ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-01 13:01:53 +08:00
Code Issues Projects Releases Packages Wiki Activity
370 commits 6 branches 48 tags 7.3 MiB
Commit graph

92 commits

Author SHA1 Message Date
madx
4d3ee1b99d regenerated doc 2021-10-15 11:22:00 +02:00
madx
ea8ed97a34 new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both 2021-10-15 11:22:00 +02:00
Jean "henyxia" Wasilewski
b40a2fd6e3 fix: add superowner group requirement 
Signed-off-by: Jean "henyxia" Wasilewski <henyxia@revs0.com>
 2021-09-24 11:56:35 +02:00
Stéphane Lesimple
b5c5d9d5ee release v3.05.01 2021-09-22 10:43:40 +02:00
Stéphane Lesimple
b58388a3d9 feat: add --proactive-mfa and mfa/nofa interactive commands 
For bastions using JIT MFA, where MFA can be requested when
attempting to connect through specific groups, or when using
some commands, with respect to MFA being enforced at connection
time directly through the sshd authentication process, one can
now request MFA validation in advance, to workaround problems
in commands such as ``clush``  or ``batch``, and interactive mode.
 2021-09-21 12:06:40 +02:00
Stéphane Lesimple
99686499b1 feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-20 17:00:18 +02:00
Stéphane Lesimple
8e6c247cdf doc: add upgrading notice 2021-09-14 16:05:27 +02:00
Stéphane Lesimple
d3f443a532 release v3.05.00 2021-09-14 10:21:04 +02:00
Stéphane Lesimple
4a21cfc421 enh: add --max-inactive-days to accountCreate 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
ef10d509fd enh: add max_inactive_days to account configuration (#230) 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
15cb2c2453 enh: accountInfo: add --list-groups 
Listing groups can be slow on bastions having thousands
of groups, hence this is now disabled by default.
 2021-09-02 13:13:44 +02:00
Stéphane Lesimple
82b681a38d doc: add faq about session locking (#226) 2021-09-02 11:42:48 +02:00
Stéphane Lesimple
5d188faac0 chore: trick perltidy 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
2510de0cd5 doc: generate scripts doc reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
710eb2e4cb doc: use autosectionlabel 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
92d4a46ac5 doc: add osh-piv-grace-reaper.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9f28dfa977 doc: add osh-backup-acl-keys.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
3c6ce52e8e doc: add osh-encrypt-rsync.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
0dc448943a doc: add osh-sync-watcher.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
a08f56df9f feat: support pam_faillock for Debian 11 (#163) 2021-07-05 10:35:58 +02:00
Stéphane Lesimple
a447662cfd release v3.04.00 2021-07-02 17:31:47 +02:00
Stéphane Lesimple
d3f323d0c6 doc: micro fixes 2021-07-02 16:50:53 +02:00
Stéphane Lesimple
01690e8111 bump to v3.03.99-rc2 2021-06-30 17:20:48 +02:00
Stéphane Lesimple
ecee68c8bc chore: fix spurious empty lines at end of generated rst files 2021-06-30 15:52:47 +02:00
Stéphane Lesimple
458c50eff1 documentation: add a lot of new documentation topics 2021-06-30 15:52:47 +02:00
Stéphane Lesimple
2193ee487d enh: replace 'allowUTF8' (introduced in rc1) by 'fanciness' 2021-06-30 09:53:04 +02:00
Stéphane Lesimple
2f1e3fbfa8 support: del deb8/ubuntu1404/opensuse150/opensuse151, add opensuse153 
Remove support for EOL OSes:
- Debian 8
- Ubuntu 14.04
- OpenSUSE 15.0
- OpenSUSE 15.1

Add support for:
- OpenSUSE 15.3
 2021-06-25 16:02:38 +02:00
Stéphane Lesimple
d400ceeb9f doc: clush: document --user and --port 
Partly fixes #201
 2021-06-23 12:24:32 +02:00
Stéphane Lesimple
76639b665c chore: doc: auto-detect current year in generated documentation 
and set 2021 in LICENSE
 2021-06-15 09:00:19 +02:00
Romain Lebbadi-Breteau
2d43a7c915 Add extract argument to tar 2021-06-14 11:23:44 +02:00
Stéphane Lesimple
710b55d845 bump to v3.03.99-rc1 2021-06-03 17:01:10 +02:00
Stéphane Lesimple
3925e67d43 feat: add groupDestroy command for owners 
This command deletes a group, as `groupDelete` does, but works
for owners so that they can delete their own group.
`groupDelete` remains as a restricted command, able to delete any group.

Closes #40.
 2021-06-02 15:32:40 +02:00
Stéphane Lesimple
8cc990ad57 feat: add filtering options to several cmds,nicify print_acls() 
The commands selfListAccesses, accountListAccesses,
groupList, groupListServers, groupListGuestAccesses and
accountList now have options to filter their output through
pattern matching, with --include and --exclude.

The output from the commands using print_acls() is also more
human-friendly, with auto-adjusting column length, and empty
columns omitted.

Closes #60.
 2021-05-25 09:42:28 +02:00
Stéphane Lesimple
37301e35cc chore: update documentation 2021-05-24 16:44:35 +02:00
Stéphane Lesimple
68e088a607 doc: accountModify: more details on the --egress-strict-host-key-checking option 2021-05-19 18:55:54 +02:00
Jonathan Marsaud
b7b2533604 accountModify - Add a new accept-new POLICY in egress-strict-host-key-checking parameter 2021-05-19 16:34:35 +02:00
Stéphane Lesimple
e412083272 fix: accountCreate: incorrect help message (#167) 2021-04-08 12:04:19 +02:00
Stéphane Lesimple
2a905aca96 release v3.03.01 2021-03-25 11:55:04 +01:00
Stéphane Lesimple
5920b09aed chore: mkdir -p doesn't fail if dir already exists 2021-03-24 10:47:11 +01:00
Stéphane Lesimple
b6c7503a73 release v3.03.00 2021-02-22 17:09:12 +01:00
Stéphane Lesimple
4fd010c355 chore: microfixes after review 2021-02-22 13:32:19 +01:00
Stéphane Lesimple
ce692ed517 chore: update generated doc 2021-02-22 11:56:19 +01:00
Stéphane Lesimple
5eb5135d26 doc: update 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
fbe7461fcb chore: fix typo in documentation 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
d430c602bf release v3.02.00 2021-02-02 15:02:51 +01:00
Stéphane Lesimple
a913c5aa8a bump to v3.01.99-rc4 2021-01-25 12:18:27 +01:00
Stéphane Lesimple
3bb1db3a4d bump to v3.01.99-rc3 2021-01-21 15:57:11 +01:00
Stéphane Lesimple
3dfa77ebab doc: update groupList/accountList documentation 2021-01-21 15:56:59 +01:00
Stéphane Lesimple
3aa6e343fd doc: add pointers to the-bastion-ansible-wrapper & debian-cis 2021-01-21 15:06:43 +01:00
Stéphane Lesimple
928bf0c7b0 enh: config: detect warnBefore/idleTimeout misconfiguration 
Before, an inconsistency in the configuration settings of the warnBefore(Lock|Kill)Seconds
and idle(Lock|Kill)Timeout could break any new connection (ttyrec refuses to launch).

Now we detect this case properly, and fallback to a sane setting for
warnBefore(Lock|Kill)Seconds (zero) if those were set without enabling the corresponding
idle(Lock|Kill)Timeout setting. We also log an error to syslog when it happens,
so that the sysadmin can fix their configuration.

Added hints about how these configuration options work together in the bastion.conf.dist file.

Fixes #125
 2021-01-19 12:26:09 +01:00