- 16 Oct, 2021 1 commit
-
-
Jelle van der Waa authored
The security tracker is not compatible yet with the new sqlalchemy, use the old version in our repos
-
- 13 May, 2021 1 commit
-
-
- 14 Feb, 2021 1 commit
-
-
Kristian Klausen authored
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
-
- 10 Feb, 2021 1 commit
-
-
Levente Polyak authored
-
- 25 Dec, 2020 1 commit
-
-
Giancarlo Razzolini authored
The make package was missing from the list of packages that are needed for the security tracker.
-
- 18 Dec, 2020 2 commits
-
-
Levente Polyak authored
-
Jelle van der Waa authored
Allow http group to read the security tracker directory for web assets.
-
- 27 Aug, 2020 1 commit
-
-
- 17 Jun, 2020 2 commits
-
-
also use systemd instead of service module
-
-
- 25 Sep, 2019 3 commits
-
-
Levente Polyak authored
Ensure we only allow to dpeloy commits that were signed with keys we mark as trusted signing keys for the security tracker.
-
Levente Polyak authored
- add python-sqlalchemy-continuum as new dependency - call database upgrade target after each deploy - outsource version identifier into a variable - disable systemd timer during maintenance Signed-off-by:
Levente Polyak <anthraxx@archlinux.org>
-
Giancarlo Razzolini authored
playbooks/apollo: Split the security tracker role into multiple lines and add the nginx configuration roles/security_tracker: Plug in the maintenance mode
-
- 29 Mar, 2019 1 commit
-
-
Jelle van der Waa authored
Add flask-migrate as new dependency, this release makes the tracker compatible with python-flask-sqlalchemy 1.3.1. Signed-off-by:
Jelle van der Waa <jelle@vdwaa.nl>
-
- 25 Dec, 2018 1 commit
-
-
Florian Pritz authored
Signed-off-by:
Florian Pritz <bluewind@xinu.at>
-
- 25 Jun, 2018 1 commit
-
-
Florian Pritz authored
The discovery script now uses a regex and no longer cares where exactly accounting is enabled. Follow systemd upstream by enabling it by default. Signed-off-by:
Florian Pritz <bluewind@xinu.at>
-
- 30 May, 2018 1 commit
-
-
Jelle van der Waa authored
-
- 29 May, 2018 1 commit
-
-
Jelle van der Waa authored
-
- 28 Feb, 2018 1 commit
-
-
Florian Pritz authored
Signed-off-by:
Florian Pritz <bluewind@xinu.at>
-
- 19 Feb, 2018 2 commits
-
-
Jelle van der Waa authored
This makes the security tracker role idempotent.
-
Florian Pritz authored
Signed-off-by:
Florian Pritz <bluewind@xinu.at>
-
- 28 Jul, 2017 1 commit
-
-
Jelle van der Waa authored
Add the new dependency on python-flask-talisman for CSP.
-
- 20 Jul, 2017 1 commit
-
-
Giancarlo Razzolini authored
The security_tracker repository was moved to the archlinux organization on github.
-
- 10 Feb, 2017 1 commit
-
-
Giancarlo Razzolini authored
To correctly be safe for CVE-2016-1247, we need all nginx log dirs to be owned by both user and group root. Also, since nginx childs runs as http user, the directories permissions must be 0755, so the http user can descent into it. Since the logrotate will create the log files as http:log, the nginx childs will be able to write to the logs, but will not be able to create files inside those dirs, fully preventing CVE-2016-1247.
-
- 05 Feb, 2017 1 commit
-
-
Florian Pritz authored
CVE-2016-1247 is a symlink attack on the log dir of nginx since a reopening of the logs (triggered by logrotate) opens the logs as nginx instead of root. logrotate creates the proper log files already so nginx doesn't need write permissions to those directories. Signed-off-by:
Florian Pritz <bluewind@xinu.at>
-
- 02 Jan, 2017 1 commit
-
-
Giancarlo Razzolini authored
roles/nginx: Add a handler for reloading nginx and change all the roles to use it, instead of restarting nginx.
-
- 24 Dec, 2016 1 commit
-
-
Giancarlo Razzolini authored
-
- 21 Dec, 2016 1 commit
-
-
Giancarlo Razzolini authored
roles/security-tracker: Idempotency fix. No need to enable and start a service when it is started by a timer.
-
- 20 Dec, 2016 4 commits
-
-
Giancarlo Razzolini authored
roles/security-tracker: changed the secret key and added a initial make setup that creates the database.
-
Giancarlo Razzolini authored
-
Giancarlo Razzolini authored
-
Giancarlo Razzolini authored
-