ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-06 04:54:20 +08:00
Code Issues Projects Releases Packages Wiki Activity
303 commits 5 branches 53 tags 7.3 MiB
Commit graph

303 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stéphane Lesimple
5b8876a959 doc: FreeBSD 13.0 is now tested instead of 12.1 2021-05-21 14:13:22 +02:00
Stéphane Lesimple
25530fe0d1 chore: tests: always use the latest freebsd github action 2021-05-21 14:13:22 +02:00
Stéphane Lesimple
344865884b fix: groupCreate: deny groups starting with 'key' 
Mitigates #178
 2021-05-21 14:13:22 +02:00
Stéphane Lesimple
f4c59ca96b enh: setup-gpg.sh: clarify the use of ^D with --import 
Closes #179
 2021-05-19 18:56:32 +02:00
Stéphane Lesimple
e865964dd2 enh: setup-encryption.sh: check that luks-config.sh exists 
As seen in #181
 2021-05-19 18:56:17 +02:00
Stéphane Lesimple
68e088a607 doc: accountModify: more details on the --egress-strict-host-key-checking option 2021-05-19 18:55:54 +02:00
Jonathan Marsaud
b7b2533604 accountModify - Add a new accept-new POLICY in egress-strict-host-key-checking parameter 2021-05-19 16:34:35 +02:00
Jérémy Lecour
3e0202d914 Fix typo in unlock-home.sh 
Typo : Mouting → Mounting
 2021-05-19 15:30:32 +02:00
Stéphane Lesimple
c2b4bb192a fix: osh-help: put groupDelEgressKey in the proper category 
Fixes #174
 2021-04-16 09:09:26 +02:00
Stéphane Lesimple
90d6dc2e3c fix: superowners need to have +x on group homes 2021-04-09 09:46:14 +02:00
Stéphane Lesimple
f3ce9dfb06 enh: clearer error message on non-existing group 2021-04-08 12:57:47 +02:00
Stéphane Lesimple
e412083272 fix: accountCreate: incorrect help message (#167) 2021-04-08 12:04:19 +02:00
Stéphane Lesimple
5ec805f26b fix: groupGenerateEgressKey: --help wasn't working properly 2021-04-08 09:41:03 +02:00
Stéphane Lesimple
2a905aca96 release v3.03.01 2021-03-25 11:55:04 +01:00
Stéphane Lesimple
003052530e feat: preparatory work to support Debian 11 "Bullseye" 
We still need to replacee pam_tally2 by pam_faillock
Debian 11 is NOT yet supported, and won't be before it's released as stable.
 2021-03-24 17:41:29 +01:00
Stéphane Lesimple
1d9018ef7f fix: strict check failure was no longer detected to print a help message 
Fixes #155
 2021-03-24 17:41:14 +01:00
Stéphane Lesimple
3b4ea53cce fix: fixrights.sh: 'chmod --' not supported under FreeBSD 2021-03-24 10:47:11 +01:00
Stéphane Lesimple
e37e235bf5 enh: install.inc: try harder to hit GitHub API in CI 2021-03-24 10:47:11 +01:00
Stéphane Lesimple
1b04b800b8 fix: packages-check.sh: centos: ensure cache is up to date before trying to install packages 2021-03-24 10:47:11 +01:00
Stéphane Lesimple
5920b09aed chore: mkdir -p doesn't fail if dir already exists 2021-03-24 10:47:11 +01:00
Stéphane Lesimple
c5cd5d4464 fix: groupDelServer: missing autocompletion in interactive mode 2021-03-23 17:52:11 +01:00
Stéphane Lesimple
7b7c395c55 enh: osh-orphaned-homedir.sh: add more security checks to ensure we don't archive still-used home dirs 2021-03-19 14:39:31 +01:00
Stéphane Lesimple
7dabfc7135 fix: install-yubico-piv-checker: ppc64le installation was broken 2021-03-17 15:14:13 +01:00
Stéphane Lesimple
255f0684cc fix: scp: abort early if host is not found to avoid a warn() 
The following warn would happen if the scp wrapper was called with an invalid hostname:

Use of uninitialized value  in bitwise and (&) at /usr/share/perl5/Net/Netmask.pm line 699.
 at /opt/bastion/bin/plugin/open/../../../lib/perl/OVH/Bastion.pm line 41.
 OVH::Bastion::__ANON__("Use of uninitialized value \ in bitwise and (&) at /usr/shar"...) called at /usr/share/perl5/Net/Netmask.pm line 697
 Net::Netmask::match(Net::Netmask=HASH(0x55b1d5f11860), undef) called at /opt/bastion/lib/perl/OVH/Bastion/allowdeny.inc line 214
 OVH::Bastion::is_access_way_granted("port", 22, "exactUserMatch", 1, "ipfrom", "X.X.X.X", "ip", undef, ...) called at /opt/bastion/lib/perl/OVH/Bastion/allowdeny.inc line 688
 OVH::Bastion::is_access_granted(\"account\", \"johndoe\", \"user\", \"!scpupload\", \"ipfrom\", \"X.X.X.X\", \"ip\", undef, ...) called at /opt/bastion/bin/plugin/open/scp line 136
 2021-03-01 09:31:38 +01:00
Stéphane Lesimple
6ae85d5afd fix: osh-backup-acl-keys: detect file removed transient error 2021-03-01 09:30:55 +01:00
Stéphane Lesimple
b444dc027f chore: tests: support multiple unit-tests 2021-03-01 09:30:43 +01:00
Stéphane Lesimple
89e49ac8b7 fix: add a case to the ignored perl panic race condition 2021-03-01 09:30:30 +01:00
Stéphane Lesimple
b6c7503a73 release v3.03.00 2021-02-22 17:09:12 +01:00
Stéphane Lesimple
4fd010c355 chore: microfixes after review 2021-02-22 13:32:19 +01:00
Stéphane Lesimple
3764d652da enh: interactive: avoid a warn() when TERM is undef 2021-02-22 11:56:33 +01:00
Stéphane Lesimple
8a0f7c6b4f fix: accountInfo: get rid of a warn() 
This occurred since v3.01.99-rc1 when requesting an accountInfo
of an account without an ingress_piv_policy set.

Use of uninitialized value  in concatenation (.) or string at /usr/share/perl/5.28/Term/ANSIColor.pm line 510.
 at /opt/bastion/bin/plugin/restricted/../../../lib/perl/OVH/Bastion.pm line 41.
OVH::Bastion::__ANON__("Use of uninitialized value \ in concatenation (.) or st"...) called at /usr/share/perl/5.28/Term/ANSIColor.pm line 510
Term::ANSIColor::colored(undef, "green") called at /opt/bastion/bin/plugin/restricted/accountInfo line 178
 2021-02-22 11:56:33 +01:00
Stéphane Lesimple
ce692ed517 chore: update generated doc 2021-02-22 11:56:19 +01:00
Stéphane Lesimple
edb1b77dfc feat: auto-add hostname as comment in groupAddServer / selfAddPersonalAccesss 
Implements a side suggestion of #60
 2021-02-22 11:56:19 +01:00
Stéphane Lesimple
383f2a011c enh: guests: groupAddGuestAccess now supports setting a comment 
If no comment is set, the comment is inherited from the group ACL,
as seen in groupListServers.

selfAddPersonalAccess now also return details
about the added server in the returned JSON.

Closes #18
Closes #17
 2021-02-22 11:56:19 +01:00
Stéphane Lesimple
b480316386 fix: groupDelGuestAccess: deleting a guest access returned an error on TTL-forced groups 2021-02-22 11:56:19 +01:00
Stéphane Lesimple
9216e2db1b enh: groupAddServer: augment the returned JSON with the added server details 2021-02-22 11:56:19 +01:00
Stéphane Lesimple
df50dd0796 chore: docbuild: add new required pkg 2021-02-18 16:05:02 +01:00
Stéphane Lesimple
ed77c1ef3e feat: transmit PIV enforcement status to remote realms 
Closes #33
 2021-02-18 16:05:02 +01:00
Stéphane Lesimple
2327c4dfa1 chore: remove useless '## no critic', perltidy 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
5eb5135d26 doc: update 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
488ec6382e enh: move unexpected-sudo messages from security to code-warning type 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
e760cf6142 feat: add groupGenerateEgressKey and groupDelEgressKey 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
fe58cf1d14 enh: egress ssh key: compute an ID so that keys can be pointed to and deleted 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
c88be2def1 enh: get_group_keys: return the keyhome to avoid hardcoding it on several places 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
02b76d301a fix: groupSetRole: pass sudo param to subfuncs to avoid a security warning 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
4624f71ea2 fix: execute: remove osh_warn on tainted params to avoid exposing arguments on coding error 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
fbe7461fcb chore: fix typo in documentation 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
e235199715 fix: groupModify: deny early if user is not an owner of the group 
This way, the error message is clearer
 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
7eeccb7c5d enh: groupInfo: nicer message when no egress key exists 2021-02-17 10:03:40 +01:00
Stéphane Lesimple
3b37242317 chore: more readable version of sql statements 
Signed-off-by: Stéphane Lesimple <stephane.lesimple+bastion@ovhcloud.com>
 2021-02-15 11:25:45 +01:00