|  |  | @2713 | 10 years | andersk | Enable OCSP stapling
No particular security benefit since we don’t ... | 
                
                  |  |  | @2712 | 10 years | andersk | Update OpenAFS to 1.6.12 | 
                
                  |  |  | @2711 | 10 years | andersk | Remove configuration for rcc-d7dev.mit.edu [help.mit.edu #3276770] | 
                
                  |  |  | @2710 | 10 years | andersk | Path change for dnd.mit.edu [help.mit.edu #3276705] | 
                
                  |  |  | @2709 | 10 years | achernya | Add some spam sources to the blacklist | 
                
                  |  |  | @2708 | 10 years | andersk | Remove temporary outgoing port 25 exemption for cssa | 
                
                  |  |  | @2707 | 10 years | andersk | Install /usr/sbin/suexec with mode 555, not 510
achernya noticed that ... | 
                
                  |  |  | @2706 | 10 years | achernya | Reify leee.mit.edu to pick up new docroot | 
                
                  |  |  | @2705 | 10 years | achernya | Fix up techfair after rename to techx | 
                
                  |  |  | @2704 | 10 years | andersk | Remove configuration for bakerfoundation, nudelta | 
                
                  |  |  | @2703 | 10 years | andersk | Disable /.well-known/acme-challenge
This will prevent users from ... | 
                
                  |  |  | @2702 | 10 years | andersk | Certificate and configuration for 6005 [help.mit.edu #3262093] | 
                
                  |  |  | @2701 | 10 years | andersk | Log connections to localhost port 25 | 
                
                  |  |  | @2700 | 10 years | andersk | Block outgoing port 25
Exceptions are made for localhost, ... | 
                
                  |  |  | @2699 | 10 years | andersk | Remove joss-whedon | 
                
                  |  |  | @2698 | 10 years | achernya | Add joss-whedon | 
                
                  |  |  | @2697 | 10 years | andersk | Fix mixed content in scripts-special pages
Chrome now complains about ... | 
                
                  |  |  | @2696 | 10 years | andersk | Certificate and configuration for bots [help.mit.edu #3239167] | 
                
                  |  |  | @2695 | 11 years | andersk | Update krb5 to 1.11.5-19.fc20 | 
                
                  |  |  | @2694 | 11 years | btidor | Certificate and configuration for leee.mit.edu | 
                
                  |  |  | @2693 | 11 years | btidor | Add a CSR-generating script | 
                
                  |  |  | @2692 | 11 years | btidor | Use SHA-256 to sign CSRs (in case it makes a difference) | 
                
                  |  |  | @2691 | 11 years | btidor | Rename obsolete private key | 
                
                  |  |  | @2690 | 11 years | andersk | Certificate and configuration for rcc-d7dev [help.mit.edu #3182781] | 
                
                  |  |  | @2689 | 11 years | geofft | Certificate and configuration for mafia-app [help.mit.edu #3182926] | 
                
                  |  |  | @2688 | 11 years | geofft | Remove SSL configuration for mitchief
The certificate has expired and ... | 
                
                  |  |  | @2687 | 11 years | geofft | Add missing intermediate for ldpreload.com
Some CA bundles, notably ... | 
                
                  |  |  | @2686 | 11 years | geofft | Certificate renewal for luke.wf / www.luke.wf
This uses the 2048-bit ... | 
                
                  |  |  | @2685 | 11 years | mitchb | Let's not create self-signed CAs
You know, while we're fixing that ... | 
                
                  |  |  | @2684 | 11 years | geofft | reify-vhost.py: Remove comment about removing SSLCertificateKeyFile ... | 
                
                  |  |  | @2683 | 11 years | andersk | install-howto: Update openssl commands for modern crypto
Just in case ... | 
                
                  |  |  | @2682 | 11 years | geofft | Certificate renewal for ldpreload.com
This uses the 2048-bit key and ... | 
                
                  |  |  | @2681 | 11 years | geofft | Remove three vhosts that are no longer hosted by scripts | 
                
                  |  |  | @2680 | 11 years | andersk | Update krb5 to 1.11.5-18.fc20 | 
                
                  |  |  | @2679 | 11 years | andersk | Add missing mock configuration for scripts-fc20-i386 | 
                
                  |  |  | @2678 | 11 years | andersk | 403 error: add another case for documents that the server cannot read | 
                
                  |  |  | @2677 | 11 years | andersk | Also move noaccount page to local disk | 
                
                  |  |  | @2676 | 11 years | andersk | Move /__scripts to local disk | 
                
                  |  |  | @2675 | 11 years | andersk | Don’t override ErrorDocument 403 in .htaccess | 
                
                  |  |  | @2674 | 11 years | andersk | Show a more informative error for directories with missing index.html | 
                
                  |  |  | @2673 | 11 years | andersk | Update httpd | 
                
                  |  |  | @2672 | 11 years | andersk | Update allowed-setugid.list
Prune members that are no longer ... | 
                
                  |  |  | @2671 | 11 years | andersk | Update OpenAFS to 1.6.11pre2 | 
                
                  |  |  | @2670 | 11 years | quentin | Allow specifying full e-mail addresses for purge-{from,to} | 
                
                  |  |  | @2669 | 11 years | quentin | The log file is named suexec_log, not suexec.log | 
                
                  |  |  | @2668 | 11 years | andersk | check_afs: styx is more critical than cocytus | 
                
                  |  |  | @2667 | 11 years | andersk | check_afs: Add test for getcwd bug | 
                
                  |  |  | @2666 | 11 years | andersk | Update openssh to 6.4p1-8.fc20
Fedora’s new patch ... | 
                
                  |  |  | @2665 | 11 years | andersk | Enable procmail -p (preserve environment)
This lets procmail inherit ... | 
                
                  |  |  | @2664 | 11 years | andersk | check-users: Improve error diagnosis and script hygiene | 
                
                  |  |  | @2663 | 11 years | achernya | Certificate and configuration for olivetti | 
                
                  |  |  | @2662 | 11 years | quentin | Fix comment. Thanks geofft. | 
                
                  |  |  | @2661 | 11 years | quentin | Block laublab from mail usage. | 
                
                  |  |  | @2660 | 11 years | achernya | Certificate and configuration for 6005scripts.csail | 
                
                  |  |  | @2659 | 11 years | andersk | OpenAFS: upgrade to 1.6.11pre1, plus patch for d_alias change | 
                
                  |  |  | @2658 | 11 years | quentin | prune-mailq usage improvements and postcat | 
                
                  |  |  | @2657 | 11 years | quentin | Add features to prune-mailq show_rand | 
                
                  |  |  | @2656 | 11 years | adehnert | Disable postqueue -f and mailq for normal users
postqueue -f seems ... | 
                
                  |  |  | @2655 | 11 years | andersk | openafs: Linux: d_splice_alias may drop inode reference on error
 ... | 
                
                  |  |  | @2654 | 11 years | btidor | Site disabled; update reified vhost | 
                
                  |  |  | @2653 | 11 years | btidor | Locker emit renamed to commit | 
                
                  |  |  | @2652 | 11 years | quentin | Block mail for compromised accounts | 
                
                  |  |  | @2651 | 11 years | quentin | Add required module for logging | 
                
                  |  |  | @2650 | 11 years | andersk | Disable Service Workers on scripts/~ URLs | 
                
                  |  |  | @2649 | 11 years | andersk | openafs: Fix some afs_conn overcounts
Patch from ... | 
                
                  |  |  | @2648 | 11 years | achernya | Certificate renewal for davidben.net | 
                
                  |  |  | @2647 | 11 years | achernya | Certificate renewal for *.lizdenys.com | 
                
                  |  |  | @2646 | 11 years | achernya | Another  block | 
                
                  |  |  | @2645 | 11 years | achernya | A block | 
                
                  |  |  | @2644 | 11 years | andersk | OpenAFS: avoid mvid NULL deref in check_bad_parent
Patch from ... | 
                
                  |  |  | @2643 | 11 years | achernya | Block harder | 
                
                  |  |  | @2642 | 11 years | mitchb | Certificate and vhost config for donut-api | 
                
                  |  |  | @2641 | 11 years | andersk | OpenAFS: drop from -fakestat-all to -fakestat | 
                
                  |  |  | @2640 | 11 years | achernya | Block more spam | 
                
                  |  |  | @2639 | 11 years | andersk | Add OpenAFS patches for Linux 3.17 | 
                
                  |  |  | @2638 | 11 years | andersk | vhostedit: Allow editing multiple vhosts simultaneously | 
                
                  |  |  | @2637 | 11 years | andersk | Upgrade to OpenAFS 1.6.10; new patch for Scripts #387? | 
                
                  |  |  | @2636 | 11 years | glasgall | Ignore virtual filesystems under /sys on ldap hosts. Because selinux ... | 
                
                  |  |  | @2635 | 11 years | andersk | Update SSLCipherSuite from Mozilla guidelines version 3.3 | 
                
                  |  |  | @2634 | 11 years | andersk | openafs: Update force_drop patch to log more information requested by ... | 
                
                  |  |  | @2633 | 11 years | andersk | openafs: we beseech thee, raineth not thine ENOENT upon thy callers of ... | 
                
                  |  |  | @2632 | 11 years | andersk | Disable SSL 3.0
SSL 3.0 is only required by IE 6 on Windows XP, both ... | 
                
                  |  |  | @2631 | 11 years | achernya | Add configuration for www.achernya.com since the cert is for that too | 
                
                  |  |  | @2630 | 11 years | achernya | Certificate and configuration for vasilvv.org | 
                
                  |  |  | @2629 | 11 years | achernya | Certificate and configuration for log.vasilvv.org | 
                
                  |  |  | @2628 | 11 years | achernya | Hidden intermediate is hidden | 
                
                  |  |  | @2627 | 11 years | achernya | Certificate renewal for achernya.com | 
                
                  |  |  | @2626 | 11 years | achernya | scripts.mit.edu and *.scripts.mit.edu sha256 certs | 
                
                  |  |  | @2625 | 11 years | andersk | Patch httpd crash when using SSL variables on non-SSL connections
 ... | 
                
                  |  |  | @2624 | 11 years | achernya | SHA256 MITcert renewals | 
                
                  |  |  | @2623 | 11 years | achernya | SHA256 renewal for feed.mit.edu | 
                
                  |  |  | @2622 | 11 years | achernya | Block a spammy user | 
                
                  |  |  | @2621 | 11 years | andersk | Enforce a modern TLS cipher suite order
This configuration was copied ... | 
                
                  |  |  | @2620 | 11 years | andersk | Revert r2619 “bash: Disable function imports”
The fixes applied in ... | 
                
                  |  |  | @2619 | 11 years | andersk | bash: Disable function imports
The upstream fix for CVE-2014-6271 ... | 
                
                  |  |  | @2618 | 11 years | andersk | ip[6]tables: Really ignore SMTP to localhost
Packets in OUTPUT have ... | 
                
                  |  |  | @2617 | 11 years | andersk | ip[6]tables: Ignore SMTP to localhost | 
                
                  |  |  | @2616 | 11 years | mitchb | Certificate and reified vhost config for linguistics | 
                
                  |  |  | @2615 | 11 years | andersk | Upgrade OpenAFS to 1.6.10pre1 for kernel 3.16 support | 
                
                  |  |  | @2614 | 11 years | quentin | Configure iptables for logging user-generated direct SMTP traffic. | 
                
                  |  |  |