|
|
401b87d3ea
|
Add curve25519-sha256 to KexAlgorithms
|
2019-05-06 20:05:16 +02:00 |
|
|
|
c219b65b53
|
Some software requires an IPv4 address and can't handle unix: addresses...
|
2019-02-12 19:38:21 +01:00 |
|
|
|
bdf26c8d00
|
Introduce CPU and Memory resource control for php and all child-processes
|
2019-01-22 21:12:50 +01:00 |
|
|
|
11574e3e3f
|
nproc seems to be a global limit, not per session - increased accoringly
|
2019-01-08 18:20:24 +01:00 |
|
|
|
838b6c3b6f
|
disable systemd-resolver and tor@default apparmor profile
|
2019-01-06 20:35:04 +01:00 |
|
|
|
dfe7f7d9e7
|
when shell access is enabled, we shouldn't use force-command in sshd_config
|
2019-01-06 19:35:49 +01:00 |
|
|
|
09ca89029e
|
apply security restrictions in limits.conf
|
2019-01-06 19:33:12 +01:00 |
|
|
|
c46a2584fa
|
Add shell access and scp support
|
2019-01-06 18:20:02 +01:00 |
|
|
|
b5d8b79b8e
|
Disabled STRICT_TRANS_TABLES for compatibility
|
2019-01-05 12:15:56 +01:00 |
|
|
|
55bc8cd757
|
Introduce mysqld socket stream forwarding with nginx for chroot jails
|
2019-01-01 13:47:30 +01:00 |
|
|
|
0f38bd2449
|
Improved privilege separation
|
2019-01-01 02:24:22 +01:00 |
|
|
|
91167d1f45
|
Fix systemd namespace issues taking effect after reboot
|
2018-12-24 06:27:33 +01:00 |
|
|
|
e0bfc5e633
|
Our hidden service should run on v3 by default
|
2018-12-10 16:58:50 +01:00 |
|
|
|
11c055ebcf
|
Remove commeted options
|
2018-12-07 22:18:49 +01:00 |
|
|
|
4f6539b31d
|
Introduce systemd.exec restrictions for better security
|
2018-12-07 21:54:44 +01:00 |
|
|
|
8e155012a7
|
Suppress chatty dovecot messages
|
2018-12-07 21:48:22 +01:00 |
|
|
|
4b25310396
|
Simplified sshd_config
|
2018-12-07 13:25:30 +01:00 |
|
|
|
be005c3137
|
Renamed config file
|
2018-12-05 17:18:46 +01:00 |
|
|
|
aedd8a1e6a
|
Update to latest mariadb version
|
2018-12-05 17:18:11 +01:00 |
|
|
|
64163823a8
|
dnsmasq should only listen on lo interface
|
2018-12-05 07:59:46 +01:00 |
|
|
|
4f059e66f7
|
Droped php7.2 systemd.service files
|
2018-12-04 13:29:17 +01:00 |
|
|
|
c651bb65c7
|
Add jounald.conf
|
2018-12-03 17:22:23 +01:00 |
|
|
|
22066309d5
|
Add login.defs file
|
2018-12-02 21:41:31 +01:00 |
|
|
|
363d1b31ad
|
Debian sid dropped php7.2 support - move to 7.3 only
|
2018-12-02 21:17:11 +01:00 |
|
|
|
2e0e69d605
|
We don't need apt repository translations
|
2018-12-02 19:31:26 +01:00 |
|
|
|
7111fa3a65
|
Prevent httpoxy vulnerability in PHP applications
|
2018-11-29 20:56:39 +01:00 |
|
|
|
9de11a9722
|
Dropped PHP7.1 support and install composer
|
2018-11-24 10:38:59 +01:00 |
|
|
|
e4e59782ca
|
Disabled RSA host key type (because small keys are generated by default), as well as ECDSA (due to suspicions of NSA-compromised P-curves). Enabled only strong key exchange, cipher, and MAC algorithms. See https://www.sshaudit.com/ and https://github.com/arthepsy/ssh-audit.
|
2018-11-19 15:01:11 -05:00 |
|
|
|
41b33f2c51
|
Drop PHP7.0 support
|
2018-11-18 20:50:35 +01:00 |
|
|
|
f4ca23336b
|
Add clamav virus scan to mails
|
2018-11-11 11:17:20 +01:00 |
|
|
|
5f3dfefa02
|
Drop now redundant config
|
2018-10-28 09:07:20 +01:00 |
|
|
|
9985ba4864
|
Add PHP7.3 support and let setup.php write initial config files
|
2018-10-24 19:59:02 +02:00 |
|
|
|
b80f30ac03
|
Ignore insecure 777 permissions set by users on logrotate
|
2018-10-21 10:44:23 +02:00 |
|
|
|
2cee59dc6f
|
Structure changes for future features
|
2018-10-20 18:20:27 +02:00 |
|
|
|
81c2364b7b
|
Better load distribution on multiple relays
|
2018-09-23 20:09:04 +02:00 |
|
|
|
382ea73efb
|
Update firewall rules
|
2018-09-10 19:20:11 +02:00 |
|
|
|
2c634b889c
|
Add dnsmasq DNS caching and performance tune tor instances
|
2018-09-10 19:11:02 +02:00 |
|
|
|
f43e699b91
|
chroot postfix
|
2018-06-18 20:24:00 +02:00 |
|
|
|
e6d798370f
|
secmail.pro dropped rewriting of .onion to .pro domain
|
2018-06-02 12:05:30 +02:00 |
|
|
|
943ca4b151
|
Enable fastcgi_cache
|
2018-05-15 20:45:49 +02:00 |
|
|
|
dda49153b3
|
Buffer access log writes to reduce IO
|
2018-05-13 09:04:12 +02:00 |
|
|
|
1a9ee646c6
|
Adapt firewall rule to new ftp ports
|
2018-05-06 09:57:24 +02:00 |
|
|
|
c6498ea1dc
|
Increase available ports for passive ftp
|
2018-05-05 14:10:01 +02:00 |
|
|
|
49a5b187b0
|
Increase buffer to get rid of errors on large response headers (e.g. cookies)
upstream sent too big header while reading response header
|
2018-04-22 15:07:00 +02:00 |
|
|
|
300cd647df
|
Increase limits and add putenv to disabled functions (vulerability)
Potential security vulnerability:
<?php
putenv("LD_PRELOAD=/home/site.onion/libtest.so");
mail("test@localhost","hacked","you");
|
2018-04-22 09:11:43 +02:00 |
|
|
|
c9487adb1a
|
MariaDB hit open_files_limit -> increase it
|
2018-03-12 06:47:18 +01:00 |
|
|
|
b2fab1ec53
|
Fix /var/run/nginx not being created on nginx start
|
2018-03-11 20:17:14 +01:00 |
|
|
|
7bd2e79f06
|
Separate nginx sockets for each site to make hoster identification harder
|
2018-03-08 20:57:42 +01:00 |
|
|
|
eca0c675cd
|
Added missing dovecot config to use home maildir
|
2018-02-11 19:53:10 +01:00 |
|
|
|
ea112b3389
|
Added missing authorized destinations for services also reachable via .onion
|
2018-02-11 17:36:50 +01:00 |
|
