profile
viewpoint
Giacomo Sanchietti gsanchietti Nethesis Pesaro http://www.nethserver.org Intransigent Linux purist and evangelist. Skeptic by nature: he believes only in code and beer. He works on @NethServer and his favorite command is "git blame".

gsanchietti/fence-agents 1

Some fence agents for Red Hat Cluster 5 and 6

gsanchietti/arp-scan 0

arp-scan build for EL8

gsanchietti/asterisk13 0

NethServer RPM for Asterisk 13

gsanchietti/bandwidthd 0

Collection of patches to memorable bandwidthd 2.0.1

gsanchietti/chrome-nethserver-phonehome 0

Chrome extension for NethServer Phone Home

gsanchietti/cidlookup 0

Module of FreePBX (CallerID Lookup) :: Allows CallerID Lookup of incoming calls against different sources (OpenCNAM, MySQL, HTTP, ENUM, Phonebook Module)

gsanchietti/commitlint 0

📓 Lint commit messages

gsanchietti/compact 0

JS and CSS useful compacter

issue closednethesis/dev

Cron email after Flashstart removal

After removing nethserver-flashstart, I'm annoyed by periodic emails containing:

"/bin/sh: /etc/e-smith/events/actions/nethserver-flashstart-auth-ip: No such file or directory"

The above command is launched by /etc/cron.d/flashstart-auth-ip, which, being templated, is not removed on uninstallation.

Steps to reproduce

  • Install nethserver-flashstart
  • Remove it
  • Read root's email

Expected behavior

No email, cron file removed

Actual behavior

Email, cronjob installed

closed time in 2 days

filippocarletti

issue commentnethesis/dev

Cron email after Flashstart removal

Test case Check the issue is not reproducible

filippocarletti

comment created time in 3 days

issue closedNethServer/dev

Blacklist: log rotate error on /var/log/pihole-FTL.log

After logrotate execution, cron generates an annoying mail error if DNS blacklist has never been enabled.

Steps to reproduce

  • Install nethserver-blacklist
  • Verify that /var/log/pihole-FTL.log does not exists
  • Execute: logrotate -f /etc/logrotate.conf

Expected behavior

No error should be raised.

Actual behavior

The systems raises this error:

error: stat of /var/log/pihole-FTL.log failed: No such file or directory

Components nethserver-blacklist-1.1.1-1.ns7.noarch

See also

https://community.nethserver.org/t/error-stat-of-var-log-pihole-ftl-log-failed/16004


Thanks to Amort_Gottfried

closed time in 3 days

gsanchietti

push eventNethServer/nethserver-blacklist

Giacomo Sanchietti

commit sha 408c96d8e17dca58f5852c3fa544ba195c088b9e

Release 1.1.2

view details

push time in 3 days

created tagNethServer/nethserver-blacklist

tag1.1.2

Blacklist for NethServer

created time in 3 days

issue closedNethServer/dev

Nextcloud facter. Remove useless "size" attribute

The /opt/puppetlabs/puppet/lib/ruby/2.1.0/facter/nextcloud.rb fact produces:

{
  "nextcloud": {
    "users": <user-num>,
    "size": <size>
  }
}

In some cases, the size attribute produced by du command may cause problems on inventory generation, because the command execution takes much time.

Since the information produced is not useful, remove the size attribute.

Components

nethserver-nextcloud

closed time in 3 days

edospadoni

created tagNethServer/nethserver-nextcloud

tag1.12.2

NextCloud integration in NethServer

created time in 3 days

push eventNethServer/nethserver-nextcloud

Giacomo Sanchietti

commit sha f95085d6358aec8d19eef03afe91cf8b0a0dec41

Release 1.12.2

view details

push time in 3 days

issue commentNethServer/dev

Nextcloud facter. Remove useless "size" attribute

After the update:

[root@test ~]# facter -j nextcloud
{
  "nextcloud": {
    "users": 2
  }
}

The du command is not executed any more.

Verified.

edospadoni

comment created time in 3 days

issue commentNethServer/dev

Blacklist: log rotate error on /var/log/pihole-FTL.log

Test case Check the bug is not reproducible.

gsanchietti

comment created time in 3 days

delete branch NethServer/nethserver-blacklist

delete branch : better_logrotate

delete time in 3 days

push eventNethServer/nethserver-blacklist

Giacomo Sanchietti

commit sha d253f5f85b1c03be3e7923ab1ad37e3bfb8b9eec

logorotate: prevent missing file error Previously, if pihole-FTL was never started, logrotate produced the following output: error: stat of /var/log/pihole-FTL.log failed: No such file or directory Such error was generating an annoying mail by cron.

view details

Giacomo Sanchietti

commit sha 76c5ab71844885f21ba64febf88285e37b881fcb

logrotate: use system defaults Inherit compression, rotate and weekly from system defaults.

view details

Giacomo Sanchietti

commit sha 8646fd776e981fb20a063542c599b68f196f5e3c

Merge pull request #27 from NethServer/better_logrotate Better logrotate NethServer/dev#6226

view details

push time in 3 days

PR merged NethServer/nethserver-blacklist

Better logrotate
  • use system default logorate configuration
  • avoid error if /var/log/pihole-FTL.log is missing

NethServer/dev#6226

+1 -3

1 comment

1 changed file

gsanchietti

pr closed time in 3 days

issue openedNethServer/dev

Blacklist: log rotate error on /var/log/pihole-FTL.log

After logrotate execution, cron generates an annoying mail error if DNS blacklist has never been enabled.

Steps to reproduce

  • Install nethserver-blacklist
  • Verify that /var/log/pihole-FTL.log does not exists
  • Execute: logrotate -f /etc/logrotate.conf

Expected behavior

No error should be raised.

Actual behavior

The systems raises this error:

error: stat of /var/log/pihole-FTL.log failed: No such file or directory

Components nethserver-blacklist-1.1.1-1.ns7.noarch

See also

https://community.nethserver.org/t/error-stat-of-var-log-pihole-ftl-log-failed/16004


Thanks to Amort_Gottfried

created time in 3 days

PR opened NethServer/nethserver-blacklist

Better logrotate
  • use system default logorate configuration
  • avoid error if /var/log/pihole-FTL.log is missing
+1 -3

0 comment

1 changed file

pr created time in 3 days

create barnchNethServer/nethserver-blacklist

branch : better_logrotate

created branch time in 3 days

issue closednethesis/dev

Weekly reports: nextcloud miner error

On fresh installation of NethServer with Nextcloud, weekly-report generates an error fetching Nextcloud data:

malformed JSON string, neither array, object, number, string or atom, at character offset 0 (before "(end of string)") at /usr/share/dante/miners/nextcloudsize-list line 40.

The command that fails (line 40 inside /usr/share/dante/miners/nextcloudsize-list) is:

my $users = decode_json(`su - apache -s /bin/bash -c "source /opt/rh/rh-php72/enable; cd /usr/share/nextcloud/; php occ --output=json user:list" 2>/dev/null`);

This seems to happen because Nextcloud miner tries to use an unavailable version of PHP:

~]# su - apache -s /bin/bash -c "source /opt/rh/rh-php72/enable; cd /usr/share/nextcloud/; php occ --output=json user:list"
-bash: /opt/rh/rh-php72/enable: No such file or directory
PHP Parse error:  syntax error, unexpected 'class' (T_CLASS), expecting identifier (T_STRING) or variable (T_VARIABLE) or '{' or '$' in /usr/share/nextcloud/console.php on line 97

In fact, on new systems PHP72 is no more avaliable:

~]# scl -l
rh-php73

To workaround the problem you could change the hard-coded path of PHP inside the script (php72 -> php73).

Steps to reproduce

  • Install a brand new NethServer, then install Nextcloud
  • Wait for the weekly report to execute and look for the mail it generates to root or run from terminal:
    sh -x /usr/bin/ciacco
    

Expected behavior

Miner should fetch the data without errors even in freshly installed systems

Actual behavior

root receives a mail with a weird - but harmless - "malformed JSON string" error

Components

dante-0.4.0-1.ns7.x86_64 nethserver-dante-1.0.2-1.ns7.noarch

closed time in 4 days

nrauso

issue commentnethesis/dev

Weekly reports: nextcloud miner error

Released in nethserver-updates: dante-0.4.1-1.ns7.x86_64.rpm

nrauso

comment created time in 4 days

push eventnethesis/dante

Giacomo Sanchietti

commit sha d76dfe434c21e9256d8a2f46ccd21a71909961d8

Release 0.4.1

view details

push time in 4 days

created tagnethesis/dante

tag0.4.1

Single stack reports made simple

created time in 4 days

issue commentnethesis/dev

Weekly reports: nextcloud miner error

Test case Check the bug is not reproducible

To install the package: yum --enablerepo=nethserver-testing update dante

nrauso

comment created time in 4 days

issue commentnethesis/dev

Weekly reports: nextcloud miner error

In testing: dante-0.4.0-1.1.g1dd8c7d.ns7.x86_64.rpm

nrauso

comment created time in 4 days

delete branch nethesis/dante

delete branch : issue5842

delete time in 4 days

push eventnethesis/dante

Giacomo Sanchietti

commit sha 1dd8c7dd49863eeadf3d3a49d5b4712fe5c904a6

nextcloud miner: use new occ wrapper (#17) The occ wrapper will take care to always call the correct PHP version. nethesis/dev#5842

view details

push time in 4 days

PR opened nethesis/dante

nextcloud miner: use new occ wrapper

The occ wrapper will take care to always call the correct PHP version.

Nethesis/dev#5482

+1 -1

0 comment

1 changed file

pr created time in 4 days

create barnchnethesis/dante

branch : issue5842

created branch time in 4 days

issue closedNethServer/dev

UPS - Model search bug on Cockpit

Steps to reproduce

  • Access UPS application on Cockpit
  • Enable NUT UPS in Settings page
  • Set Mode: Server
  • Start typing a Model, e.g. "APC"

Expected behavior

  • The list of models matching user input is shown in the select box

Actual behavior

  • Only the first 10 models matching user input are shown

Components

nethserver-nut-1.5.3-1.ns7.noarch

closed time in 4 days

andre8244

created tagNethServer/nethserver-nut

tag1.5.4

NethServer NUT configuration

created time in 4 days

push eventNethServer/nethserver-nut

Giacomo Sanchietti

commit sha a2e2054991492c7e0bde01e59feb4fcdab965951

Release 1.5.4

view details

push time in 4 days

Pull request review commentNethServer/asterisk13

Update to 13.34.0

 diff -ur asterisk-13.18.0/apps/app_queue.c asterisk-13.18.0.lazymembers/apps/app  		}  	}  -Only in asterisk-13.18.0.lazymembers/apps: app_queue.c.orig+Only in asterisk-13.34.0.lazymembers/apps: app_queue.c.orig+Only in asterisk-13.34.0.lazymembers/apps: app_queue.c.rej

Can these lines be removed?

Stell0

comment created time in 4 days

pull request commentNethServer/nethserver-httpd

Proxypass websockets

The current implementation does not distinguish between http/https and ws/wss correctly.

It seems to that the patch does it, please see https://github.com/NethServer/nethserver-httpd/pull/82/files#diff-42c79099ae157d3645e15bd28ffd77c3R12-R16

Could you please eventually propose a fix directly here in the code? You can use the suggestion feature: https://haacked.com/archive/2019/06/03/suggested-changes/

stephdl

comment created time in 5 days

delete branch NethServer/docs

delete branch : suricata_bypass

delete time in 5 days

push eventNethServer/docs

Giacomo Sanchietti

commit sha 998d08e0844f68b11b5fa4d00f6969e32b57e1a2

suricata: describe bypass

view details

Giacomo Sanchietti

commit sha 52a4d4e1c2dedd1e88b2b8fce5997b2e577f82e0

suricata: fix multiple typos

view details

Giacomo Sanchietti

commit sha 2011d3ff90bdf0ce0ed267b03df818cdc46c6d63

Merge pull request #520 from NethServer/suricata_bypass Suricata bypass NethServer/dev#6222

view details

push time in 5 days

PR merged NethServer/docs

Suricata bypass

NethServer/dev#6222

+21 -8

0 comment

1 changed file

gsanchietti

pr closed time in 5 days

PR opened NethServer/docs

Reviewers
Suricata bypass

NethServer/dev#6222

+21 -8

0 comment

1 changed file

pr created time in 5 days

create barnchNethServer/docs

branch : suricata_bypass

created branch time in 5 days

issue closedNethServer/dev

Postfix: Move TLS to nethserver-mail-common

When an MTA does a SMTP transaction with a NethServer used as SMTP proxy, no TLS is offered. Move TLS encryption from nethserver-mail-server to nethserver-mail-common to support this scenario.

Proposed solution

  • move all related TLS postfix encryption to nethserver-mail-common
  • use the same postfix TLS key and certificate rather than the dovecot key|cert

Additional context

https://trello.com/c/4mWMiX2h/27-postfix-tls-in-mail-common-rpm

closed time in 5 days

stephdl

push eventNethServer/nethserver-mail

Giacomo Sanchietti

commit sha 654e09a8c01bec151669769dd3e40ab1b9f55b91

Release 2.17.0

view details

push time in 5 days

pull request commentNethServer/nethserver-httpd

Proxypass websockets

I've tested it with Mattermost and WebTop (both using websocket):

  • Mattermost raises an error: Firefox can’t establish a connection to the server at wss://mattermost.test.local/api/v4/websocket.
  • WebTop enters and endless loop after login

Those were the same symptom I've already reported in the community thread.

stephdl

comment created time in 5 days

issue closedNethServer/dev

OpenSSH: Use strong encryption

We use by default a weak list of cipher with openssh to provide a larger number of older openssh client to connect.

Proposed solution

I propose with a checkbox button to restrict the list of ciphers to strong ciphers only

Alternative solutions

There is not much alternative, change the port of ssh, use fail2ban

Additional context

This solution will be a kind of TLS policy, it proposes to protect by a strong encryption your connection to the server.

See also

https://community.nethserver.org/t/sshd-using-insecure-ciphers/15745


thank SpiceDenver

closed time in 5 days

stephdl

created tagNethServer/nethserver-openssh

tag1.6.0

created time in 5 days

push eventNethServer/nethserver-openssh

Giacomo Sanchietti

commit sha f9f1f287b8dd7e3ed6f48e0fe4ee719088fda6f1

Release 1.6.0

view details

push time in 5 days

created tagNethServer/nethserver-cockpit

tag1.7.5

NethServer Cockpit UI and new Server Manager

created time in 5 days

push eventNethServer/nethserver-cockpit

Giacomo Sanchietti

commit sha 6335ab324a4629fff712512d12da9911d73b00a0

Release 1.7.5

view details

push time in 5 days

issue commentNethServer/dev

Cockpit UI & API: add bypass to IPS

Test case 1

  • Enable suricata
  • Create a custom rule:
    echo 'drop icmp 1.1.1.1 any -> $HOME_NET any (msg:"Test ICMP Packet from 1.1.1.1"; sid:1000001; rev:1;)' > /etc/suricata/rules/custom.rules
    signal-event nethserver-suricata-update
    
  • Access a host inside the green network (eg. 192.168.1.22), and try to ping 1.1.1.1
  • Traffic must be blocked

Test case 2

  • After test case 1
  • Access the Bypass page
  • Add the IP of host inside the green network (eg. 192.168.1.22) to the bypass list
  • Try to ping 1.1.1.1 from the host: the ping must work

Test case 3

  • Repeat test case 2 using a firewall host object instead of specifying a raw IP address
edospadoni

comment created time in 5 days

push eventNethServer/nethserver-suricata

Giacomo Sanchietti

commit sha f1c2546abbcce5b7168a8b58257758e35cc8f4f8

README: improve custom rule section [skip ci]

view details

push time in 5 days

issue commentNethServer/dev

OpenSSH: Use strong encryption

Tested with following clients:

  • Ubuntu 14.04
  • Putty
  • Fedora 32
  • CentOS 7

Output of ssh-audit:

# general
(gen) banner: SSH-2.0-OpenSSH_7.4
(gen) software: OpenSSH 7.4
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib@openssh.com)

# key exchange algorithms
(kex) curve25519-sha256              -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
(kex) curve25519-sha256@libssh.org   -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) diffie-hellman-group14-sha256  -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group16-sha512  -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512  -- [info] available since OpenSSH 7.3

# host-key algorithms
(key) ssh-ed25519                    -- [info] available since OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) aes128-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                     -- [info] available since OpenSSH 3.7
(enc) aes256-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-gcm@openssh.com         -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com         -- [info] available since OpenSSH 6.2
(enc) chacha20-poly1305@openssh.com  -- [info] available since OpenSSH 6.5
                                     `- [info] default cipher since OpenSSH 6.9.

# message authentication code algorithms
(mac) hmac-sha2-512-etm@openssh.com  -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com  -- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com       -- [info] available since OpenSSH 6.2

# fingerprints
(fin) ssh-ed25519: SHA256:f+WQ+KnjxuyqZwdg9NRdHtF+ekgFyfTnRc81YbOr6N0

# algorithm recommendations (for OpenSSH 7.4)
(rec) +diffie-hellman-group-exchange-sha256-- kex algorithm to append 
(rec) +rsa-sha2-256                  -- key algorithm to append 
(rec) +rsa-sha2-512                  -- key algorithm to append 

Checked also at https://www.ssh-audit.com/

Verified

stephdl

comment created time in 5 days

delete branch NethServer/nethserver-suricata

delete branch : custom_rules

delete time in 5 days

push eventNethServer/nethserver-suricata

Giacomo Sanchietti

commit sha b35902834c70bd1ebbe4851d9c40a918e1f20419

config: load custom rules (#27) Allow the addition of a custom rule files to meet specific user needs. NethServer/dev#6222

view details

push time in 5 days

PR merged NethServer/nethserver-suricata

config: load custom rules

Allow the addition of a custom rule files to meet specific user needs.

NethServer/dev#6222

+10 -0

2 comments

2 changed files

gsanchietti

pr closed time in 5 days

push eventNethServer/nethserver-suricata

Giacomo Sanchietti

commit sha 2a0825c64a693e4e0f05f60121cb6b04f9315a61

config: load custom rules Allow the addition of a custom rule files to meet specific user needs.

view details

push time in 5 days

PR opened NethServer/nethserver-suricata

Reviewers
config: load custom rules

Allow the addition of a custom rule files to meet specific user needs.

NethServer/dev#6222

+10 -0

0 comment

2 changed files

pr created time in 5 days

create barnchNethServer/nethserver-suricata

branch : custom_rules

created branch time in 5 days

push eventNethServer/nethserver-openssh

Giacomo Sanchietti

commit sha d1c92b19584d2ed60e8373470f2ed019f7e572a5

config: use stronger ciphers (#16) Apply suggestions from ssh-audit tool. NethServer/dev#6218

view details

push time in 5 days

PR merged NethServer/nethserver-openssh

config: use stronger ciphers

Apply suggestions from ssh-audit tool.

The tool is available here. You can even use the online version: https://www.ssh-audit.com/

I've tested the access to the server with following clients:

  • CentOS 7
  • Fedora 31
  • Putty

NethServer/dev#6218

+4 -4

2 comments

1 changed file

gsanchietti

pr closed time in 5 days

push eventNethServer/nethserver-cockpit

Giacomo Sanchietti

commit sha 8f2403556e4e8b845186a9556195495e07b0b69c

ui: improve hardening label (#279) NethServer/dev#6218 Co-authored-by: Filippo Carletti <filippo.carletti@gmail.com>

view details

push time in 5 days

PR merged NethServer/nethserver-cockpit

ui: improve hardening label

NethServer/dev#6218

+1 -1

2 comments

1 changed file

gsanchietti

pr closed time in 5 days

pull request commentNethServer/nethserver-openssh

config: use stronger ciphers

a comment should be added to explain that the key must be removed of the known_hosts

See NethServer/nethserver-cockpit#279

gsanchietti

comment created time in 5 days

PR opened NethServer/nethserver-cockpit

Reviewers
ui: improve hardening label

NethSever/dev#6218

+1 -1

0 comment

1 changed file

pr created time in 5 days

create barnchNethServer/nethserver-cockpit

branch : hardening

created branch time in 5 days

delete branch NethServer/nethserver-suricata

delete branch : bypass

delete time in 5 days

push eventNethServer/nethserver-suricata

Edoardo Spadoni

commit sha 765c0d06290ccb34b67f72a63709c25b6b92cb22

bypass. scaffolded files and templates

view details

Edoardo Spadoni

commit sha 1e09e9ef4d6514367aa334de01915eecfb1d3a92

bypass rules. add rules only if record is enabled

view details

Edoardo Spadoni

commit sha e4e04b22e77aaf49d41622919c0710ab5964b225

ui. added bypass view

view details

Edoardo Spadoni

commit sha 842e0161609dc7c236c443accd605d383857beb2

api. added bypass api

view details

Edoardo Spadoni

commit sha 277951203b79a706baedbd14ddb6e95e1f7f509d

ui & api. added support for raw type

view details

Edoardo Spadoni

commit sha d611ee57cdf2767d49eb4af7bb288cba53a820fa

ui. fixed empty states in dashboard

view details

Edoardo Spadoni

commit sha dee5aea9cf186cc6907fdfafa8900f02bb83327e

templates. removed useless else statement

view details

Giacomo Sanchietti

commit sha 4b12e680a36a060b577917e8f4374bc72b321ed0

cosmetic: update copyright date

view details

Giacomo Sanchietti

commit sha 0ae2a2859873a8646f8fb3a17afdc59e2676f08d

template: refactor for suricata repeat mode

view details

Edoardo Spadoni

commit sha 788351e41fae73067b6e1f4c29b0c8a330e89c5d

ui. added new vue-good-table

view details

Edoardo Spadoni

commit sha fa529a1bb72bd601365675fb298f2602d4bf790f

ui. added vue-good-table css

view details

Giacomo Sanchietti

commit sha 022532d3aeebbe1c6a391a30dd5e3e3f71056341

firewall: merge source and destination bypasses Due to some Shorewall limitations, the bypass can't be implemented respecting network traffic direction. New implementation: when a host has a bypass, all traffic from/to that host will be ignored.

view details

Edoardo Spadoni

commit sha 9a99eae5db28a7dc99b47cfeea9e27d9ca09f5ab

ui & api. removed src and dst type of bypass

view details

Edoardo Spadoni

commit sha 6775632ae634ccfabed2f68e209d90a7c9dd7ab8

api. remove type if raw

view details

Giacomo Sanchietti

commit sha 05c1cfedacdc1a5f84e046b984269e1aaa2fa004

Merge pull request #26 from NethServer/bypass Add bypass for suricata This is a refactor of #16 after implementation of repeat mode. NethServer/dev#6222

view details

push time in 5 days

PR merged NethServer/nethserver-suricata

Add bypass for suricata

This is a refactor of #16 after implementation of repeat mode.

This is just a draft but it's already working.

https://github.com/NethServer/dev/issues/6222

+1077 -9331

6 comments

20 changed files

gsanchietti

pr closed time in 5 days

PR opened NethServer/nethserver-openssh

Reviewers
config: use stronger ciphers

Apply suggestions from ssh-audit tool.

The tool is available here. You can even use the online version: https://www.ssh-audit.com/

+4 -4

0 comment

1 changed file

pr created time in 6 days

create barnchNethServer/nethserver-openssh

branch : hardening

created branch time in 6 days

push eventnethesis/nethvoice-docs

Filippo Carletti

commit sha b70ef65ddd683fc445c8ffb0b00069e9e82a5307

Minor improvements (#74)

view details

push time in 6 days

PR merged nethesis/nethvoice-docs

Minor improvements

Minor improvements.

+2 -2

1 comment

1 changed file

filippocarletti

pr closed time in 6 days

pull request commentnethesis/nethvoice-docs

Minor improvements

Please the commit message should be always in English

filippocarletti

comment created time in 6 days

issue commentNethServer/dev

OpenSSH: Use strong encryption

I'm using ssh-audit for testing, which is included also in debian. To install and use it:

git clone https://github.com/jtesta/ssh-audit.git --depth=1
cd ssh-audit
./ssh-audit.py localhost
stephdl

comment created time in 6 days

PR opened nethesis/nethvoice-docs

Reviewers
Restore all wizard sections on main manual (#72)
  • Split Application on other section

  • Link obsolete provioning manual in obsolete wizard manual

  • Better specified model and firmware required

  • Restore all wizard sections

  • Change guilabel with ref for new section Application

  • Syntax fixes

+416 -29

0 comment

6 changed files

pr created time in 6 days

push eventNethServer/nethserver-suricata

Giacomo Sanchietti

commit sha 022532d3aeebbe1c6a391a30dd5e3e3f71056341

firewall: merge source and destination bypasses Due to some Shorewall limitations, the bypass can't be implemented respecting network traffic direction. New implementation: when a host has a bypass, all traffic from/to that host will be ignored.

view details

push time in 6 days

issue closedNethServer/dev

DNS Blacklists for threat shield

DNS blacklists would be a nice addition for threat shield module, cause they can be very effective and provide a greater protection for clients over the IP blacklists.

Proposed solution

  • I propose to create a new DNS proxy that send requests to DNS that provide this kind of service
  • it should have the possibility to set the DNS proxy as transparent and allow to choose zones were the service must be active.
  • it should have bypass options for sources based on firewall objects
  • It could have a new settings page for threath shield and we could have ip blacklists settings (the page we have now) and dns blacklists settings in 2 separate pages.

Steps

  • UI. Create new DNS Blacklist page on Cockpit, under Threat shield module (Dashboard and DNS Proxy page)
  • Backend. Add new DNS proxy lists and configure them using pi-hole, retrieve statistics and implement bypass in shorewall

closed time in 6 days

cotosso

push eventNethServer/nethserver-blacklist

Giacomo Sanchietti

commit sha 80411667f7cdf53fb14ccc04987d376d8b5b5dc9

Release 1.1.1

view details

push time in 6 days

created tagNethServer/nethserver-blacklist

tag1.1.1

Blacklist for NethServer

created time in 6 days

issue commentNethServer/dev

DNS Blacklists for threat shield

No more crashed found, also the restart now takes about only 1 second.

Verified.

cotosso

comment created time in 6 days

push eventNethServer/nethserver-ntopng

Giacomo Sanchietti

commit sha 0ec4955f4edb40663e105b68e4be58962b6efbb4

README: add download section [skip ci]

view details

push time in 6 days

issue commentNethServer/dev

Change view on ntopng redirects on server-manager

After the update the service is restarted but it's not listening on port 3000 and crashes after few minutes:

[root@fw 7]# curl http://localhost:3000
Unable to serve requests at this time, possibly starting up or shutting down.
cotosso

comment created time in 6 days

issue commentNethServer/dev

Change view on ntopng redirects on server-manager

Test case Check the bug is not reproducible

cotosso

comment created time in 6 days

issue commentNethServer/dev

Change view on ntopng redirects on server-manager

It seems that upstream has already fixed the bug. In testing:

  • n2n-2.7.0-438.x86_64.rpm
  • ndpi-3.3.0-2612.x86_64.rpm
  • ntopng-4.1.200707-10211.x86_64.rpm
  • ntopng-data-4.1.200707-10211.noarch.rpm
  • pfring-7.7.0-3068.x86_64.rpm
cotosso

comment created time in 6 days

issue commentnethesis/dev

Cron email after Flashstart removal

This is the expected behavior which is common to all NethServer packages: expanded templates are not removed.

Also, bear in mind that packages removal on Enterprise is not supported. So I'm willing to close it as invalid.

filippocarletti

comment created time in 6 days

issue closednethesis/dev

Leopard documentation for stable release

  • [x] Line and soft key types documentation
  • [x] Detailed description of provisioning parameters from UI point of view
  • [x] Swap beta/stable pages, like wizard and wizard2
  • [x] Migration procedure

Still todo:

  • English Translation

closed time in 6 days

DavidePrincipi

issue commentNethServer/dev

WebTop: automatic restart of tomcat8@webtop service on failure

There is no valid package in nethserver-updates, please check the build process.

Amygos

comment created time in 6 days

IssuesEvent

push eventNethServer/docs

Luca Gasparini

commit sha abf068c258adddbf19c802a9f972e32b4900b038

Update webtop5 docs (#519) - Remove SMTP Settings - Improve domain mailcard setting explanation

view details

push time in 6 days

PR merged NethServer/docs

Update webtop5 docs
  • Remove SMTP Settings
  • Improved domain mailcard setting explanation
+2 -18

0 comment

3 changed files

lucagasparini

pr closed time in 6 days

push eventNethServer/nethserver-openssh

Stephane de Labrusse

commit sha ad1a11f84866aa4b1dd9ff565becc8c9f8a0afc4

Require strong encryption if enabled (#15) NethServer/dev#6218 The cipher list comes from https://www.ssh.com/ssh/sshd_config/ (sha1 has been removed)

view details

push time in 6 days

PR merged NethServer/nethserver-openssh

Reviewers
Require strong encryption if enabled

The encryption of the ssh server might be enforced by the usage of strong cipher, this is the backend of this feature

https://github.com/NethServer/dev/issues/6218

the cipher list comes from https://www.ssh.com/ssh/sshd_config/ (sha1 has been removed)

+17 -0

5 comments

2 changed files

stephdl

pr closed time in 6 days

push eventNethServer/nethserver-cockpit

Stephane de Labrusse

commit sha bb37d6b2aa8570434645c6a28eb25db3ff5250af

Enforce the ssh encryption (#277) api&ui. harden ssh encryption NethServer/dev#6218 Co-authored-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>

view details

push time in 6 days

PR merged NethServer/nethserver-cockpit

Enforce the ssh encryption

The encryption of the ssh server might be enforced by the usage of strong cipher, this is the UI of this feature

https://github.com/NethServer/dev/issues/6218

Screenshot (41) Screenshot (40)

+59 -9

4 comments

5 changed files

stephdl

pr closed time in 6 days

push eventnethesis/nethvoice-docs

Davide Principi

commit sha d9a0e19ab42a03f3fe8ceaacc7a5dd419105b062

Use Python 3 Zanata client The Python 3 Zanata client is more lightweight and seems the only one available on Fedora 31+.

view details

Davide Principi

commit sha d44d4fd0573d38afe4342813d105d6fe770400ae

Fix italian translation of Sphinx builtin strings

view details

Davide Principi

commit sha 3ac2b18b0fd00904a8b85863ae78e5a360600d41

Use Python 3 Zanata client (#68) * Use Python 3 Zanata client The Python 3 Zanata client is more lightweight and seems the only one available on Fedora 31+. * Fix italian translation of Sphinx builtin strings nethesis/dev#5833

view details

Davide Principi

commit sha ccb7906a3fb36a19cb53a09eaa68c883e866aa80

Initial migration procedure import

view details

Davide Principi

commit sha 6694a6be908e274f9f1ca95d336d1372875b55d3

Add DHCP options for custom DHCP servers

view details

Davide Principi

commit sha 1a0bf39c14aba7b752b898d289213040e2419785

Additional steps for migration

view details

Davide Principi

commit sha a33a5934d24d4c63db85bc7d73c2bc2ab699381e

Fix link to Mobile App

view details

Davide Principi

commit sha da42daae42020d7ec4afb5f2bdaacafa6c28ec22

Add details of Model panels (#67) * Add details of Model panels * Add provisioning parameters reference page * Add line keys and soft keys tables * Apply suggestions from code review Co-authored-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it> nethesis/dev#5833

view details

Davide Principi

commit sha 61c9368f14bedf09031d0bbb28bff7c1d5191f18

Suppress Sphinx warning

view details

Davide Principi

commit sha 0e91f3b67b0bd5d1aacd4bbbcda6601e4865fd58

Code review

view details

Davide Principi

commit sha 08e3e0c506666cf0a61e90cbcafc234dc6d74296

Merge pull request #69 from DavidePrincipi/migration Import the migration procedure nethesis/dev#5833

view details

Davide Principi

commit sha d3ad063d98d11cd01b9d4e686b2f6e201303844a

Tancredi provisioning (#70) Swap the beta/stable pages. The Tancredi provisioning engine is now stable. Co-authored-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>

view details

Giacomo Sanchietti

commit sha 5c48124ee3e8f1e3936db020421d1674e5abd6c2

Merge pull request #71 from nethesis/master Tancredi release

view details

push time in 6 days

PR merged nethesis/nethvoice-docs

Reviewers
Tancredi release

Tancredi is ready for prime time

+621 -2137

0 comment

20 changed files

gsanchietti

pr closed time in 6 days

issue closedNethServer/dev

Janus-Gateway: upgrade to 922b392

Description

Current version is 0.9.4 ~Upgrade to 0.9.5~ ~Upgrade to 0.10.1~ ~Upgrade to the latest master commit 085ed393e8be15834e8b263a990494986518bd05~ ~Upgrade to the latest master commit a46344d~ Upgrade to the latest master commit 922b392

Additional context

https://github.com/meetecho/janus-gateway

Involved packages janus-gateway nethserver-janus

closed time in 6 days

alepolidori

issue closedNethServer/dev

Enable Janus Admin Api as default on localhost

Description

Enable Janus admin api as a default. The Admin Api is useful and requested by the developers to analyze and debug strange scenarios. For example you can understand if a problem is related to SSL, or ICE gathering or media streams. You can also extract the executed janus version, you can change log level on the fly, etc... Here is the doc: https://janus.conf.meetecho.com/docs/admin.html

Expected behavior

The api have to be listening on localhost on default port 7088 using http protocol. Then you can use it establishing a tunnel to the localhost address.

Actual behavior

The admin apis are disabled by defuault.

Components

nethserver-janus

closed time in 6 days

alepolidori

issue commentnethesis/dev

Development builds for Janus and sofia-sip

Development builds are good but problems still persist on normal builds: there no way to publish to updates using travis.

I have manually built all dependencies for current release, I leave this issue open since it requires further development.

DavidePrincipi

comment created time in 6 days

created tagNethServer/nethserver-janus

tag1.2.0

Janus Gateway NethServer configuration templates

created time in 6 days

push eventNethServer/nethserver-janus

Giacomo Sanchietti

commit sha a1fd3adfa09d7a498cd0e6ec289708fd54e4f1ea

Release 1.2.0

view details

push time in 6 days

issue commentNethServer/dev

Enable Janus Admin Api as default on localhost

Output:

curl -v -X POST -d "{\"admin_secret\":\"xxxx\",\"janus\":\"list_sessions\",\"transaction\":\"12345\"}" http://localhost:7088/admin
* About to connect() to localhost port 7088 (#0)
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 7088 (#0)
> POST /admin HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:7088
> Accept: */*
> Content-Length: 81
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 81 out of 81 bytes
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Transfer-Encoding: chunked
< Access-Control-Max-Age: 86400
< Access-Control-Allow-Origin: *
< Content-Type: application/json
< Date: Mon, 06 Jul 2020 15:31:24 GMT
< 
{
   "janus": "success",
   "transaction": "12345",
   "sessions": [
      3106229029736013,
      2941847598016581,
      159666165628995,
      6905304652080785,
      3016009420255431,
      ...
}

Verified

alepolidori

comment created time in 6 days

delete tag NethServer/sofia-sip

delete tag : 0.0.0

delete time in 7 days

delete tag NethServer/janus-gateway

delete tag : 0.0.0

delete time in 7 days

MemberEvent
more