Bug fixes 2.x pr devel 2.x #1977
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…1593) Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* nginx-config-backup-and-cleaup-vhosts-on-rebuild * change module from command to unarchive * change module from command to unarchive
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
…vhost as the LE proxy handling may not be there if SSL wasn not configured before, and the vhost will not be there as we are recreating them by default (#1601)
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* r68069-alb-healthchecks-and-nginx * r68069-alb-healthchecks-and-nginx * r68069-alb-healthchecks-and-nginx * r68069-nice-indentation
* r69332-le-cron-mail-alerts * Changing-recipient-to-var * Changing-recipient-to-var-2 * Fixing-email-var * Fixing-email-var-2
* Fixing AWS ACL role defaults. * Docs update. * Punctuation fix!
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* First pass at APT repo role. * Adding APT autoremove task to the _exit role. * Adding systemd timer for APT key renewal. * Adding role documentation. * Adding new role to MySQL role to test. * Adding python-debian dependency for deb822 repo handling. * Removing obsolete variable check. * Defaulting the APT 'suites' value to the Ansible-detected release name. * Adding APT suite to MySQL repo installation. * Better docs and fixed a syntax error. * Fixing shell script for refreshing APT keys. * Ensuring APT clean-up in _exit always runs as root. * Fixing up MySQL config for 8.0 and tidying vars.
* First pass at APT repo role. * Adding APT autoremove task to the _exit role. * Adding systemd timer for APT key renewal. * Adding role documentation. * Adding new role to MySQL role to test. * Adding python-debian dependency for deb822 repo handling. * Removing obsolete variable check. * Defaulting the APT 'suites' value to the Ansible-detected release name. * Adding APT suite to MySQL repo installation. * Better docs and fixed a syntax error. * Fixing shell script for refreshing APT keys. * Ensuring APT clean-up in _exit always runs as root. * Fixing up MySQL config for 8.0 and tidying vars. * Adding MySQL repo to unattended upgrades. * Adding README for Docker CE, Docker Compose support and switching to apt_repository role. * Updating docker_registry role to use docker_ce and deleting obsolete docker_compose role. * Updating docs index. * Adding Docker repo to unattended upgrades. * Updating MySQL docs. * Updating repo handling for GitLab and GitLab Runner. * Ensuring wget is installed. * wget seems more reliable than cURL for key fetching. * Updating Jenkins repo handling. * Fixing openjdk default version and updating nodejs APT repo handling. * Removing OSSEC, replaced by Wazuh. * Updating repo handling for the PAM LinOTP role. * Updating repo handling for the LHCI role. * Updating repo handling for PHP components. * Trying out a different config for Jenkins. * Updating docs. * Forgot to remove old yarn repo code. * Adding python3-debian package to python_common defaults to avoid first build failures. * Adding list format support to APT role. * Testing list format support with jenkins role. * Downloading GPG public key. * Ensuring the _apt_repository.key_filename var exists. * Fixing SSL vars in Jenkins role. * Updating repo handling for jitsi role. * Updating docs. * Bad SSL var name.
…1641) * required_paramater_for_gp3_storage_type_tidying_up_and_refactoring * fix vars * fixing more vars * fixing more vars * fixing loop in template
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* First pass at APT repo role. * Adding APT autoremove task to the _exit role. * Adding systemd timer for APT key renewal. * Adding role documentation. * Adding new role to MySQL role to test. * Adding python-debian dependency for deb822 repo handling. * Removing obsolete variable check. * Defaulting the APT 'suites' value to the Ansible-detected release name. * Adding APT suite to MySQL repo installation. * Better docs and fixed a syntax error. * Fixing shell script for refreshing APT keys. * Ensuring APT clean-up in _exit always runs as root. * Fixing up MySQL config for 8.0 and tidying vars. * Adding MySQL repo to unattended upgrades. * Adding README for Docker CE, Docker Compose support and switching to apt_repository role. * Updating docker_registry role to use docker_ce and deleting obsolete docker_compose role. * Updating docs index. * Adding Docker repo to unattended upgrades. * Updating MySQL docs. * Updating repo handling for GitLab and GitLab Runner. * Ensuring wget is installed. * wget seems more reliable than cURL for key fetching. * Updating Jenkins repo handling. * Fixing openjdk default version and updating nodejs APT repo handling. * Removing OSSEC, replaced by Wazuh. * Updating repo handling for the PAM LinOTP role. * Updating repo handling for the LHCI role. * Updating repo handling for PHP components. * Trying out a different config for Jenkins. * Updating docs. * Forgot to remove old yarn repo code. * Adding python3-debian package to python_common defaults to avoid first build failures. * Adding list format support to APT role. * Testing list format support with jenkins role. * Downloading GPG public key. * Ensuring the _apt_repository.key_filename var exists. * Fixing SSL vars in Jenkins role. * Updating repo handling for jitsi role. * Updating docs. * Bad SSL var name. * Making timer name dynamic. * Adding missing repo format var to all APT repo handling. * Updating docs.
* Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults.
* First pass at APT repo role. * Adding APT autoremove task to the _exit role. * Adding systemd timer for APT key renewal. * Adding role documentation. * Adding new role to MySQL role to test. * Adding python-debian dependency for deb822 repo handling. * Removing obsolete variable check. * Defaulting the APT 'suites' value to the Ansible-detected release name. * Adding APT suite to MySQL repo installation. * Better docs and fixed a syntax error. * Fixing shell script for refreshing APT keys. * Ensuring APT clean-up in _exit always runs as root. * Fixing up MySQL config for 8.0 and tidying vars. * Adding MySQL repo to unattended upgrades. * Adding README for Docker CE, Docker Compose support and switching to apt_repository role. * Updating docker_registry role to use docker_ce and deleting obsolete docker_compose role. * Updating docs index. * Adding Docker repo to unattended upgrades. * Updating MySQL docs. * Updating repo handling for GitLab and GitLab Runner. * Ensuring wget is installed. * wget seems more reliable than cURL for key fetching. * Updating Jenkins repo handling. * Fixing openjdk default version and updating nodejs APT repo handling. * Removing OSSEC, replaced by Wazuh. * Updating repo handling for the PAM LinOTP role. * Updating repo handling for the LHCI role. * Updating repo handling for PHP components. * Trying out a different config for Jenkins. * Updating docs. * Forgot to remove old yarn repo code. * Adding python3-debian package to python_common defaults to avoid first build failures. * Adding list format support to APT role. * Testing list format support with jenkins role. * Downloading GPG public key. * Ensuring the _apt_repository.key_filename var exists. * Fixing SSL vars in Jenkins role. * Updating repo handling for jitsi role. * Updating docs. * Bad SSL var name. * Making timer name dynamic. * Adding missing repo format var to all APT repo handling. * Updating docs. * Fixing bug where list is passed instead of dict for systemd timer.
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Fixing-json-file-for-restore-testing * Missing-coma-in-json --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: filip <filip.rupic@codeenigma.com>
…ug_fixes_2.x-PR-devel-2.x
* Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections.
…ug_fixes_2.x-PR-devel-2.x
* Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths.
* r70596 create swap directory * remove stat check
* updating asg role to support custom rule on http and https * updating readme properly * updating docs for the asg role --------- Co-authored-by: filip <filip.rupic@codeenigma.com>
* Deleting obsolete Debian 10 requirements files. * Adding first pass at generic and reusable Ansible Galaxy role. * Docs update. * Updating README files. * Updating ce_provision and ce_deploy to use ansible_galaxy role. * Ansible Galaxy docs enhancement. * Cannot use _ansible in variable names, reserved. * Removing blocks for Galaxy installation, not needed. * Variables passed to Galaxy role were wrong.
…ug_fixes_2.x-PR-devel-2.x
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 5773360 | Triggered | Generic Password | 65f72f4 | install.sh | View secret |
| 5773360 | Triggered | Generic Password | 4fa0f63 | install.sh | View secret |
| 5773360 | Triggered | Generic Password | c6f95bb | install.sh | View secret |
| 11380256 | Triggered | Username Password | 7fe424b | roles/debian/wazuh/defaults/main.yml | View secret |
| 11380256 | Triggered | Username Password | bb1d5cd | roles/debian/wazuh/defaults/main.yml | View secret |
| 11380256 | Triggered | Username Password | e901344 | roles/debian/wazuh/defaults/main.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.