Set of tools to help system administrator with maintenance and security of Debian systems.

guillaume 875eeae9b8 concierge-permaudit: new rules for postfix, wireguard 6 months ago
doc 78ca8cb71e concierge-backup: update example conf 10 months ago
src 875eeae9b8 concierge-permaudit: new rules for postfix, wireguard 6 months ago
LICENSE 8d37b49033 add LICENSE file 1 year ago
README.md 1459d74154 update doc 10 months ago

README.md

Concierge is set of tools to help with the maintenance of Debian systems.

Upon installation, the package installs a daily cron task to validate the system's configuration.

Goals

Notify upon issues. Keep noise to a minimum. Keep configuration to a minimum.

Tools

concierge-backup

Create local and remote backups of directories, and databases.

By default, the backup include:

  • Directories: /etc, /var/mail
  • Databases: ejabberd, MySQL/MariaDB, and PostgreSQL

Configuration: /etc/concierge/backup.cfg

Dependency: borgbackup

concierge-validate

Validate system configuration.

Configuration: none

concierge-permaudit

Audit filesystem permissions for possible security issues:

  • World-readable private keys (ssh, Let's Encrypt) and passwords (Git, SVN, Sympa, Dolibarr, ...)
  • World-writable configuration files and scripts (/etc/init.d/*, /etc/profile, ...)
  • World-writable executable search path (ie $PATH), or perl/python/ruby search path
  • Process running a world-writable executable, or world-writable bash/perl/python script
  • Sensitive information stored in the wrong place (passwords in /etc/passwd rather than /etc/shadow)

This tool only does file permissions checks, and does it imperfectly. You should not rely on this single tool for security auditing.

Configuration: none

concierge-status

Check system status.

Configuration: none