ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-06 07:22:14 +08:00
Code Issues Projects Releases Packages Wiki Activity
410 commits 5 branches 49 tags 7.4 MiB
Commit graph

174 commits

Author SHA1 Message Date
Stéphane Lesimple
ae74a823f8 chore: perltidy: rewrite perl-tidy.sh to support single-file tidy 2021-12-29 11:40:34 +01:00
Stéphane Lesimple
ae997dd93c chore: shellcheck: rewrite shell-check.sh and make files compliant with v0.8.0 2021-12-29 11:40:34 +01:00
Stéphane Lesimple
f609565fe8 enh: batch: detect when asked to start a plugin requiring MFA 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
000ed4e8af feat: move scripts to GnuPG 2.x and add tests 2021-12-29 11:20:43 +01:00
Stéphane Lesimple
f8f193b298 enh: selfMFASetupPassword: add more messages for the user 2021-12-28 09:54:17 +01:00
Stéphane Lesimple
e847a19857 enh: ttyrec & yubico installs: hardcode URLs for when API is down 2021-12-22 18:00:21 +01:00
Stéphane Lesimple
a68ccb3f8c feat: add new OSes and deprecate old ones 
add:
- Debian 11
- RockyLinux 8

remove:
- OpenSUSE Leap 15.2
- Old minor versions of CentOS 7.x
- Old minor versions of CentOS 8.x
 2021-12-21 12:00:04 +01:00
Stéphane Lesimple
aaaa173764 feat: add the accountUnlock restricted plugin 2021-12-21 09:42:54 +01:00
Stéphane Lesimple
d51c4c8be0 fix: tests: full tests on FreeBSD 2021-12-20 12:54:32 +01:00
Stéphane Lesimple
7cc350b40d chore: check for spurious args in all helpers 2021-12-16 11:02:13 +01:00
Stéphane Lesimple
90dbe04dde enh: detect silent password change failures 2021-12-15 18:20:46 +01:00
Stéphane Lesimple
850152a88c enh: ensure proper Getopt::Long options are set everywhere 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
d4cc727f74 chore: factorize helpers header 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
2c2f723bbb fix: add helpers handling of SIGPIPE/SIGHUP 
To avoid having e.g. a group creation interrupted in the middle just because
the caller killed their ssh connection while we're still working
 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
1725130a15 fix: avoid double-close log messages on HUP 2021-12-13 09:50:36 +01:00
Stéphane Lesimple
373f4907de fix: tests under OpenSUSE (fping raw sockets) 2021-12-13 09:32:52 +01:00
Christophe Crochet
98c1c79382 update of --force-password: code style cleanup 2021-12-09 16:51:40 +01:00
Christophe Crochet
e9841b89bc update of --force-password: removed guest support 2021-12-09 16:51:40 +01:00
Christophe Crochet
ff40617624 update of --force-password: guest support, autocompletion, new tests, code cleanups 2021-12-09 16:51:40 +01:00
Christophe Crochet
e4b132ed9a new access option: --force-password <HASH>, to only try one specific password 2021-12-09 16:51:40 +01:00
Stéphane Lesimple
89ecb2c0d7 feat: add support for Duo PAM auth as MFA (#249) 2021-11-03 15:50:10 +01:00
Stéphane Lesimple
7dcbfeebc6 fix: --self-password was missing as a -P synonym (#257) 2021-10-28 11:33:13 +02:00
Stéphane Lesimple
00aa2e7efc fix: selfMFASetupTOTP: bad return func 2021-10-20 13:42:13 +02:00
Christophe Crochet
d85298f229 new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required 2021-10-15 11:22:00 +02:00
madx
ea8ed97a34 new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both 2021-10-15 11:22:00 +02:00
Stéphane Lesimple
a65cbd55b8 accountPIV: fix bad autocompletion rule 2021-10-08 22:19:51 +02:00
Stéphane Lesimple
8d84fce34f fix: proactive-mfa: make it work for --osh batch and --osh clush 2021-09-22 11:32:19 +02:00
Stéphane Lesimple
b58388a3d9 feat: add --proactive-mfa and mfa/nofa interactive commands 
For bastions using JIT MFA, where MFA can be requested when
attempting to connect through specific groups, or when using
some commands, with respect to MFA being enforced at connection
time directly through the sshd authentication process, one can
now request MFA validation in advance, to workaround problems
in commands such as ``clush``  or ``batch``, and interactive mode.
 2021-09-21 12:06:40 +02:00
Stéphane Lesimple
f64cf79260 chore: rename an envvar for clarity 2021-09-21 12:06:40 +02:00
Stéphane Lesimple
99686499b1 feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-20 17:00:18 +02:00
Stéphane Lesimple
4a21cfc421 enh: add --max-inactive-days to accountCreate 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
ef10d509fd enh: add max_inactive_days to account configuration (#230) 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
15cb2c2453 enh: accountInfo: add --list-groups 
Listing groups can be slow on bastions having thousands
of groups, hence this is now disabled by default.
 2021-09-02 13:13:44 +02:00
Stéphane Lesimple
f1e875ca4b fix: erroneous message in connect.pl 2021-09-02 11:42:18 +02:00
Stéphane Lesimple
56d4078605 feat: add --fallback-password-delay (3) for ssh password autologin 2021-09-02 11:42:18 +02:00
Stéphane Lesimple
5930775626 enh: better error message when unknown option is used 2021-09-02 10:07:03 +02:00
Stéphane Lesimple
cd5b61b239 chore: perlcritic: remove Variables::RequireInitializationForLocalVars check 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
92d4a46ac5 doc: add osh-piv-grace-reaper.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9f28dfa977 doc: add osh-backup-acl-keys.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
3c6ce52e8e doc: add osh-encrypt-rsync.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
0dc448943a doc: add osh-sync-watcher.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9b2aa996b3 enh: better use of account creation metadata 
Store account creation information in a JSON.
Display this information in `accountInfo` for auditors.
 2021-07-23 09:50:18 +02:00
Stéphane Lesimple
c0bebf23d4 fix: accountCreate --uid-auto: rare case where a free UID couldn't be found 
This happened when a free UID was found, along with a corresponding GID,
but the corresponding GID for the ttyrec group of the account was not
available. Now this is checked directly in get_next_available_uid()
 2021-07-19 11:53:18 +02:00
Stéphane Lesimple
6b4418e864 chore: fixrights: ensure tests/functional/proxy/remote-daemon is +x 2021-07-16 11:05:04 +02:00
Stéphane Lesimple
2390f56c9a chore: groupCreate: fix help message 2021-07-02 18:25:24 +02:00
Stéphane Lesimple
f483b1540a enh: max account length is now 28 chars up from 18 2021-07-02 17:41:12 +02:00
thibault.dewailly
5415ed2793 Feat: Add admin and super owner accounts list in info plugin 
For auditing purposes, get admin and super owner list in info plugin
Available for auditor role only
Closes #206
 2021-06-28 11:13:30 +02:00
Stéphane Lesimple
2f1e3fbfa8 support: del deb8/ubuntu1404/opensuse150/opensuse151, add opensuse153 
Remove support for EOL OSes:
- Debian 8
- Ubuntu 14.04
- OpenSUSE 15.0
- OpenSUSE 15.1

Add support for:
- OpenSUSE 15.3
 2021-06-25 16:02:38 +02:00
Stéphane Lesimple
d400ceeb9f doc: clush: document --user and --port 
Partly fixes #201
 2021-06-23 12:24:32 +02:00
Stéphane Lesimple
8d2aaf8d8f fix: setup-first-admin-account.sh: support to add several admins 
Fixes #202
 2021-06-21 14:36:08 +02:00