ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-09 22:44:16 +08:00
Code Issues Projects Releases Packages Wiki Activity
469 commits 5 branches 53 tags 7.3 MiB
Commit graph

148 commits

Author SHA1 Message Date
Stéphane Lesimple
7ff286b00f v3.09.00-rc1 2022-07-04 11:06:54 +02:00
Stéphane Lesimple
3956dc587b fix: ttyrec cmdline: don't add --warn-before-* when no --idle-*-timeout is specified 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
46a01a546a feat: groupModify: add --idle-lock-timeout and --idle-kill-timeout for group-specific timeouts 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
6fb528ccf1 chore: rename some vars for clarity 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
e040afb074 chore: new perltidy rules 2022-07-01 10:21:19 +02:00
Stéphane Lesimple
7a043165bc fix: don't emit a membership log when nothing changed 2022-07-01 10:09:57 +02:00
Stéphane Lesimple
884b4bbaf0 fix: install: ensure that the healthcheck user can always connect from 127.0.0.1 
Regardless of the bastion config about the ingressKeysFrom configuration
 2022-06-29 11:33:41 +02:00
Stéphane Lesimple
2e9e955e93 chore: interactive.inc: prepend internal funcs by _ 2022-03-14 12:42:26 +01:00
Stéphane Lesimple
effab4a5c2 fix: workaround for undocumented caching in getpw/getgr funcs 2022-03-14 12:42:26 +01:00
Stéphane Lesimple
7fa2523bfc fix: get_group_list() returned invalid members list (was not used anywhere) 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
a178aa7906 enh: cron scripts: factorize common code and standardize logging 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
2c2064a484 feat: osh-encrypt-rsync: handle sqlite and user logs along with ttyrec files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
0ffdd108bd v3.08.01 2022-01-19 11:24:12 +01:00
Stéphane Lesimple
744bd5fa0c enh: introduce exit_fail and exit_success for shell scripts 2022-01-19 11:23:44 +01:00
Stéphane Lesimple
d7a898a5fa Release v3.08.00 2022-01-04 15:50:02 +01:00
Stéphane Lesimple
ae997dd93c chore: shellcheck: rewrite shell-check.sh and make files compliant with v0.8.0 2021-12-29 11:40:34 +01:00
Stéphane Lesimple
54a4dc6c65 chore: use state vars where we can 2021-12-29 11:21:04 +01:00
Stéphane Lesimple
b3af2933f9 enh: install.inc: random delay under CI 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
be6a71afab fix: install.inc: verbose under CI 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
2f623dfb3a fix: install.inc: fail nicely on invalid JSON under set -e 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
11e81614a4 fix: remove hardcoded config path and fix FreeBSD 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
f609565fe8 enh: batch: detect when asked to start a plugin requiring MFA 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
000ed4e8af feat: move scripts to GnuPG 2.x and add tests 2021-12-29 11:20:43 +01:00
Stéphane Lesimple
e847a19857 enh: ttyrec & yubico installs: hardcode URLs for when API is down 2021-12-22 18:00:21 +01:00
Stéphane Lesimple
aaaa173764 feat: add the accountUnlock restricted plugin 2021-12-21 09:42:54 +01:00
Stéphane Lesimple
d51c4c8be0 fix: tests: full tests on FreeBSD 2021-12-20 12:54:32 +01:00
Stéphane Lesimple
c48af00ff8 feat: add info_syslog() and code-info syslog type 2021-12-16 11:02:26 +01:00
Stéphane Lesimple
7cc350b40d chore: check for spurious args in all helpers 2021-12-16 11:02:13 +01:00
Stéphane Lesimple
3507586de6 release v3.07.00 2021-12-13 14:02:41 +01:00
Stéphane Lesimple
cb28b44382 chore/fix: move HEXIT() to helper module, use HEXIT only in helpers 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
d4cc727f74 chore: factorize helpers header 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
2c2f723bbb fix: add helpers handling of SIGPIPE/SIGHUP 
To avoid having e.g. a group creation interrupted in the middle just because
the caller killed their ssh connection while we're still working
 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
1725130a15 fix: avoid double-close log messages on HUP 2021-12-13 09:50:36 +01:00
Antoine Leblanc
cbf1bd6645 doc: allowkeeper: fix typo 
Signed-off-by: Antoine Leblanc <antoine.leblanc@ovhcloud.com>
 2021-12-09 16:51:55 +01:00
Christophe Crochet
e9841b89bc update of --force-password: removed guest support 2021-12-09 16:51:40 +01:00
Christophe Crochet
ff40617624 update of --force-password: guest support, autocompletion, new tests, code cleanups 2021-12-09 16:51:40 +01:00
Christophe Crochet
e4b132ed9a new access option: --force-password <HASH>, to only try one specific password 2021-12-09 16:51:40 +01:00
Stéphane Lesimple
89ecb2c0d7 feat: add support for Duo PAM auth as MFA (#249) 2021-11-03 15:50:10 +01:00
Stéphane Lesimple
11b2bc60b2 release v3.06.00 2021-10-20 13:42:13 +02:00
Christophe Crochet
d85298f229 new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required 2021-10-15 11:22:00 +02:00
madx
ea8ed97a34 new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both 2021-10-15 11:22:00 +02:00
Stéphane Lesimple
a6488ee6fb fix: groupdel: false positive in lock contention detection 
Groups that were containing 'lock' or 'retry' in their name
would falsely trigger the /etc/passwd and /etc/group lock
contention detection, due to their presence in the output of
the system command, implying several retries that were not
needed.
 2021-09-28 09:08:31 +02:00
Stéphane Lesimple
b5c5d9d5ee release v3.05.01 2021-09-22 10:43:40 +02:00
Stéphane Lesimple
b58388a3d9 feat: add --proactive-mfa and mfa/nofa interactive commands 
For bastions using JIT MFA, where MFA can be requested when
attempting to connect through specific groups, or when using
some commands, with respect to MFA being enforced at connection
time directly through the sshd authentication process, one can
now request MFA validation in advance, to workaround problems
in commands such as ``clush``  or ``batch``, and interactive mode.
 2021-09-21 12:06:40 +02:00
Stéphane Lesimple
f64cf79260 chore: rename an envvar for clarity 2021-09-21 12:06:40 +02:00
Stéphane Lesimple
db8f621abf doc: add help about the interactive builtin commands (#227) 2021-09-20 17:00:46 +02:00
Stéphane Lesimple
d3f443a532 release v3.05.00 2021-09-14 10:21:04 +02:00
Stéphane Lesimple
ef10d509fd enh: add max_inactive_days to account configuration (#230) 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
873804dbbe enh: config reading: add rootonly option 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9b2aa996b3 enh: better use of account creation metadata 
Store account creation information in a JSON.
Display this information in `accountInfo` for auditors.
 2021-07-23 09:50:18 +02:00