This repository was archived by the owner on Oct 7, 2025. It is now read-only.
Bug fixes 2.x pr devel 2.x #1961
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Changing import_role to include_vars for vars only Wazuh roles. * We cannot use the _domain_name var in this context.
* Switching-key-server * Switching-key-server-mysql * Fixing-empty-line
* Fixing-mysql-role * Fixing-linting
* r68801-r67628-gzip-nginx-cloudfront * r68801-r67628-gzip-nginx-cloudfront * remove test tasks * remove test tasks * remove test tasks
* Making Duplicity use venvs. * Installing venvs as the correct user. * Setting Duplicity user back to root and installing 'fasteners' in the venv. * Duplicity --s3-european-buckets option deprecated.
* Adding new Python pip package role. * Updating NGINX and Boto3 roles to use the new Python pip role. * Moving Ansible install to _init. * Detecting connection type before installing Ansible. * The _init role should not generate SSH keys and ce_provision should optionally install a new user. * Updating documentation. * Switching to using the user_provision role for controller user in _init. * Allowing for ce_provision to install Ansible in another location. * Passing vars to the core Ansible install. * We will need linters if the system didn't install them. * Duplicity role doesn't need to ensure permissions, it's done in python_pip_packages already. * Allowing ce-provision to set a different UID from the system user.
* Stopping NGINX dropping a proxy vhost for LE if we have a services[] list. * Adding the new Mailpit role. * Updating docs. * Variable name typo. * Adding a mailpit_open firewall rule to make life easier in containers. * Final pass of Mailpit role, now works straight away in containers.
* Minor docs update for ASG role. * Adding logic to check if extra domains are in our SAN certificate already. * Fixing SAN cert list creation. * Simplying SAN look-up, sticking to selected certificate. * Ensure we have a SAN domains list before trying to loop over it. * Moving post-create ACM actions to a block. * Adding variable to store obsolete ARN in, could be useful. * Fixing bug with ACM certificate lookup, using ARN instead of domain to avoid multiple responses.
* Making Bookworm the default base distro. * Updating default volume type for EC2 instances to gp3. * Allow the setting of base AMI filter for Packer in ASG role. * Updating ASG docs.
* Moving SSL handling to a separate tasks file. * Making more NGINX settings available for modification. * Allowing more variables to be set for PHP-FPM and the cli. * Adding template line-break for NGINX _common config for style.
* Fixing timer backup job for LDAP servers. * Setting path to LDAP server backup log.
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Adding-ami-cleanup-role * adding-domain-name-in-scheduler-to-differ-if-multiple-ASGs-are-in-same-region --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* r68801-improve-caching-behavior-and-some-nginx-fixes * r68801-improve-caching-behavior-and-some-nginx-fixes * add_header to variable * add_header to variable * remove extra ; * MOAR blocks
* moving-assume-role-to-files-folder * Changing-lookup-function * Changing-lookup-function-2 --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
…1593) Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* nginx-config-backup-and-cleaup-vhosts-on-rebuild * change module from command to unarchive * change module from command to unarchive
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
…vhost as the LE proxy handling may not be there if SSL wasn not configured before, and the vhost will not be there as we are recreating them by default (#1601)
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* r68069-alb-healthchecks-and-nginx * r68069-alb-healthchecks-and-nginx * r68069-alb-healthchecks-and-nginx * r68069-nice-indentation
* r69332-le-cron-mail-alerts * Changing-recipient-to-var * Changing-recipient-to-var-2 * Fixing-email-var * Fixing-email-var-2
* Fixing AWS ACL role defaults. * Docs update. * Punctuation fix!
* Fixing-backup-validation-role-plicies * Adding-parts-for-VPC-and-SG * Adding-region-to-vpc-and-subnet-tasks * Adding-region-to-vpc-and-subnet-tasks-2 * Updating-vars-for-vpc-and-subnet * Updating-vars-for-vpc-and-subnet-2 * Updating-vars-for-vpc-and-subnet-3 * Adding-json-file-for-restore-testing * Changing-user-where-json-file-is-generated * Updating-json-file-location * Updating-path-to-j2-file * Changing-force-valkue * Testing-file-creation * Testing-file-creation-via-command-task * Adding-motd-to-exit-role * Commenting-out-task-that-will-fail * Fixing-pipefail * Fixing-syntax-issue --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Motd-task-update * Restoring-deleted-task
* Fixing-backup-validation-role-plicies * Fixing-motd-task-when-running-on-localhost * Updating-when-statement * Adding-become-true-on-motd-update --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * fix_var_logic
* Pushing-aws-backup-validation-role * Fixing-linting --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Reverting-nginx-username * Minor-fix-nginx-username
…ug_fixes_2.x-PR-devel-2.x
* Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role.
* r70597 new system role for ipv6 disablement * fix linting problem * add readme for system role
Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
* Fixing-json-file-for-restore-testing * Missing-coma-in-json --------- Co-authored-by: Matej Stajduhar <matej.stajduhar@codeenigma.com>
Co-authored-by: filip <filip.rupic@codeenigma.com>
…ug_fixes_2.x-PR-devel-2.x
|
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 5773360 | Triggered | Generic Password | 65f72f4 | install.sh | View secret |
| 5773360 | Triggered | Generic Password | 4fa0f63 | install.sh | View secret |
| 5773360 | Triggered | Generic Password | c6f95bb | install.sh | View secret |
| 11380256 | Triggered | Username Password | 7fe424b | roles/debian/wazuh/defaults/main.yml | View secret |
| 11380256 | Triggered | Username Password | bb1d5cd | roles/debian/wazuh/defaults/main.yml | View secret |
| 11380256 | Triggered | Username Password | e901344 | roles/debian/wazuh/defaults/main.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.