This repository was archived by the owner on Oct 7, 2025. It is now read-only.
Bug fixes 2.x pr devel 2.x #1951
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Supporting a fixed PHP version with a fixed port number. * Accidently re-added the old VPN role - re-deleting! * Handling allowing client config template for ovpn to have an FQDN. * Let's not assume port 1194 for ovpn.
* Supporting a fixed PHP version with a fixed port number. * Accidently re-added the old VPN role - re-deleting! * Handling allowing client config template for ovpn to have an FQDN. * Let's not assume port 1194 for ovpn. * Tweaking FQDN handling in ovpn.
* Adding volume handling options for Packer. * Missed a comma in the template, plus adding docs.
* Upading-ssl-vars * Building-docs
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Changing import_role to include_vars for vars only Wazuh roles. * We cannot use the _domain_name var in this context.
* Switching-key-server * Switching-key-server-mysql * Fixing-empty-line
* Fixing-mysql-role * Fixing-linting
* r68801-r67628-gzip-nginx-cloudfront * r68801-r67628-gzip-nginx-cloudfront * remove test tasks * remove test tasks * remove test tasks
* Making Duplicity use venvs. * Installing venvs as the correct user. * Setting Duplicity user back to root and installing 'fasteners' in the venv. * Duplicity --s3-european-buckets option deprecated.
* Adding new Python pip package role. * Updating NGINX and Boto3 roles to use the new Python pip role. * Moving Ansible install to _init. * Detecting connection type before installing Ansible. * The _init role should not generate SSH keys and ce_provision should optionally install a new user. * Updating documentation. * Switching to using the user_provision role for controller user in _init. * Allowing for ce_provision to install Ansible in another location. * Passing vars to the core Ansible install. * We will need linters if the system didn't install them. * Duplicity role doesn't need to ensure permissions, it's done in python_pip_packages already. * Allowing ce-provision to set a different UID from the system user.
* Stopping NGINX dropping a proxy vhost for LE if we have a services[] list. * Adding the new Mailpit role. * Updating docs. * Variable name typo. * Adding a mailpit_open firewall rule to make life easier in containers. * Final pass of Mailpit role, now works straight away in containers.
* Minor docs update for ASG role. * Adding logic to check if extra domains are in our SAN certificate already. * Fixing SAN cert list creation. * Simplying SAN look-up, sticking to selected certificate. * Ensure we have a SAN domains list before trying to loop over it. * Moving post-create ACM actions to a block. * Adding variable to store obsolete ARN in, could be useful. * Fixing bug with ACM certificate lookup, using ARN instead of domain to avoid multiple responses.
* Making Bookworm the default base distro. * Updating default volume type for EC2 instances to gp3. * Allow the setting of base AMI filter for Packer in ASG role. * Updating ASG docs.
* Moving SSL handling to a separate tasks file. * Making more NGINX settings available for modification. * Allowing more variables to be set for PHP-FPM and the cli. * Adding template line-break for NGINX _common config for style.
* Fixing timer backup job for LDAP servers. * Setting path to LDAP server backup log.
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Adding-ami-cleanup-role * adding-domain-name-in-scheduler-to-differ-if-multiple-ASGs-are-in-same-region --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* r68801-improve-caching-behavior-and-some-nginx-fixes * r68801-improve-caching-behavior-and-some-nginx-fixes * add_header to variable * add_header to variable * remove extra ; * MOAR blocks
* moving-assume-role-to-files-folder * Changing-lookup-function * Changing-lookup-function-2 --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
…1593) Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
…rnish (#1750) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish * Fix variable naming and comment * Implement keep_default_vhost setting
* Filebeat-restart-task-wazuh * Fixing-wazuh-filebeat-restart
* Fixing-backup-validation-role-plicies * Adding-parts-for-VPC-and-SG * Adding-region-to-vpc-and-subnet-tasks * Adding-region-to-vpc-and-subnet-tasks-2 * Updating-vars-for-vpc-and-subnet * Updating-vars-for-vpc-and-subnet-2 * Updating-vars-for-vpc-and-subnet-3 * Adding-json-file-for-restore-testing * Changing-user-where-json-file-is-generated * Updating-json-file-location * Updating-path-to-j2-file * Changing-force-valkue * Testing-file-creation * Testing-file-creation-via-command-task * Adding-motd-to-exit-role * Commenting-out-task-that-will-fail * Fixing-pipefail * Fixing-syntax-issue --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Motd-task-update * Restoring-deleted-task
* Fixing-backup-validation-role-plicies * Fixing-motd-task-when-running-on-localhost * Updating-when-statement * Adding-become-true-on-motd-update --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * fix_var_logic
* Pushing-aws-backup-validation-role * Fixing-linting --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Reverting-nginx-username * Minor-fix-nginx-username
…ug_fixes_2.x-PR-devel-2.x
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 5773360 | Triggered | Generic Password | 65f72f4 | install.sh | View secret |
| 5773360 | Triggered | Generic Password | 4fa0f63 | install.sh | View secret |
| 5773360 | Triggered | Generic Password | c6f95bb | install.sh | View secret |
| 11380256 | Triggered | Username Password | 7fe424b | roles/debian/wazuh/defaults/main.yml | View secret |
| 11380256 | Triggered | Username Password | bb1d5cd | roles/debian/wazuh/defaults/main.yml | View secret |
| 11380256 | Triggered | Username Password | e901344 | roles/debian/wazuh/defaults/main.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
|
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 5773360 | Triggered | Generic Password | 65f72f4 | install.sh | View secret |
| 5773360 | Triggered | Generic Password | 4fa0f63 | install.sh | View secret |
| 5773360 | Triggered | Generic Password | c6f95bb | install.sh | View secret |
| 11380256 | Triggered | Username Password | 7fe424b | roles/debian/wazuh/defaults/main.yml | View secret |
| 11380256 | Triggered | Username Password | bb1d5cd | roles/debian/wazuh/defaults/main.yml | View secret |
| 11380256 | Triggered | Username Password | e901344 | roles/debian/wazuh/defaults/main.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.