Hello, Am Freitag, 29. November 2019, 10:42:20 CET schrieb Lars Vogdt:
Am Fri, 29 Nov 2019 07:07:41 +0100 schrieb Karol Babioch:
Do we/you have a list / overview of those :-)?
Well: partly ;-) All I have so far are the results of the scan - and this list only includes services which ended on the radar of the scanner...
I'd say the list isn't too long if you look at the endpoints: - anna - elsa - daffy1 - daffy2 - status.o.o - status2.o.o - download.o.o - provo-mirror - OBS (not in the heroes network) Maybe I missed a single system which doesn't get routed via proxy.o.o or login2.o.o, but the fact that most services get routed via haproxy or login2.o.o makes this much easier. The alternative solution is to monitor all the domains listed in pillar/id/*, but maybe that's a bit too much. (www.o.o, news, lizards, bugzilla and forums still have terribly old SSL settings, but that's something to fix after migrating them away from MF-IT.)
It might make sense to monitor those for:
- certificate expiration - cipher suite settings (to stay up on speed on security)
Agreed. It even makes sense to deploy the settings via Salt... ;-)
Indeed.
For both of your questions even exist functional monitoring checks - they just need to be enabled for the right service.
See above ;-)
In short: I'm working on it. Sadly not as fast as I want to. But even slow progress is progress here.
Yeah, thanks for working on this! Regards, Christian Boltz -- [Netscape 4] Wer heute noch mit nem Browser rumsurft, der Standards von 1998 nicht korrekt umzusetzen vermag, der soll ruhig ein bisserl drunter leiden, nicht nur der Webdesigner ;-) [Manfred Tremmel in suse-linux] -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org