IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 16:51:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
e536824425
freeipa/ipaserver/install
History
Cédric Jeanneret 6c27104467 Prevents DNS Amplification Attack and allow to customize named 
While [1] did open recursion, it also opened widely a security flaw.

This patch intends to close it back, while allowing operators to easily
add their open configuration within Bind9.

In order to allow operators to still open Bind recursion, a new file is
introduced, "ipa-ext.conf" (path might change according to the OS). This
file is not managed by the installer, meaning changes to it won't be
overridden.
Since it's included at the very end of the main configuration file, it
also allows to override some defaults - of course, operators have to be
careful with that.

Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1754530
Fixes: https://pagure.io/freeipa/issue/8079

[1] 5f4c75eb28

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2019-11-12 10:49:49 +02:00
..
plugins Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
server Prevents DNS Amplification Attack and allow to customize named 2019-11-12 10:49:49 +02:00
__init__.py Remove __all__ specifications in ipaclient and ipaserver.install 2013-09-06 15:42:33 +02:00
adtrust.py Remove unreachable code 2019-07-01 13:21:21 +02:00
adtrustinstance.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
bindinstance.py Prevents DNS Amplification Attack and allow to customize named 2019-11-12 10:49:49 +02:00
ca.py move MSCSTemplate classes to ipalib 2019-07-17 17:58:58 +03:00
cainstance.py Disable dogtag cert publishing 2019-09-25 11:38:31 -04:00
certs.py Replace replication_wait_timeout with certmonger_wait_timeout 2019-09-04 14:52:14 +02:00
conncheck.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
custodiainstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
dns.py Use api.env.container_masters 2019-03-28 00:21:00 +01:00
dnskeysyncinstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
dogtag.py Verify pki ini override early 2019-04-10 13:43:23 +02:00
dogtaginstance.py Log dogtag auth timeout in install, provide hint to increase it 2019-09-04 14:52:14 +02:00
dsinstance.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
httpinstance.py Replace replication_wait_timeout with certmonger_wait_timeout 2019-09-04 14:52:14 +02:00
installutils.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
ipa_backup.py Prevents DNS Amplification Attack and allow to customize named 2019-11-12 10:49:49 +02:00
ipa_cacert_manage.py move MSCSTemplate classes to ipalib 2019-07-17 17:58:58 +03:00
ipa_cert_fix.py avoid realm_to_serverid deprecation warning 2019-05-29 12:49:27 +10:00
ipa_crlgen_manage.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
ipa_kra_install.py Add pki.ini override option 2019-04-10 13:43:23 +02:00
ipa_ldap_updater.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
ipa_otptoken_import.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
ipa_pkinit_manage.py PKINIT: fix ipa-pkinit-manage enable|disable 2018-12-05 11:06:21 +01:00
ipa_replica_install.py Enable replica install info logging to match ipa-server-install 2018-11-01 13:08:58 +01:00
ipa_restore.py ipa-restore: Restore ownership and perms on 389-ds log directory 2019-09-23 09:27:28 -04:00
ipa_server_certinstall.py Move realm_to_serverid/ldap_uri to ipaldap 2019-02-05 08:39:13 -05:00
ipa_server_install.py Improve console logging for ipa-server-install 2018-06-20 08:38:03 +02:00
ipa_server_upgrade.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipa_winsync_migrate.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipactl.py ipa_client_automount.py and ipactl.py: fix codestyle 2019-06-28 10:53:07 +02:00
kra.py krainstance: set correct issuer DN in uid=ipakra entry 2019-10-17 08:17:46 +02:00
krainstance.py upgrade: fix ipakra people entry 'description' attribute 2019-10-17 08:17:46 +02:00
krbinstance.py Move certauth configuration into a server krb5.conf template 2019-09-10 12:33:21 +03:00
ldapupdate.py Skip commented lines after substitution 2019-11-05 11:48:28 -05:00
odsexporterinstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
opendnssecinstance.py Add ODS manager abstraction to ipaplatform 2019-04-24 14:08:20 +02:00
otpdinstance.py Enable pylint missing-final-newline check 2015-12-23 07:59:22 +01:00
replication.py Add missing timeout option to logging statement 2019-09-05 09:15:23 +02:00
schemaupdate.py logging: do not use ipa_log_manager to create module-level loggers 2017-07-14 15:55:59 +02:00
service.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
sysupgrade.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
upgradeinstance.py Move realm_to_serverid/ldap_uri to ipaldap 2019-02-05 08:39:13 -05:00