ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-06 21:14:15 +08:00
Code Issues Projects Releases Packages Wiki Activity
482 commits 5 branches 53 tags 7.3 MiB
Commit graph

482 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stéphane Lesimple
0c96df0a3d enh: tests: faster perl-check script 2022-07-29 11:35:26 +02:00
Stéphane Lesimple
ebebed7be0 fix: remove spurious set +e/-e after commit bdea34c 2022-07-29 11:34:56 +02:00
Stéphane Lesimple
7b3c721f66 doc: add a missing parameter in ping's help 2022-07-29 11:34:43 +02:00
Stéphane Lesimple
a86f25470a chore: selfListEgressKeys: fix typo 2022-07-29 11:29:58 +02:00
Stéphane Lesimple
8c2b6a410a fix: accountUnlock: add missing check_spurious_args and no_auto_abbrev 2022-07-29 11:29:34 +02:00
Stéphane Lesimple
81aeb2ee3c release v3.09.00-rc3 2022-07-12 12:34:58 +02:00
Stéphane Lesimple
72cefa6417 fix: performance issues introduced by effab4a 
Commit that introduced the performance degradation is effab4a
(fix: workaround for undocumented caching in getpw/getgr funcs)

Rewrote caching at the getpwent/getpwnam/getgrent/getgrnam level,
which restores performance pre-effab4a and even enhances it in somes cases,
for example on a 2000-accounts and 2000-groups bastion, we are:

- 11% faster on --osh help
- 35% faster on --osh selfListAccesses (reduces syscalls by 87%)
 2022-07-12 10:07:16 +02:00
Stéphane Lesimple
7a3306a00d fix: cleanup-guest-key-access: use cache for performance 2022-07-12 10:07:16 +02:00
Stéphane Lesimple
bdea34ccad enh: install: better error detection 2022-07-11 12:06:42 +02:00
Stéphane Lesimple
8e148a6e53 release v3.09.00-rc2 2022-07-05 18:12:08 +02:00
Stéphane Lesimple
45070f833c enh: MFA: specify account name in message 2022-07-05 18:06:41 +02:00
Stéphane Lesimple
c89dd82d26 enh: print_public_key: better formatter 2022-07-05 18:04:19 +02:00
Stéphane Lesimple
6ccb43e938 enh: move some code from get_hashes_list() to a new get_password_file() 2022-07-05 18:04:19 +02:00
Stéphane Lesimple
7fafeb3e1d doc: osh-encrypt-rsync.conf: add verbose 2022-07-05 18:04:19 +02:00
Thomas Soëte
da6d80bef1 fix: Bad plugin name 2022-07-05 10:02:37 +02:00
Stéphane Lesimple
7ff286b00f v3.09.00-rc1 2022-07-04 11:06:54 +02:00
Stéphane Lesimple
73b6a625f5 feat: add support and tests for Ubuntu 22.04 LTS 2022-07-04 11:06:34 +02:00
Stéphane Lesimple
d75b221deb fix: group-specific idle timeouts: also handle password-only groups 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
39e667f703 doc: amend groupModify documentation 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
3956dc587b fix: ttyrec cmdline: don't add --warn-before-* when no --idle-*-timeout is specified 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
291d897832 fix: group-specific timeouts: advertise the proper timeout that will be applied when connecting 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
3540dc309c enh: groupInfo: clearer message for disabled idle/kill timeout policies 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
46a01a546a feat: groupModify: add --idle-lock-timeout and --idle-kill-timeout for group-specific timeouts 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
6fb528ccf1 chore: rename some vars for clarity 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
e040afb074 chore: new perltidy rules 2022-07-01 10:21:19 +02:00
Stéphane Lesimple
bd2f069c7e enh: print a msg when no ingress keys are found 2022-07-01 10:10:17 +02:00
Stéphane Lesimple
7a043165bc fix: don't emit a membership log when nothing changed 2022-07-01 10:09:57 +02:00
Stéphane Lesimple
077735908a fix: {group,account}Delete: move() would sometimes fail, replace by mv 2022-06-29 11:35:04 +02:00
Stéphane Lesimple
4f99c4fe6c fix: ping: force a deadline, and restore default sighandlers 2022-06-29 11:34:24 +02:00
Stéphane Lesimple
884b4bbaf0 fix: install: ensure that the healthcheck user can always connect from 127.0.0.1 
Regardless of the bastion config about the ingressKeysFrom configuration
 2022-06-29 11:33:41 +02:00
Romain Beuque
c1ca9b6374 fix: typo in the 'alive' command 
Signed-off-by: Romain Beuque <556072+rbeuque74@users.noreply.github.com>
 2022-06-08 12:01:10 +02:00
Stéphane Lesimple
c9c413ed7f doc: add note about root access for installation 2022-04-28 10:27:33 +02:00
Stéphane Lesimple
d254ad0ba0 fix: osh-cleanup-guest-key-access.pl: load proper config file 2022-03-21 10:57:19 +01:00
Stéphane Lesimple
6d3bd00d4c fix: osh-encrypt-rsync: delete +a source files properly 2022-03-21 10:56:58 +01:00
Stéphane Lesimple
10fcb7ebc5 fix: osh-encrypt-rsync.pl: ensure $verbose is always set, make it configurable, fix a typo 2022-03-18 14:19:08 +01:00
Stéphane Lesimple
6c1a430c66 fix: osh-encrypt-rsync.pl: don't add some folders twice 
This would lead to actually skipping some of the folders,
possibly an oddity of File::Find::find
 2022-03-18 14:19:08 +01:00
Stéphane Lesimple
2e9e955e93 chore: interactive.inc: prepend internal funcs by _ 2022-03-14 12:42:26 +01:00
Stéphane Lesimple
effab4a5c2 fix: workaround for undocumented caching in getpw/getgr funcs 2022-03-14 12:42:26 +01:00
Stéphane Lesimple
d88cf637ee chore: add more info in syslog warnings for accountDelete 2022-03-14 12:42:26 +01:00
Stéphane Lesimple
982f21a950 chore: remove CentOS 8 from tests (EOL) 2022-03-14 12:42:26 +01:00
Stéphane Lesimple
0f4893df82 chore: fix FreeBSD tests 2022-03-14 12:42:26 +01:00
Stéphane Lesimple
a781d0c1d2 doc: better menu organization 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
ee776707c1 chore: standardize doc generation for config files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
a7462c0ac7 enh: use snake_case for system scripts json config files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
633061872e chore: remove non-longer used param in load_configuration_file() calls 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
bbdf5a36b8 feat: add NRPE probes 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
e71aa7b975 feat: add osh-cleanup-guest-key-access.pl script 
This script removes system-level access to group keys to old guests
of groups that no longer have any active access to servers of that group.
This only happens when the last access to be removed from them had a TTL.
 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
f43fdaaf82 enh: osh-lingering-sessions-reaper: make it configurable 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
572ced2af7 enh: osh-piv-grace-reaper: run only on master, standardize config reading 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
7fa2523bfc fix: get_group_list() returned invalid members list (was not used anywhere) 2022-02-09 14:31:33 +01:00