838b6c3b6f
disable systemd-resolver and tor@default apparmor profile
2019-01-06 20:35:04 +01:00
dfe7f7d9e7
when shell access is enabled, we shouldn't use force-command in sshd_config
2019-01-06 19:35:49 +01:00
09ca89029e
apply security restrictions in limits.conf
2019-01-06 19:33:12 +01:00
c46a2584fa
Add shell access and scp support
2019-01-06 18:20:02 +01:00
b5d8b79b8e
Disabled STRICT_TRANS_TABLES for compatibility
2019-01-05 12:15:56 +01:00
55bc8cd757
Introduce mysqld socket stream forwarding with nginx for chroot jails
2019-01-01 13:47:30 +01:00
0f38bd2449
Improved privilege separation
2019-01-01 02:24:22 +01:00
91167d1f45
Fix systemd namespace issues taking effect after reboot
2018-12-24 06:27:33 +01:00
e0bfc5e633
Our hidden service should run on v3 by default
2018-12-10 16:58:50 +01:00
11c055ebcf
Remove commeted options
2018-12-07 22:18:49 +01:00
4f6539b31d
Introduce systemd.exec restrictions for better security
2018-12-07 21:54:44 +01:00
8e155012a7
Suppress chatty dovecot messages
2018-12-07 21:48:22 +01:00
4b25310396
Simplified sshd_config
2018-12-07 13:25:30 +01:00
be005c3137
Renamed config file
2018-12-05 17:18:46 +01:00
aedd8a1e6a
Update to latest mariadb version
2018-12-05 17:18:11 +01:00
64163823a8
dnsmasq should only listen on lo interface
2018-12-05 07:59:46 +01:00
4f059e66f7
Droped php7.2 systemd.service files
2018-12-04 13:29:17 +01:00
c651bb65c7
Add jounald.conf
2018-12-03 17:22:23 +01:00
22066309d5
Add login.defs file
2018-12-02 21:41:31 +01:00
363d1b31ad
Debian sid dropped php7.2 support - move to 7.3 only
2018-12-02 21:17:11 +01:00
2e0e69d605
We don't need apt repository translations
2018-12-02 19:31:26 +01:00
7111fa3a65
Prevent httpoxy vulnerability in PHP applications
2018-11-29 20:56:39 +01:00
9de11a9722
Dropped PHP7.1 support and install composer
2018-11-24 10:38:59 +01:00
e4e59782ca
Disabled RSA host key type (because small keys are generated by default), as well as ECDSA (due to suspicions of NSA-compromised P-curves). Enabled only strong key exchange, cipher, and MAC algorithms. See https://www.sshaudit.com/ and https://github.com/arthepsy/ssh-audit .
2018-11-19 15:01:11 -05:00
41b33f2c51
Drop PHP7.0 support
2018-11-18 20:50:35 +01:00
f4ca23336b
Add clamav virus scan to mails
2018-11-11 11:17:20 +01:00
5f3dfefa02
Drop now redundant config
2018-10-28 09:07:20 +01:00
9985ba4864
Add PHP7.3 support and let setup.php write initial config files
2018-10-24 19:59:02 +02:00
b80f30ac03
Ignore insecure 777 permissions set by users on logrotate
2018-10-21 10:44:23 +02:00
2cee59dc6f
Structure changes for future features
2018-10-20 18:20:27 +02:00
81c2364b7b
Better load distribution on multiple relays
2018-09-23 20:09:04 +02:00
382ea73efb
Update firewall rules
2018-09-10 19:20:11 +02:00
2c634b889c
Add dnsmasq DNS caching and performance tune tor instances
2018-09-10 19:11:02 +02:00
f43e699b91
chroot postfix
2018-06-18 20:24:00 +02:00
e6d798370f
secmail.pro dropped rewriting of .onion to .pro domain
2018-06-02 12:05:30 +02:00
943ca4b151
Enable fastcgi_cache
2018-05-15 20:45:49 +02:00
dda49153b3
Buffer access log writes to reduce IO
2018-05-13 09:04:12 +02:00
1a9ee646c6
Adapt firewall rule to new ftp ports
2018-05-06 09:57:24 +02:00
c6498ea1dc
Increase available ports for passive ftp
2018-05-05 14:10:01 +02:00
49a5b187b0
Increase buffer to get rid of errors on large response headers (e.g. cookies)
...
upstream sent too big header while reading response header
2018-04-22 15:07:00 +02:00
300cd647df
Increase limits and add putenv to disabled functions (vulerability)
...
Potential security vulnerability:
<?php
putenv("LD_PRELOAD=/home/site.onion/libtest.so");
mail("test@localhost","hacked","you");
2018-04-22 09:11:43 +02:00
c9487adb1a
MariaDB hit open_files_limit -> increase it
2018-03-12 06:47:18 +01:00
b2fab1ec53
Fix /var/run/nginx not being created on nginx start
2018-03-11 20:17:14 +01:00
7bd2e79f06
Separate nginx sockets for each site to make hoster identification harder
2018-03-08 20:57:42 +01:00
eca0c675cd
Added missing dovecot config to use home maildir
2018-02-11 19:53:10 +01:00
ea112b3389
Added missing authorized destinations for services also reachable via .onion
2018-02-11 17:36:50 +01:00
5163c7aa2b
Connect to unix socket for default site
2018-02-11 17:22:31 +01:00
fa24bb61ec
Added PHP 7.2 support + minor bugfixes and performance tweaks
...
Note when applying this update you will have to update existing nginx vhosts to match new listening addresses (IPv6). Preferably you should update them to unix socket though and apply the changes to the tor hidden service config as well
2018-02-10 22:10:07 +01:00
a9fd1b658c
Use X-Accel-Redirect in log.php output
2017-12-03 12:48:37 +01:00
99ccbdccfe
Updated tutorial for Ubuntu 16.04 LTS compatibility
2017-11-05 10:43:44 +01:00
