ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-02-26 16:43:03 +08:00
Code Issues Projects Releases Packages Wiki Activity
629 commits 8 branches 50 tags 9.7 MiB
Commit graph

629 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stéphane Lesimple
b971aa03fb chore: linters: limit to known directories 2024-04-17 14:38:19 +02:00
Stéphane Lesimple
29437466dd chg: bastion-sync-helper.sh: use sh instead of bash 2024-04-17 14:03:31 +02:00
Stéphane Lesimple
1f6e6c3639 fix: alive: don't mask signals 2024-04-15 11:32:35 +02:00
Stéphane Lesimple
3646badbdf release 3.16.00 2024-04-10 14:16:10 +02:00
Stéphane Lesimple
7487597d61 fix: tests: don't test FIDO2 on unsupported distros 2024-04-10 10:51:01 +02:00
perrze
0b13371165 Adding tests for secure keys feature 2024-04-10 10:51:01 +02:00
Stéphane Lesimple
3c9382a192 enh: use print_accepted_key_algorithms everywhere 2024-04-10 10:51:01 +02:00
Stéphane Lesimple
321c592d51 chore: perltidy 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
99dfa9d351 Drop an unused variable in print_accepted_key_algorithms 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
1e44092c16 Factor out in a generic function the helper listing allowed ssh key algorithm 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
7dce5734fd Escape dots in regex patterns for ssh algorithms 
Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>
 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
d0ac9eabb9 Implement Ingress Secure Keys 2024-04-10 10:51:01 +02:00
Stéphane Lesimple
a1efcec582 feat: replace --wait by a tcp-based connection try 2024-04-09 18:23:17 +02:00
Louis Laporte
dac0fedb89 feat: add option to wait for a specific port open 2024-04-09 18:23:17 +02:00
Stéphane Lesimple
4216795895 fix: tests: detect definition errors in modules 2024-04-09 17:26:39 +02:00
Stéphane Lesimple
c53f50ddf9 enh: remove nc dependency 2024-04-09 17:26:39 +02:00
perrze
010959c4ec
fix: adding run command in code to match doc (#460) 
* fix: devenv: sync doc and actually supported commands, add run cmd

---------

Co-authored-by: perrze <contact@perrze.fr>
Co-authored-by: Stéphane Lesimple <stephane.lesimple+bastion@ovhcloud.com>
Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>
 2024-04-08 16:32:02 +02:00
Cody Robertson
f51bee273e Adjust etc/pam.d/sshd.rhel configuration 
- Fix logic error breaking MFA handling if enabled
 2024-04-08 16:31:14 +02:00
Stéphane Lesimple
dad78fbfe5 release v3.15.00 2024-03-25 10:11:31 +01:00
Stéphane Lesimple
28a02d5cf7 fix: avoid a warn() when an non-resolvable host is specified with scp or sftp 2024-03-22 11:17:25 +01:00
Stéphane Lesimple
496fe94dd3 enh: allow @ as a valid remote user char (fixes #437) 2024-03-20 11:53:58 +01:00
Stéphane Lesimple
3bc83fae8e enh: interactive: fix display 2024-03-20 11:53:49 +01:00
Stéphane Lesimple
54321ff706 enh: add a few autocompletes 2024-03-20 11:53:49 +01:00
Stéphane Lesimple
0314798c87 enh: interactive: allow multi-spaces in autocompletes 2024-03-20 11:53:49 +01:00
Stéphane Lesimple
3d1e210dd8 fix: interactive: remove unnecessary loops for autocomplete 2024-03-20 11:53:49 +01:00
Stéphane Lesimple
fa842c94d8 fix: connect.pl: don't look for error messages when sysret==0 2024-03-20 11:53:39 +01:00
Stéphane Lesimple
7423f6ad63 feat: add dnsSupportLevel option for systems with broken DNS (fixes #397) 2024-03-20 11:53:00 +01:00
Stéphane Lesimple
d8f9423e8f fix: scp/sftp: correctly bypass JIT MFA if asked to, when old helpers are used 2024-02-21 15:15:06 +01:00
Stéphane Lesimple
c2a6fafbac chore: devenv: enhance perltidy/shellcheck pre-commit logic 2024-02-21 14:14:19 +01:00
Stéphane Lesimple
3c6dd69538 chg: jailify: update params name to match minijail0 2024-02-21 14:13:56 +01:00
Stéphane Lesimple
91beea0012 release v3.14.16 2024-02-20 17:41:53 +01:00
Stéphane Lesimple
8625b74307 fix: tests for FreeBSD 2024-02-20 17:41:53 +01:00
Stéphane Lesimple
e2a45596d0 fix: generation of MFA secret under FreeBSD 2024-02-20 17:41:53 +01:00
Stéphane Lesimple
867410a16d enh: plugins: better signal handling to avoid dangling children processes 2024-02-20 12:14:01 +01:00
Stéphane Lesimple
f022bd9ac8 feat: add ttyrecStealthStdoutPattern config 
Commands that generate a lot of stdout output and are M2M workflows, such as rsync,
can now be excluded from ttyrec to avoid filling up drives
 2024-02-20 12:13:53 +01:00
Stéphane Lesimple
fd6850c7ef fix: osh-sync-watcher: default to a valid rshcmd (fixes #433) 2024-02-20 12:13:43 +01:00
Stéphane Lesimple
ad9e14d568 chore: silence tr on secret generation 2024-02-20 12:13:33 +01:00
Stéphane Lesimple
a458e4b63c fix: fixrights.sh: add +x run-tool.sh 2024-01-17 11:18:19 +01:00
Stéphane Lesimple
6dd43c66c0 enh: batch: openhandle() is overkill and doesn't work on EOF 2024-01-17 11:01:50 +01:00
Stéphane Lesimple
692ebca3c2 fix: accountInfo: return always_active=1 for globally-always-active accounts 2024-01-17 11:01:21 +01:00
Stéphane Lesimple
0502d13d0e enh: osh-lingering-sessions-reaper.sh: handle dangling plugins 2024-01-10 14:46:25 +01:00
Stéphane Lesimple
797ef68273 enh: osh-orphaned-homedir.sh: also cleanup /run/faillock 2024-01-09 14:19:29 +01:00
Stéphane Lesimple
345a1f951f fix: don't exit with fping host is unreachable 
As ping can return unknown exit codes for unknown cases,
just never bail out to avoid taking bad decisions,
as we retry each second maximum, there's no DoS risk
 2023-12-05 10:02:52 +01:00
Stéphane Lesimple
25ee7dcda5 doc: more details about upgrade to 3.14.15 2023-11-09 10:42:23 +01:00
Stéphane Lesimple
137c7b5454 release v3.14.15 2023-11-08 14:55:44 +01:00
Stéphane Lesimple
3d402a1bc6 feat: add admin-configurable lock/kill timeout per plugin 2023-11-08 14:55:35 +01:00
Stéphane Lesimple
7a288bd812 chore: perlcritic adjustement on RequireArgUnpacking 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
9d509b7f2d doc: CVE-2023-45140 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
59b04ab761 tests: add tests for MFA with scp/sftp 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
47e058c272 refacto: use osh_print to obey force_stderr 2023-11-08 13:21:20 +01:00