ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-22 23:38:44 +08:00
Code Issues Projects Releases Packages Wiki Activity
581 commits 5 branches 49 tags 7.5 MiB
Commit graph

42 commits

Author SHA1 Message Date
Stéphane Lesimple
6d5255d841 enh: orphaned homedirs: adjust behavior on master instances 2023-10-15 12:53:26 +02:00
Stéphane Lesimple
7a3306a00d fix: cleanup-guest-key-access: use cache for performance 2022-07-12 10:07:16 +02:00
Stéphane Lesimple
e040afb074 chore: new perltidy rules 2022-07-01 10:21:19 +02:00
Stéphane Lesimple
d254ad0ba0 fix: osh-cleanup-guest-key-access.pl: load proper config file 2022-03-21 10:57:19 +01:00
Stéphane Lesimple
6d3bd00d4c fix: osh-encrypt-rsync: delete +a source files properly 2022-03-21 10:56:58 +01:00
Stéphane Lesimple
10fcb7ebc5 fix: osh-encrypt-rsync.pl: ensure $verbose is always set, make it configurable, fix a typo 2022-03-18 14:19:08 +01:00
Stéphane Lesimple
6c1a430c66 fix: osh-encrypt-rsync.pl: don't add some folders twice 
This would lead to actually skipping some of the folders,
possibly an oddity of File::Find::find
 2022-03-18 14:19:08 +01:00
Stéphane Lesimple
a7462c0ac7 enh: use snake_case for system scripts json config files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
633061872e chore: remove non-longer used param in load_configuration_file() calls 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
e71aa7b975 feat: add osh-cleanup-guest-key-access.pl script 
This script removes system-level access to group keys to old guests
of groups that no longer have any active access to servers of that group.
This only happens when the last access to be removed from them had a TTL.
 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
f43fdaaf82 enh: osh-lingering-sessions-reaper: make it configurable 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
572ced2af7 enh: osh-piv-grace-reaper: run only on master, standardize config reading 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
07f5c35458 fix: piv-grace-reaper: don't use hash values (had no impact) 
This coding error had no impact because the values are hash references,
hence were rejected immediately as invalid accoounts by account_config()
 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
bd13e5a476 enh: osh-encrypt-rsync: catch warnings emitted by GetOptions 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
c38c9c09f2 chore: fix typos 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
a178aa7906 enh: cron scripts: factorize common code and standardize logging 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
2c2064a484 feat: osh-encrypt-rsync: handle sqlite and user logs along with ttyrec files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
86c7bf39e6 remove compress-old-logs script, as osh-encrypt-rsync will do the job instead 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
dc16e628e2 fix: osh-remove-empty-folders: fix folders counting (logging only) 2022-01-19 16:19:52 +01:00
Stéphane Lesimple
7bb0843de1 feat: add osh-remove-empty-folders.sh 2022-01-19 11:23:44 +01:00
Stéphane Lesimple
744bd5fa0c enh: introduce exit_fail and exit_success for shell scripts 2022-01-19 11:23:44 +01:00
Stéphane Lesimple
ae997dd93c chore: shellcheck: rewrite shell-check.sh and make files compliant with v0.8.0 2021-12-29 11:40:34 +01:00
Stéphane Lesimple
000ed4e8af feat: move scripts to GnuPG 2.x and add tests 2021-12-29 11:20:43 +01:00
Stéphane Lesimple
99686499b1 feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-20 17:00:18 +02:00
Stéphane Lesimple
92d4a46ac5 doc: add osh-piv-grace-reaper.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9f28dfa977 doc: add osh-backup-acl-keys.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
3c6ce52e8e doc: add osh-encrypt-rsync.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
5920b09aed chore: mkdir -p doesn't fail if dir already exists 2021-03-24 10:47:11 +01:00
Stéphane Lesimple
7b7c395c55 enh: osh-orphaned-homedir.sh: add more security checks to ensure we don't archive still-used home dirs 2021-03-19 14:39:31 +01:00
Stéphane Lesimple
6ae85d5afd fix: osh-backup-acl-keys: detect file removed transient error 2021-03-01 09:30:55 +01:00
Stéphane Lesimple
141791db92 fix: scripts: (( )) returns 1 if evaluated to zero 2021-01-15 16:13:30 +01:00
Stéphane Lesimple
d04b15a19e fix: tocttou in ttyrec rotation script 2021-01-14 17:19:48 +01:00
Stéphane Lesimple
361c6a37a2 fix: osh-lingering-sessions-reaper.sh: tocttou on kill could terminate the script early 2021-01-14 17:16:31 +01:00
Stéphane Lesimple
1676979913 feat: add PIV keys support and policy enforcement 
A new global option 'ingressRequirePIV' was added, to enable or disable a
bastion-wide policy forcing everybody to use only PIV keys.
 2021-01-12 12:05:06 +01:00
Stéphane Lesimple
e8d60810f1
Merge pull request #111 from ovh/perluseall 
chore: perl-use-all: dynamically find required modules
 2021-01-05 18:51:25 +01:00
Stéphane Lesimple
8e7fc9b949
chore: perl-use-all: dynamically find required modules 2020-12-31 13:00:00 +00:00
Stéphane Lesimple
9a10ddebd9
enh: satellite scripts: better error handling 2020-12-31 12:13:20 +00:00
thibault.dewailly
1e32cfde7d osh-encrypt-rsync: Remove logfile as mandatory parameter 2020-12-04 10:03:18 +00:00
Thomas SOËTE
2a51a78b54 fix: Enable perl-tidy.sh test 
* Move to ubuntu-20.04 runner
* Remove check in dockers tests
 2020-11-22 21:37:34 +00:00
Stéphane Lesimple
5d3de83e50
fix: osh-encrypt-rsync.pl: allow more broad chars to avoid letting weird-named files behind 2020-11-19 16:34:20 +00:00
Stéphane Lesimple
e907532447
fix: osh-backup-acl-keys.sh: don't exclude .gpg, or we'll miss /root/.gnupg/secring.gpg 2020-11-19 16:33:43 +00:00
Stéphane Lesimple
fde20136ef
Initial commit 2020-10-20 14:30:27 +00:00