wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-20 08:07:09 +02:00
Code Issues Projects Releases Wiki Activity
895 commits 5 branches 2 tags 10 MiB
Commit graph

36 commits

Author SHA1 Message Date
David Myers
66681521c1 Increase memory limit for dnsmasq (#1228) 
* Increase memory limit for dnsmasq

* Increase memory limit for dnsmasq further
 2018-12-03 12:32:23 -05:00
David Myers
8d23f715d7 Run adblock.sh at a random time (#1227) 2018-12-03 15:33:36 +01:00
Jack Ivanov
e8947f318b Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 2018-08-27 10:05:45 -04:00
David Myers
b86ebe20d7 Prevent DNS rebinding (#1049) 2018-08-08 00:25:33 -04:00
Fabian Foerg
3ddd0ac30f Run dnsmasq as the dnsmasq user (#1029) 
* Run dnsmasq as the dnsmasq user

There is a task that checks whether the dnsmasq user exists.
However, dnsmasq is configured to run as user "nobody" instead.
This change lets dnsmasq run as user "dnsmasq".

* remove dnsmasq user task
 2018-07-30 09:01:49 -04:00
Jack Ivanov
c82bd8c5ff DNS-over-HTTPS (#875) 2018-04-25 12:27:58 -07:00
Jack Ivanov
3b19f13082 Enable no-resolv (#816) 2018-03-12 12:00:48 -04:00
Jack Ivanov
02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 2018-03-02 07:55:54 -05:00
Micah R Ledbetter
5eed1bbba4 Use dns_servers in dnsmasq.conf (#794) 2018-01-27 12:01:12 -08:00
Marcelo Elizeche Landó
07a1c70bf4 Update adblock.sh for systemd to fix issue #735 (#736) 
* Update script to restart the dnsmasq service using systemctl(systemd) command instead of service(Upstart)

* Use  instead of legacy  REF: https://github.com/koalaman/shellcheck/wiki/SC2006

* Replace non-standard egrep(deprecated) for grep -E. REF: https://github.com/koalaman/shellcheck/wiki/SC2196
 2017-11-21 00:50:05 -05:00
Jack Ivanov
8da53f859b Some browsers (eg. Safari) stop loading pages if the element with ads can't be loaded (#633) 2017-07-23 14:23:57 -04:00
Jack Ivanov
a8ebb16437 Enable timeouts. Fixes #581 2017-06-05 17:33:03 +02:00
Rod Vagg
75d64ac018 Make DNS blocklist URLs configurable (#548) 2017-05-15 12:39:34 +02:00
Ruben Jongejan
07ddb5863b improved readability with native yaml (#530) 2017-05-08 16:34:24 -04:00
Jack Ivanov
97369c303a define local_dns if dns tag used (#533) 2017-05-08 16:33:30 -04:00
Jack Ivanov
bd348af9c2 Implementing blocks and additional fail hints #487 (#497) 
change the troubleshooting url
 2017-04-29 10:48:25 -04:00
Jack Ivanov
c3fcfe5d0d Let users choose the distro version #449 (#466) 
Make dpdaction great again

add 1704 to travis

Make EC2 image name more convenient

modify apparmor profile
 2017-04-22 17:06:10 -04:00
Jack Ivanov
a7b06058cb remove the proxy role #440 (#457) 
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
 2017-04-20 18:00:17 -04:00
Josh Soref
84bbcb88d0 Spelling fixes (#342) 
* spelling: algorithm

* spelling: bertrand

* spelling: between

* spelling: checking

* spelling: conjunction

* spelling: contributor

* spelling: delimited

* spelling: fashion

* spelling: droplet

* spelling: javascript

* spelling: nameserver

* spelling: obligatory

* spelling: official

* spelling: overridden

* spelling: overwrite

* spelling: parameter

* spelling: suppressing
 2017-04-02 19:14:38 -04:00
Jack Ivanov
6facb6cb4f FreeBSD / HardenedBSD (#262) 
* FreeBSD draft

ifconfig fix

Pre-tasks fixes

fix hardcoded IP

some refactoring

disable system-based tags

disable freebsd tags

FreeBSD vpn role

add defaults

ssh role freebsd

default fix

dns_adblocking freebsd

ubuntu dict fix

* HardenedBSD

update-users BSD

* Rebuild the kernel

docs changing
 2017-03-18 12:22:07 +03:00
Jack Ivanov
2798f84d3f ensure that apparmor is supported by the kernel #215 2017-01-16 00:19:57 +03:00
Jack Ivanov
cbf59addb3 additional tags 2017-01-11 21:02:41 +03:00
Jack Ivanov
2cca45c967 additional tags 2016-10-10 15:32:14 +03:00
Jack Ivanov
91688324ce additional functions 2016-08-28 23:19:41 +03:00
Dan Guido
27421070b9 linting 2016-08-24 09:22:04 +02:00
Jack Ivanov
19797bc020 CPU and memory limitations of the services #63 2016-08-23 16:10:42 +03:00
Defunct
50f43dc601 revert systemd changes (2.2 only), identation normalization; 2016-08-23 02:02:57 +00:00
Evgeniy Ivanov
ba50abce8a make local ip changeable #67 2016-08-21 13:29:53 +03:00
Colin Mahns
1fbe1b63f8 HTTPS for domains that support it 
hosts-file.net and malwaredomainlist.com has optional TLS, adaway.org forces it server side
 2016-08-20 14:48:31 -04:00
Colin Mahns
6c81b86c92 Link to MVPS Hosts file directly 
http://www.mvps.org/winhelp2002/hosts.txt redirects to http://winhelp2002.mvps.org/hosts.txt automatically, saves a step
 2016-08-20 14:40:33 -04:00
Evgeniy Ivanov
53f60e33d8 random tmp names #64 2016-08-20 17:45:35 +03:00
Evgeniy Ivanov
3864f8104d adblock.sh as an unprivileged user; Store the whitelists in /var/; #64 2016-08-20 17:25:06 +03:00
Evgeniy Ivanov
4b2ae71ffe Tighten the dnsmasq AppArmor policy #62 2016-08-20 16:49:34 +03:00
Evgeniy Ivanov
3fa75a081d new iptabes deployment #61 2016-08-20 16:22:14 +03:00
Evgeniy Ivanov
cfc38e3df1 Drop SMB traffic ##61 2016-08-20 15:19:46 +03:00
Evgeniy Ivanov
4f46cc221a Split the features role in two #49 2016-08-17 23:26:21 +03:00