New TurnKey Core version (15.0)

Changes:

  • Upgraded base distribution to Debian 9.4/Stretch.
  • TurnKey Backup and Migration (tklbam):
    • package and dependencies are now reproducible (security) [ Chris Lamb ]
    • backup update fix - new dependency for Stretch; gnupg (closes #962) [ Ken Robinson ]
    • restore update fix - ensure patches are applied to tklbam-squid source code (TurnKey squid fork) (closes #970) [ Ken Robinson (troubleshooting) & Chris Lamb (fix) ]
  • Installer (di-live):
    • package is now reproducible (security) [ Chris Lamb ]
    • fix di-live failing to install from live system (closes #1041) [ Stefan Davis ]
  • Live environment (casper):
    • package is now reproducible (security) [ Chris Lamb ]
    • update to support overlayFS (default layering filesystem in stretch) [ Stefan Davis ]
  • Configuration console (confconsole):
    • general: - package is now reproducible (security) [ Chris Lamb ]
    • Networking: - fix for static IP not sticking (since upgrade to stretch base) (closes #952)
    • Let's Encrypt plugin: - install 'dehydrated' (ACME client) from Debian main repo (previously installed from jessie-backports) - significant refatoring of plugin - support for multiple domains (closes #843) - fix for updated ACME ToS; including dynamically discovered latest ToS; inc dialog display of url for current ToS (closes #976) - update dialog and readme for Debian Stretch (closes #1061) [ Stefan Davis ]
  • Firstboot Initialization (inithooks):
    • Updates for headless builds especially LXC/Proxmox & Xen: - include specific inithooks-lxc.service file - initialization SystemD service that works reliably inside an LXC container (and doesn't effect other builds) (closes #1071) - include specific inithooks-xen.service file - initialization SystemD service that works reliably with the Xen console (and doesn't effect other builds) - force non-interactive dpkg-reconfigure of openssh-server (closes #1085) - updated initfence index page to note that webshell not avaialble (closes #1087) - fix edge case bug where turnkey-sudoadmin would incorrectly adjust services.txt (closes #1124)
  • Web management console (webmin):
    • upgraded webmin to v1.881
    • package is reproducible (no changes required) (security)
    • resolve stretch related install problem (closes #920) [ Ken Robinson ]
    • new default theme, uses upstream default; 'Authentic' (closes #781)
    • TurnKey theme customizations; TurnKey logos, default to show TKLBAM module on login
    • remove webmin-file (java based filemanager) module (closes #965)
    • remove webmin-texteditor module (upstream)
    • include webmin-fail2ban module
    • add convience symlinks to useful Webmin logs (in /var/log/webmin)
    • reconfigure webmin-raid & webmin-lvm modules during build (workaround for #1091)
  • TurnKey AMQ (tklamq) - only applies to Hub builds:
    • python-carrot deprecated, move to dependency on python-kombu
  • Web shell (shellinabox):
    • install v2.20 direct from Debian main repo (no longer maintaining our own fork) (closes #918)
    • version from Debian displays ncurses dialog properly (closes #317)
    • white on black default webshell (aka shellinabox) theme (closes #1060)
  • Security hardening: [ John Carver ]
    • default config mods for: - postfix - ssh - kernel sysctl variables - inc easy option to override (via /etc/sysctl.conf)
  • Optimized builds (buildtasks):
    • VM builds (OVA & VMDK): - include open-vm-tools-dkms & linux-headers-amd64 in base builds (closes #1001) [ Stefan Davis ]
  • Miscellaneous:
    • update to support overlayFS (default layering filesystem in stretch)
    • default to SystemD init system for all builds
    • use traditional network interface names, e.g. 'eth0' (disable stretch default of "Predictable Network Interface Names")
    • 'dpkg-vendor --query Vendor' now returns 'TurnKey` (closes #196)
    • include fail2ban in all appliances (closes #630 & #991) - MVP uses default Debian conf, protects SSH only
    • use http://deb.debian.org as Debian url in sources.list - as recommended by Debian (closes #927)
    • upstream fix for MOTD not being updated dynamically (closes #1024) [ Stefan Davis ]

Links

New TurnKey Core version (14.2)

Changes:

  • Upgraded base distribution to Debian Jessie 8.7.
  • Webmin (web based administration):
    • Update to 1.831 (includes fix for [#493]).
  • Confconsole (configuration console - console based admin):
    • significant refactoring to support "Advanced" plugins [#369].
    • Included new plugins: - Region Config >> Locales/Keyboard/Tzdata [#14, #38, #746, #770, #771]. - Proxy Settings >> Apt proxy [#203]. - System Settings >> Set hostname [#180, #450, #765, #795]. - Mail relay - SMTP email relay config [#482]. - Let's Encrypt SSL certs (via Dehydrated) [#546, #766, #767]. - includes install of dehydrated (from jessie-backports).
  • Inithooks (firstboot initialization):
    • - make secalerts more robust [#532]. - password complexity requirements explicitly stated [#556].
  • di-live (TurnKey installer):
    • - resolved LVM install bug [#782]. - di-live - reordered install options so install to LVM is default [#791].
  • TKLBAM (backup and migration tool):
    • - various bugfixes and improvements.
  • miscellaneous:
    • - tweaked turnkey-make-ssl-cert for improved code styling and functionality. - fixed Monit configuration [#603]. - update default apt URLs to httpredir.debian.org [#742]. - removed core package from all builds (except core) [#762]. - improved default vim-tiny config [#763].

Links

New TurnKey Core version (14.1)

Changes:

  • Installed all Debian security updates.
  • Installed updated packages from TurnKey repo
    • Webmin - Update to 1.780 [#496].
    • Webmin - Install new HTML5 file manager.
    • Confconsole - now handles bridged LXC net config.
    • Inithooks - email regex now less demanding [#155].
    • Inithooks - ssh message on root login attempt (under sudoadmin) to a TKL EC2 instance like Debian does [#541].
    • Inithooks - improved container fence firstboot console output [#570].
  • turnkey-make-ssl-cert now leaks the least amount of info possible [#572].

Links