DuckCorp Projects: Issueshttps://projects.duckcorp.org/https://projects.duckcorp.org/favicon.ico?16699090422021-11-24T14:03:15ZDuckCorp Projects
Redmine DuckCorp Infrastructure - Enhancement #745 (New): ban IPs that try to authenticate with a nonexis...https://projects.duckcorp.org/issues/7452021-11-24T14:03:15ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Fail2ban should block the following attemps:<br /><pre>
Nov 24 15:06:46 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:00 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:20 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:30 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:07:44 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
Nov 24 15:08:04 Toushirou dovecot[1308700]: auth: ldap(<redacted>,XXX.237.103.19): unknown user
</pre></p>
<p>Some numbers in order to support the new filter (the oldest entry in the journal is 7 days old):<br /><pre>
root@Toushirou:~# # count all entries
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | wc -l
5032
root@Toushirou:~# # check the regex
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | sed -n 's/.*ldap([^,]\+,\([^,)]\+\)\(,<[^>]\+>\)\?):.*/\1/p' | sort | uniq -c | sort -nr | awk '{print $1}' | paste -sd+ | bc
5029
root@Toushirou:~# # display the most used IPs
root@Toushirou:~# journalctl -g '(auth:.*unknown)' | sed -n 's/.*ldap([^,]\+,\([^,)]\+\)\(,<[^>]\+>\)\?):.*/\1/p' | sort | uniq -c | sort -nr | awk '{print $1}' | head -n 10
741
566
467
362
307
182
177
174
167
161
# There are 697 different IPs, the twenty most used produce 85% of the login failure.
</pre></p> DuckCorp Infrastructure - Tracking #688 (New): ansible/yarn: module bugshttps://projects.duckcorp.org/issues/6882020-04-01T03:34:47ZMarc Dequènesduck@duckcorp.org
<p>We need this PR to be accepted to get yarn working properly:<br /><a class="external" href="https://github.com/ansible/ansible/pull/50236">https://github.com/ansible/ansible/pull/50236</a></p>
<p>It is needed by the <em>thelounge</em> role.</p> DuckCorp Infrastructure - Bug #656 (New): Raise the backup system from the deadhttps://projects.duckcorp.org/issues/6562019-07-04T13:45:01ZMarc Dequènesduck@duckcorp.org
<p>Old files from Nicecity-OLD needs to be retrieved and put in the right place.</p>
<p>Then we need to resume the work around the new backup system which was left unfinished in <a class="issue tracker-2 status-7 priority-4 priority-default parent" title="Enhancement: Change Backup System (In Progress)" href="https://projects.duckcorp.org/issues/497">#497</a>.</p>
<p>If there's any reason to change our mind that's the right moment. I personally have no problem with the current plan.<br />If we go on then we need to create a new simpler burp role as explained by Pilou on IRC.</p> DuckCorp Infrastructure - Enhancement #652 (In Progress): Orfeo would like a brand new bodyhttps://projects.duckcorp.org/issues/6522019-05-08T16:47:00ZMarc Dequènesduck@duckcorp.org
<p>It is a followup of <a class="issue tracker-2 status-3 priority-4 priority-default closed parent" title="Enhancement: Toushirou would like a brand new body (Resolved)" href="https://projects.duckcorp.org/issues/537">#537</a> for Orfeo only.</p>
<p>Orfeo is old too and even if we do not need more power now it crashed last year for an undetermined reason and we should think of the future.</p>
<p>I'm still looking into the possibility of hosting it on a Elwing container using LXD. My internet connection is better even if not wonderful. And my complicated network config and Hivane L2TP tunnel are stable now. As we might never have the ability to change the machine in the current hosting I guess it's even more an interesting possibility to explore.</p> DuckCorp Infrastructure - Bug #603 (New): Organize Regular Maintenance taskshttps://projects.duckcorp.org/issues/6032017-09-30T16:24:50ZMarc Dequènesduck@duckcorp.org
<p>In the deprecated Admin wiki there was a page documenting this. I wish to raise this subject because this is such a pain to be alone doing all this and in the end I'm not doing all of them or not properly.</p>
The tasks (from the old wiki, including estimated workload level in parenthesis, with minor changes):
<ul>
<li>MP/DC Mailing-lists moderation (moderate): once per week, check Mailman pending posts</li>
<li><del>DSPAM special accounts and MP/DC Mailing-list accounts management (moderate): train and check quarantine</del> (removed, see <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: DSPAM has no future (Resolved)" href="https://projects.duckcorp.org/issues/435">#435</a>)</li>
<li>Reports check (high): check machines reports (logcheck, rkhunter, scripts report, ...) and fix urgent problems or add less-important ones to the todolist</li>
<li>Backup check (low): check backup is working well and not missing important data (once a month?) (monitoring may help)</li>
<li>Supervision check (moderate/high): check supervision on a regular basis and fix problems / tune settings</li>
<li>IRC maintenance (low): check linking / services / bots problems, and defends against devils' attacks</li>
</ul>
<p>The Reports check includes using the reports on the ML, some possibly only sent to root@, and an external mailbox hosted at Nerim (in case everything is down and for security alerts if an intruder hides its traces). This should be documented.</p>
This ticket is about:
<ul>
<li>clarifying:
<ul>
<li>the list or regular tasks</li>
<li>tasks check frequency</li>
<li>specific credentials and tooling necessary to accomplish these tasks</li>
</ul>
</li>
<li>deciding who can help on which task</li>
<li>improving workflow or tooling (might involve creating other tickets)</li>
<li>documenting all the previous points (we may use the Redmine wiki for this)</li>
</ul> mkcert - Bug #597 (New): Please review Ansible Vault supporthttps://projects.duckcorp.org/issues/5972017-09-24T06:21:13ZMarc Dequènesduck@duckcorp.org
<p>It has been made as less intrusive as possible to avoid introducing bugs. Most probably a rework of the path variables would be better but this is not the goal of this PR,</p> mkcert - Review #579 (New): Please review error handling fixeshttps://projects.duckcorp.org/issues/5792017-07-24T10:51:36ZMarc Dequènesduck@duckcorp.orgBip - Enhancement #343 (New): Allow to blreset all queries or all channelshttps://projects.duckcorp.org/issues/3432014-07-24T00:21:01ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p><code>blreset</code> command allows to reset backlog of an entire connection, a chan, a query.</p>
<p>Be able to reset all queries or all channels would be a nice feature.</p> Bip - Bug #342 (New): 'list connections' command doesn't display status of channelshttps://projects.duckcorp.org/issues/3422014-07-24T00:13:06ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>It seems that output of <code>list connections</code> command should use a suffix on channels without backlog: <a class="source" href="https://projects.duckcorp.org/projects/bip/repository/bip/entry/src/bip.c#L1395">source:src/bip.c#L1395</a>, but this is not the case.</p>
<p><code>list connections</code> doesn't display a suffix on any channel:</p>
<pre>
02:04:18 Pilou | list connections
[...]
02:04:18 -bip | * milkypond to milkypond as "pilou" (pilou!pilou) :
02:04:18 -bip | Options:
02:04:18 -bip | Channels (* with key, ` no backlog) #test #milkypond #DuckCorp
02:04:18 -bip | Status: connected !
</pre> Bip - Bug #341 (New): 'bip list connections' command should display querieshttps://projects.duckcorp.org/issues/3412014-07-24T00:01:23ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>The command <code>bip list connections</code> lists channels for all connections.</p>
<p>Queries could be listed too.</p> Bip - Bug #260 (New): Bad file descriptorhttps://projects.duckcorp.org/issues/2602011-11-09T07:48:24ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p>Bip exit with a FATAL error "Bad file descriptor"</p>
<p>Maybe related to <a class="issue tracker-1 status-1 priority-4 priority-default" title="Bug: Bip uses 100% CPU (New)" href="https://projects.duckcorp.org/issues/238">#238</a></p>
<p>Logs:<br /><pre>
09-11-2011 04:28:24 ERROR: read(fd=6): Connection lost: Success
09-11-2011 04:28:24 ERROR: Error while reading on fd 6
09-11-2011 04:28:24 ERROR: [oftc] read_lines error, closing...
09-11-2011 04:28:24 Broken socket: Connection reset by peer.
09-11-2011 04:28:24 ERROR: [oftc] reconnecting in 0 seconds
09-11-2011 04:28:24 FATAL: select(): Bad file descriptor
</pre></p> Bip - Bug #165 (New): doesn't load openssl support for sha-256 digesthttps://projects.duckcorp.org/issues/1652010-10-26T00:21:16ZPierre-Louis Bonicolipierre-louis.bonicoli@ir5.eu
<p><a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601021" class="external">Debian bug #601021</a></p>
<blockquote>
<p>As the subject says, bip doesn't make openssl load support for the sha-256<br />digest algorhytm. I've fixed a similar bug in fetchmail a while ago, see<br />Debian bug #576430 for a bit more info on the matter.<br />Attached is a simple patch that forces openssl to load support for everything<br />it knows :)<br />Sjoerd Simons</p>
</blockquote> MyCyma - Cosmetic #89 (New): Traduction Anglais>Françaishttps://projects.duckcorp.org/issues/892010-05-15T15:11:54ZJean-Marc Bonicoli
<p>Serait-il possible de traduire en français les noms des mois dans la liste déroulante qui apparaît lors de l'installation d'une nouvelle étape d'une oeuvre ? <br />[Voir copie d'écran en pièce jointe]</p> MyCyma - Cosmetic #85 (New): Correction orthographiquehttps://projects.duckcorp.org/issues/852010-05-15T12:09:55ZJean-Marc Bonicoli
<p>Mettre le mot "Support" au singulier dans la page de présentation d'une oeuvre (copie d'écran en pièce jointe).</p> MyCyma - Cosmetic #84 (New): Renommer l'intitulé d'un tableauhttps://projects.duckcorp.org/issues/842010-05-12T12:17:43ZJean-Marc Bonicoli
<p>Pour éviter une confusion entre position (dans une série) et position (d'un état) pouvons nous renommer dans la page "Étapes d'une oeuvre" le champ "Position" en "Étape". (Voir copie d'écran en pièce jointe).</p>