
puppet-3.6
|
Sat, 02 Feb 2019 16:30:40 +0000 |
IBBoard |
Reduce Apache Instaban ban duration to reduce reboot time
puppet-3.6
|
Tue, 08 Jan 2019 20:13:18 +0000 |
IBBoard |
Update firewall blacklisting
puppet-3.6
|
Fri, 14 Dec 2018 20:07:09 +0000 |
IBBoard |
Add latest Logwatch "named" script to handle DNS log changes
puppet-3.6
|
Fri, 14 Dec 2018 19:58:09 +0000 |
IBBoard |
Handle Dovecot "logged out" messages in LogWatch
puppet-3.6
|
Fri, 07 Dec 2018 19:54:20 +0000 |
IBBoard |
Try to fix "Garbage after numerical service in server description"
puppet-3.6
|
Fri, 07 Dec 2018 19:52:50 +0000 |
IBBoard |
Set group sticky bit on all sites to ease collaboration
puppet-3.6
|
Sat, 20 Oct 2018 10:07:51 +0100 |
IBBoard |
Add PHP "intl" module so NextCloud doesn't use fallback implementation
puppet-3.6
|
Sun, 05 Aug 2018 10:40:51 +0100 |
IBBoard |
Strip some headers on outbound emails
puppet-3.6
|
Thu, 24 May 2018 20:38:26 +0100 |
IBBoard |
Swap to PHP 7.2, since 7.0 is EOL now
puppet-3.6
|
Sat, 12 May 2018 10:05:12 +0100 |
IBBoard |
Handle possible "undef" from FileMagic that causes warnings
puppet-3.6
|
Mon, 07 May 2018 09:40:41 +0100 |
IBBoard |
Add missing dependencies for SpamAssassin rules
puppet-3.6
|
Sat, 31 Mar 2018 10:19:53 +0100 |
IBBoard |
Make Postfix IPv4 only
puppet-3.6
|
Sat, 31 Mar 2018 10:19:03 +0100 |
IBBoard |
Add a find time to custom SSH rule as it is low and slow
puppet-3.6
|
Sat, 03 Mar 2018 14:20:06 +0000 |
IBBoard |
Add extra headers for improved security practice
puppet-3.6
|
Sat, 17 Feb 2018 20:59:37 +0000 |
IBBoard |
Try to fix NextCloud warnings about "wrong" headers
puppet-3.6
|
Sat, 10 Feb 2018 13:32:51 +0000 |
IBBoard |
Fix case of <HOST> tag so that rule pulls the IP
puppet-3.6
|
Tue, 06 Feb 2018 20:42:49 +0000 |
IBBoard |
Tighten up some Fail2Ban rules (including SSH probes with only insecure keys)
puppet-3.6
|
Sun, 17 Sep 2017 09:54:44 +0100 |
IBBoard |
Remove GraceBertram sites
puppet-3.6
|
Fri, 01 Sep 2017 11:36:16 +0100 |
IBBoard |
Expand PHP OpCache config in line with NextCloud recommendations
puppet-3.6
|
Fri, 01 Sep 2017 11:29:55 +0100 |
IBBoard |
Change MySQL/MariaDB settings to support all Unicode
puppet-3.6
|
Tue, 01 Aug 2017 19:09:38 +0100 |
IBBoard |
Remove RealmRunner site config
puppet-3.6
|
Wed, 03 May 2017 21:00:04 +0100 |
IBBoard |
Completely remove GG after running "puppet apply"
puppet-3.6
|
Wed, 03 May 2017 20:59:33 +0100 |
IBBoard |
Remove GG site information
puppet-3.6
|
Mon, 17 Apr 2017 16:50:58 +0100 |
IBBoard |
Add a config fragment (for 404s) to BDStrike site
puppet-3.6
|
Wed, 12 Apr 2017 17:16:26 +0100 |
IBBoard |
Manage SpamAssassin local config
puppet-3.6
|
Tue, 04 Apr 2017 19:48:44 +0100 |
IBBoard |
Remove lktutoring.com - it expired in December
puppet-3.6
|
Sun, 02 Apr 2017 20:09:13 +0100 |
IBBoard |
Add custom log format - combined plus requested domain
puppet-3.6
|
Sat, 01 Apr 2017 10:54:09 +0100 |
IBBoard |
Make the IBBoard repo config go away, rather than just leaving it undefined
puppet-3.6
|
Fri, 31 Mar 2017 21:00:58 +0100 |
IBBoard |
IBBoard repo is no longer necessary and has been removed!
puppet-3.6
|
Thu, 30 Mar 2017 21:00:21 +0100 |
IBBoard |
Remove unused (and slightly confusing) class
puppet-3.6
|
Thu, 30 Mar 2017 20:41:18 +0100 |
IBBoard |
Move all sites to separate LetsEncrypt certs to make adding future domains easier
puppet-3.6
|
Tue, 28 Mar 2017 21:12:49 +0100 |
IBBoard |
Remove slash in redirect because group catches path slash
puppet-3.6
|
Tue, 28 Mar 2017 21:05:12 +0100 |
IBBoard |
Make sure that we still redirect to non-www if we want it
puppet-3.6
|
Tue, 28 Mar 2017 20:56:53 +0100 |
IBBoard |
Swap GlitterGoth to its own Let's Encrypt cert
puppet-3.6
|
Tue, 28 Mar 2017 20:51:06 +0100 |
IBBoard |
Remove unused Apache config files
puppet-3.6
|
Tue, 28 Mar 2017 20:50:17 +0100 |
IBBoard |
Add missing HTTPS site config template
puppet-3.6
|
Tue, 28 Mar 2017 20:47:45 +0100 |
IBBoard |
Update test machine IPs to match new DHCP pool
puppet-3.6
|
Tue, 28 Mar 2017 20:46:35 +0100 |
IBBoard |
Restructure HTTPS certificates and multiple TLD sites for clarity
puppet-3.6
|
Sun, 26 Mar 2017 16:53:34 +0100 |
IBBoard |
Remove now deprecated mcrypt extension - all scripts now use openssl
puppet-3.6
|
Sun, 26 Mar 2017 16:12:57 +0100 |
IBBoard |
Fix pip installations
puppet-3.6
|
Sat, 25 Mar 2017 20:54:34 +0000 |
IBBoard |
Switch to mercurial_keyring from Pip
puppet-3.6
|
Sat, 25 Mar 2017 20:18:13 +0000 |
IBBoard |
Remove mod_auth_token and replace with mod_xsendfile
puppet-3.6
|
Sat, 25 Mar 2017 12:05:36 +0000 |
IBBoard |
Add BDStrike domains
puppet-3.6
|
Sat, 25 Mar 2017 12:05:23 +0000 |
IBBoard |
Make IP on redirects optional (defaults to primary IP)
puppet-3.6
|
Fri, 03 Mar 2017 19:48:06 +0000 |
IBBoard |
Remove hgview because it is GUI only
puppet-3.6
|
Thu, 09 Feb 2017 20:54:30 +0000 |
IBBoard |
Add OLE detection to SpamAssassin without ClamAV
puppet-3.6
|
Wed, 18 Jan 2017 21:13:20 +0000 |
IBBoard |
Make GG DB backup less frequent now that site is closing
puppet-3.6
|
Sun, 15 Jan 2017 20:47:13 +0000 |
IBBoard |
Remove ClamAV from server config
puppet-3.6
|
Mon, 09 Jan 2017 21:06:10 +0000 |
IBBoard |
Block another annoying IP with a firewall rule
puppet-3.6
|
Sat, 17 Dec 2016 12:01:55 +0000 |
IBBoard |
Override minimum UID for Dovecot/IMAP, as we use old "500+ is users" range
puppet-3.6
|
Sat, 17 Dec 2016 12:01:16 +0000 |
IBBoard |
Firewall Baidu's new Brazillian IP range for being to agressive
puppet-3.6
|
Fri, 11 Nov 2016 21:04:13 +0000 |
IBBoard |
Fix "direct under CA" custom conditions and sites that use "cert named after domain" pattern
puppet-3.6
|
Fri, 11 Nov 2016 21:02:09 +0000 |
IBBoard |
Add Certbot packages we depend on for commands and providing certs
puppet-3.6
|
Fri, 11 Nov 2016 18:17:46 +0000 |
IBBoard |
Do not supply incorrect CA chain for GG Test site
puppet-3.6
|
Fri, 11 Nov 2016 17:15:23 +0000 |
IBBoard |
Switch to using LetsEncrypt certs by default
puppet-3.6
|
Fri, 04 Nov 2016 20:55:22 +0000 |
IBBoard |
Remove (hopefully) redundant Spamhaus checks - Postscreen should do this
puppet-3.6
|
Wed, 26 Oct 2016 19:40:37 +0100 |
IBBoard |
Change all "latest" packages to "installed"
puppet-3.6
|
Thu, 06 Oct 2016 19:02:30 +0100 |
IBBoard |
Be less agressive with blocking on the grounds of SPF
puppet-3.6
|
Sun, 02 Oct 2016 19:33:22 +0100 |
IBBoard |
Filter what we see in Postwhite cron output
puppet-3.6
|
Sun, 18 Sep 2016 07:22:22 +0100 |
IBBoard |
Fix rookie cron mistake - don't run Postwhite EVERY MINUTE!
puppet-3.6
|
Sat, 17 Sep 2016 15:19:54 +0100 |
IBBoard |
Fix PHP reporting in logwatch
puppet-3.6
|
Tue, 13 Sep 2016 21:04:40 +0100 |
IBBoard |
Fix Apache 2.4 Logwatch support
puppet-3.6
|
Tue, 13 Sep 2016 20:53:16 +0100 |
IBBoard |
Schedule Postwhite to run regularly
puppet-3.6
|
Tue, 13 Sep 2016 20:27:22 +0100 |
IBBoard |
Swap from manual Postscreen whitelist to Postwhite generated whitelist
puppet-3.6
|
Sat, 03 Sep 2016 20:31:35 +0100 |
IBBoard |
Add missing "permit" on Postscreen whitelist lines
puppet-3.6
|
Sat, 03 Sep 2016 14:28:56 +0100 |
IBBoard |
Blacklist more spamming IPs (with a ######.info domain)
puppet-3.6
|
Fri, 02 Sep 2016 13:40:26 +0100 |
IBBoard |
Add eBay to Postscreen whitelist
puppet-3.6
|
Sat, 13 Aug 2016 13:44:01 +0100 |
IBBoard |
Disable PCRE JIT to stop SELinux giving "denied execmem" for Apache
puppet-3.6
|
Wed, 20 Jul 2016 20:31:22 +0100 |
IBBoard |
Blank some Apache configs to prevent httpd update breaking the server
puppet-3.6
|
Tue, 19 Jul 2016 20:25:44 +0100 |
IBBoard |
Ban IODC bot, because they can't behave and don't have robots.txt instructions
puppet-3.6
|
Fri, 08 Jul 2016 20:34:29 +0100 |
IBBoard |
Redirect dumb bots that removed the ID number to the main module page
puppet-3.6
|
Wed, 29 Jun 2016 20:49:56 +0100 |
IBBoard |
Make sure that we're detecting and serving 7zip and RAR files correctly
puppet-3.6
|
Tue, 28 Jun 2016 20:36:42 +0100 |
IBBoard |
Make sure that custom config comes before site configs
puppet-3.6
|
Sat, 04 Jun 2016 14:08:19 +0100 |
IBBoard |
Update test machine IP again
puppet-3.6
|
Sat, 04 Jun 2016 14:07:37 +0100 |
IBBoard |
Make sure our websites load after ALL other Apache config
puppet-3.6
|
Sat, 04 Jun 2016 14:06:15 +0100 |
IBBoard |
Make sure that we don't leak PHP source code if something breaks
puppet-3.6
|
Sat, 04 Jun 2016 14:05:14 +0100 |
IBBoard |
Make sure that HTTPS redirects have the full set of headers
puppet-3.6
|
Tue, 31 May 2016 22:02:15 +0100 |
IBBoard |
Switch to PHP 7 from Webtatic
puppet-3.6
|
Tue, 31 May 2016 22:00:56 +0100 |
IBBoard |
Add dev machine entry with correct IPs
puppet-3.6
|
Tue, 31 May 2016 20:57:39 +0100 |
IBBoard |
Swap Webtatic to new GPG key
puppet-3.6
|
Sat, 21 May 2016 15:32:13 +0100 |
IBBoard |
Add more Postscreen whitelisting, and a private section
puppet-3.6
|
Sat, 14 May 2016 17:10:10 +0100 |
IBBoard |
Lock down Apache headers for security, based on https://securityheaders.io/
puppet-3.6
|
Sat, 23 Apr 2016 16:28:47 +0100 |
IBBoard |
Make sure that we're always setting HSTS headers, even when cannonicalising domains
puppet-3.6
|
Thu, 21 Apr 2016 20:53:37 +0100 |
IBBoard |
Add PayPal IPs to whitelist so that they don't get delayed
puppet-3.6
|
Sat, 26 Mar 2016 09:05:36 +0000 |
IBBoard |
Remove review email, as GG is shutting down
puppet-3.6
|
Tue, 22 Mar 2016 21:09:25 +0000 |
IBBoard |
Avoid SELinux warnings by disabling bytecode support
puppet-3.6
|
Sun, 13 Mar 2016 19:58:17 +0000 |
IBBoard |
Stop Bind trying IPv6, as we only have a link-local IP
puppet-3.6
|
Wed, 24 Feb 2016 20:21:44 +0000 |
IBBoard |
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
puppet-3.6
|
Tue, 16 Feb 2016 20:26:00 +0000 |
IBBoard |
Patch isn't a standard package on a minimal install. Make sure we have it.
puppet-3.6
|
Sun, 14 Feb 2016 20:04:04 +0000 |
IBBoard |
Reduce the number of spare servers, because we're quiet and need spare memory
puppet-3.6
|
Wed, 27 Jan 2016 20:18:32 +0000 |
IBBoard |
Add another regular command to check that we've not got services requiring a restart
puppet-3.6
|
Tue, 26 Jan 2016 20:15:23 +0000 |
IBBoard |
Remove repo checking cruft from potential Yum Check Update cron job output
puppet-3.6
|
Sun, 24 Jan 2016 20:11:51 +0000 |
IBBoard |
Make sure that we don't get Yum just emailing us "I updated my metadata for the repos"
puppet-3.6
|
Fri, 22 Jan 2016 20:27:16 +0000 |
IBBoard |
Reduce opcache memory usage because it doesn't use that much
puppet-3.6
|
Sat, 16 Jan 2016 15:03:04 +0000 |
IBBoard |
Run cron job to notify of available updates
puppet-3.6
|
Sat, 16 Jan 2016 11:01:09 +0000 |
IBBoard |
Add body checks to emails for the minority of obvious spam that aren't caught
puppet-3.6
|
Sat, 16 Jan 2016 11:00:38 +0000 |
IBBoard |
Follow the documentation properly and specify dport, not just port
puppet-3.6
|
Sat, 16 Jan 2016 10:59:56 +0000 |
IBBoard |
Extend blocked files to include backup files
puppet-3.6
|
Sun, 10 Jan 2016 20:24:22 +0000 |
IBBoard |
Whitelist Google's IPs so that they don't get greylisted
puppet-3.6
|
Tue, 05 Jan 2016 21:00:52 +0000 |
IBBoard |
Put postscreen back (our second SMTP line seems to have overridden it)
puppet-3.6
|
Sun, 03 Jan 2016 20:48:38 +0000 |
IBBoard |
Make sure that config file changes for changes trigger a reload
puppet-3.6
|
Sun, 03 Jan 2016 20:13:19 +0000 |
IBBoard |
Make sure that Amavis daemon is running so mail gets delivered after reboot!
puppet-3.6
|
Sat, 26 Dec 2015 20:26:22 +0000 |
IBBoard |
Fight back against spam
puppet-3.6
|
Wed, 23 Dec 2015 11:16:17 +0000 |
IBBoard |
Drop the number of spare servers to save some memory when we normally only have a couple of processes at once
puppet-3.6
|
Tue, 24 Nov 2015 20:48:36 +0000 |
IBBoard |
Add mlocate as another core package, since it wasn't on our (very) minimal CentOS 7 install
puppet-3.6
|
Sat, 14 Nov 2015 14:08:32 +0000 |
IBBoard |
New LogRotate is picky about usernames for security reasons. Fix it for Trac logs.
puppet-3.6
|
Sun, 01 Nov 2015 21:18:07 +0000 |
IBBoard |
Move to CentOS7-based dovecot (with a tweak for "in=…") because it seems to match output better
puppet-3.6
|
Sat, 31 Oct 2015 20:33:05 +0000 |
IBBoard |
Require bzip2 - why isn't this a default?!
puppet-3.6
|
Sat, 31 Oct 2015 20:30:31 +0000 |
IBBoard |
Hide extra output from Puppet cron job that later Puppet generates
puppet-3.6
|
Tue, 27 Oct 2015 08:53:00 +0000 |
IBBoard |
Fix typo (missing single quote)
puppet-3.6
|
Mon, 26 Oct 2015 19:40:00 +0000 |
IBBoard |
Add required package for email SPF checking
puppet-3.6
|