ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-09-20 15:05:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
457 commits 5 branches 44 tags 6.9 MiB
Commit graph

208 commits

Author SHA1 Message Date
Stéphane Lesimple bd2f069c7e enh: print a msg when no ingress keys are found 2022-07-01 10:10:17 +02:00
Stéphane Lesimple 077735908a fix: {group,account}Delete: move() would sometimes fail, replace by mv 2022-06-29 11:35:04 +02:00
Stéphane Lesimple 4f99c4fe6c fix: ping: force a deadline, and restore default sighandlers 2022-06-29 11:34:24 +02:00
Stéphane Lesimple 884b4bbaf0 fix: install: ensure that the healthcheck user can always connect from 127.0.0.1 
Regardless of the bastion config about the ingressKeysFrom configuration
 2022-06-29 11:33:41 +02:00
Romain Beuque c1ca9b6374 fix: typo in the 'alive' command 
Signed-off-by: Romain Beuque <556072+rbeuque74@users.noreply.github.com>
 2022-06-08 12:01:10 +02:00
Stéphane Lesimple d254ad0ba0 fix: osh-cleanup-guest-key-access.pl: load proper config file 2022-03-21 10:57:19 +01:00
Stéphane Lesimple 6d3bd00d4c fix: osh-encrypt-rsync: delete +a source files properly 2022-03-21 10:56:58 +01:00
Stéphane Lesimple 10fcb7ebc5 fix: osh-encrypt-rsync.pl: ensure $verbose is always set, make it configurable, fix a typo 2022-03-18 14:19:08 +01:00
Stéphane Lesimple 6c1a430c66 fix: osh-encrypt-rsync.pl: don't add some folders twice 
This would lead to actually skipping some of the folders,
possibly an oddity of File::Find::find
 2022-03-18 14:19:08 +01:00
Stéphane Lesimple effab4a5c2 fix: workaround for undocumented caching in getpw/getgr funcs 2022-03-14 12:42:26 +01:00
Stéphane Lesimple d88cf637ee chore: add more info in syslog warnings for accountDelete 2022-03-14 12:42:26 +01:00
Stéphane Lesimple a7462c0ac7 enh: use snake_case for system scripts json config files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple 633061872e chore: remove non-longer used param in load_configuration_file() calls 2022-02-09 14:31:33 +01:00
Stéphane Lesimple bbdf5a36b8 feat: add NRPE probes 2022-02-09 14:31:33 +01:00
Stéphane Lesimple e71aa7b975 feat: add osh-cleanup-guest-key-access.pl script 
This script removes system-level access to group keys to old guests
of groups that no longer have any active access to servers of that group.
This only happens when the last access to be removed from them had a TTL.
 2022-02-09 14:31:33 +01:00
Stéphane Lesimple f43fdaaf82 enh: osh-lingering-sessions-reaper: make it configurable 2022-02-09 14:31:33 +01:00
Stéphane Lesimple 572ced2af7 enh: osh-piv-grace-reaper: run only on master, standardize config reading 2022-02-09 14:31:33 +01:00
Stéphane Lesimple 07f5c35458 fix: piv-grace-reaper: don't use hash values (had no impact) 
This coding error had no impact because the values are hash references,
hence were rejected immediately as invalid accoounts by account_config()
 2022-02-09 14:31:33 +01:00
Stéphane Lesimple bd13e5a476 enh: osh-encrypt-rsync: catch warnings emitted by GetOptions 2022-02-09 14:31:33 +01:00
Stéphane Lesimple c38c9c09f2 chore: fix typos 2022-02-09 14:31:33 +01:00
Stéphane Lesimple a178aa7906 enh: cron scripts: factorize common code and standardize logging 2022-02-09 14:31:33 +01:00
Stéphane Lesimple 2c2064a484 feat: osh-encrypt-rsync: handle sqlite and user logs along with ttyrec files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple 86c7bf39e6 remove compress-old-logs script, as osh-encrypt-rsync will do the job instead 2022-02-09 14:31:33 +01:00
Stéphane Lesimple 6baa61a7f4 fix: accountInfo: missing creation date on non-json output 2022-02-03 14:27:15 +01:00
Stéphane Lesimple e5cfa26853 fix: install: avoid cases of sigpipe on tr 2022-02-01 10:53:01 +01:00
Stéphane Lesimple dc16e628e2 fix: osh-remove-empty-folders: fix folders counting (logging only) 2022-01-19 16:19:52 +01:00
Stéphane Lesimple 3331e158a0 enh: better error detection and logging in (account|group)Delete 2022-01-19 11:24:03 +01:00
Stéphane Lesimple 7bb0843de1 feat: add osh-remove-empty-folders.sh 2022-01-19 11:23:44 +01:00
Stéphane Lesimple 744bd5fa0c enh: introduce exit_fail and exit_success for shell scripts 2022-01-19 11:23:44 +01:00
Antoine Leblanc 1c8efa6590 fix: osh-accountCreate: fix typo 
Signed-off-by: Antoine Leblanc <antoine.leblanc@ovhcloud.com>
 2021-12-31 16:22:03 +01:00
Stéphane Lesimple 7f28cce490 chore: install: remove obsolete upgrading sections 
These portions of code were only useful to upgrade bastions from
versions older than v3.00.00, which was the first public release.

There has been no remaining pre-v3.x version in production internally
since some time now, so there is no use keeping that code.
 2021-12-29 13:19:53 +01:00
Stéphane Lesimple 37842c29d3 chore: packages-check.sh: remove obsolete -t and -v options 2021-12-29 13:19:53 +01:00
Stéphane Lesimple da5cb3c232 chore: packages-check.sh: implement installed pkg detection in rhel/suse, use proper pkg names 2021-12-29 13:19:53 +01:00
Stéphane Lesimple 6694518ab5 chore: remove obsolete check-ssh-hardening.pl 2021-12-29 13:19:53 +01:00
Stéphane Lesimple ae74a823f8 chore: perltidy: rewrite perl-tidy.sh to support single-file tidy 2021-12-29 11:40:34 +01:00
Stéphane Lesimple ae997dd93c chore: shellcheck: rewrite shell-check.sh and make files compliant with v0.8.0 2021-12-29 11:40:34 +01:00
Stéphane Lesimple f609565fe8 enh: batch: detect when asked to start a plugin requiring MFA 2021-12-29 11:20:55 +01:00
Stéphane Lesimple 000ed4e8af feat: move scripts to GnuPG 2.x and add tests 2021-12-29 11:20:43 +01:00
Stéphane Lesimple f8f193b298 enh: selfMFASetupPassword: add more messages for the user 2021-12-28 09:54:17 +01:00
Stéphane Lesimple e847a19857 enh: ttyrec & yubico installs: hardcode URLs for when API is down 2021-12-22 18:00:21 +01:00
Stéphane Lesimple a68ccb3f8c feat: add new OSes and deprecate old ones 
add:
- Debian 11
- RockyLinux 8

remove:
- OpenSUSE Leap 15.2
- Old minor versions of CentOS 7.x
- Old minor versions of CentOS 8.x
 2021-12-21 12:00:04 +01:00
Stéphane Lesimple aaaa173764 feat: add the accountUnlock restricted plugin 2021-12-21 09:42:54 +01:00
Stéphane Lesimple d51c4c8be0 fix: tests: full tests on FreeBSD 2021-12-20 12:54:32 +01:00
Stéphane Lesimple 7cc350b40d chore: check for spurious args in all helpers 2021-12-16 11:02:13 +01:00
Stéphane Lesimple 90dbe04dde enh: detect silent password change failures 2021-12-15 18:20:46 +01:00
Stéphane Lesimple 850152a88c enh: ensure proper Getopt::Long options are set everywhere 2021-12-13 09:51:00 +01:00
Stéphane Lesimple d4cc727f74 chore: factorize helpers header 2021-12-13 09:51:00 +01:00
Stéphane Lesimple 2c2f723bbb fix: add helpers handling of SIGPIPE/SIGHUP 
To avoid having e.g. a group creation interrupted in the middle just because
the caller killed their ssh connection while we're still working
 2021-12-13 09:51:00 +01:00
Stéphane Lesimple 1725130a15 fix: avoid double-close log messages on HUP 2021-12-13 09:50:36 +01:00
Stéphane Lesimple 373f4907de fix: tests under OpenSUSE (fping raw sockets) 2021-12-13 09:32:52 +01:00