Am Freitag, 29. November 2019, 10:42:20 CET schrieb Lars Vogdt:
Am Fri, 29 Nov 2019 07:07:41 +0100 schrieb Karol
Do we/you have a list / overview of those :-)?
Well: partly ;-)
All I have so far are the results of the scan - and this list only
includes services which ended on the radar of the scanner...
I'd say the list isn't too long if you look at the endpoints:
- OBS (not in the heroes network)
Maybe I missed a single system which doesn't get routed via proxy.o.o or
login2.o.o, but the fact that most services get routed via haproxy or
login2.o.o makes this much easier.
The alternative solution is to monitor all the domains listed in
pillar/id/*, but maybe that's a bit too much.
, news, lizards, bugzilla and forums still have terribly old SSL
settings, but that's something to fix after migrating them away from
It might make
sense to monitor those for:
- certificate expiration
- cipher suite settings (to stay up on speed on security)
Agreed. It even makes sense to deploy the settings via Salt... ;-)
For both of your questions even exist functional
monitoring checks -
they just need to be enabled for the right service.
See above ;-)
In short: I'm working on it. Sadly not as fast as
I want to. But even
slow progress is progress here.
Yeah, thanks for working on this!
[Netscape 4] Wer heute noch mit nem Browser rumsurft, der Standards von
1998 nicht korrekt umzusetzen vermag, der soll ruhig ein bisserl drunter
leiden, nicht nur der Webdesigner ;-) [Manfred Tremmel in suse-linux]
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org