It makes sense to not give users without Sys.Audit permissions to
much information over a node and this is relatively easy and cheap to
check and enforce at those two points.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Oguz Bektas <o.bektas@proxmox.com>
disabling http compression is considered good practice and certain TLS-testing
scripts/sites lower the security rating if it's enabled.
compression is still on by default for the potential speed/performance gain.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
fix#2069 (the report includes rationale and also information on test-cases).
Tested by:
* running testssl.sh [0]
* enabling this setting (our default cipherlist prefers AES256,
chromium on stretch AES128)
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
since this is not a good default, we do not want the user
to have to configure those limits for each storage, and
a warning triangle was confusing for multiple users,
we remove this again
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Acked-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
by default it is unknown, if the storage is >= 60% full, it is
'nearfull', if it is >= 90% full, it is 'full'
if we have any other information, it is 'available'
we can use this information for the tree
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
by default it is unknown,
if it is a standalone node its online
else it is either 'online' or 'offline' depending on the corosync status
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
use the new keeplocale parameter from run_command and do not delete the
LANG and LANGUAGE variable for the vncshell
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
If set, Diffie-Hellman parameters in PEM format are loaded
from the given path. Otherwise, the built-in 'skip2048'
group is used.
Also fix some typos in the man page.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
