ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-06 21:14:15 +08:00
Code Issues Projects Releases Packages Wiki Activity
445 commits 5 branches 53 tags 7.3 MiB
Commit graph

140 commits

Author SHA1 Message Date
Stéphane Lesimple
effab4a5c2 fix: workaround for undocumented caching in getpw/getgr funcs 2022-03-14 12:42:26 +01:00
Stéphane Lesimple
7fa2523bfc fix: get_group_list() returned invalid members list (was not used anywhere) 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
a178aa7906 enh: cron scripts: factorize common code and standardize logging 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
2c2064a484 feat: osh-encrypt-rsync: handle sqlite and user logs along with ttyrec files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple
0ffdd108bd v3.08.01 2022-01-19 11:24:12 +01:00
Stéphane Lesimple
744bd5fa0c enh: introduce exit_fail and exit_success for shell scripts 2022-01-19 11:23:44 +01:00
Stéphane Lesimple
d7a898a5fa Release v3.08.00 2022-01-04 15:50:02 +01:00
Stéphane Lesimple
ae997dd93c chore: shellcheck: rewrite shell-check.sh and make files compliant with v0.8.0 2021-12-29 11:40:34 +01:00
Stéphane Lesimple
54a4dc6c65 chore: use state vars where we can 2021-12-29 11:21:04 +01:00
Stéphane Lesimple
b3af2933f9 enh: install.inc: random delay under CI 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
be6a71afab fix: install.inc: verbose under CI 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
2f623dfb3a fix: install.inc: fail nicely on invalid JSON under set -e 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
11e81614a4 fix: remove hardcoded config path and fix FreeBSD 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
f609565fe8 enh: batch: detect when asked to start a plugin requiring MFA 2021-12-29 11:20:55 +01:00
Stéphane Lesimple
000ed4e8af feat: move scripts to GnuPG 2.x and add tests 2021-12-29 11:20:43 +01:00
Stéphane Lesimple
e847a19857 enh: ttyrec & yubico installs: hardcode URLs for when API is down 2021-12-22 18:00:21 +01:00
Stéphane Lesimple
aaaa173764 feat: add the accountUnlock restricted plugin 2021-12-21 09:42:54 +01:00
Stéphane Lesimple
d51c4c8be0 fix: tests: full tests on FreeBSD 2021-12-20 12:54:32 +01:00
Stéphane Lesimple
c48af00ff8 feat: add info_syslog() and code-info syslog type 2021-12-16 11:02:26 +01:00
Stéphane Lesimple
7cc350b40d chore: check for spurious args in all helpers 2021-12-16 11:02:13 +01:00
Stéphane Lesimple
3507586de6 release v3.07.00 2021-12-13 14:02:41 +01:00
Stéphane Lesimple
cb28b44382 chore/fix: move HEXIT() to helper module, use HEXIT only in helpers 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
d4cc727f74 chore: factorize helpers header 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
2c2f723bbb fix: add helpers handling of SIGPIPE/SIGHUP 
To avoid having e.g. a group creation interrupted in the middle just because
the caller killed their ssh connection while we're still working
 2021-12-13 09:51:00 +01:00
Stéphane Lesimple
1725130a15 fix: avoid double-close log messages on HUP 2021-12-13 09:50:36 +01:00
Antoine Leblanc
cbf1bd6645 doc: allowkeeper: fix typo 
Signed-off-by: Antoine Leblanc <antoine.leblanc@ovhcloud.com>
 2021-12-09 16:51:55 +01:00
Christophe Crochet
e9841b89bc update of --force-password: removed guest support 2021-12-09 16:51:40 +01:00
Christophe Crochet
ff40617624 update of --force-password: guest support, autocompletion, new tests, code cleanups 2021-12-09 16:51:40 +01:00
Christophe Crochet
e4b132ed9a new access option: --force-password <HASH>, to only try one specific password 2021-12-09 16:51:40 +01:00
Stéphane Lesimple
89ecb2c0d7 feat: add support for Duo PAM auth as MFA (#249) 2021-11-03 15:50:10 +01:00
Stéphane Lesimple
11b2bc60b2 release v3.06.00 2021-10-20 13:42:13 +02:00
Christophe Crochet
d85298f229 new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required 2021-10-15 11:22:00 +02:00
madx
ea8ed97a34 new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both 2021-10-15 11:22:00 +02:00
Stéphane Lesimple
a6488ee6fb fix: groupdel: false positive in lock contention detection 
Groups that were containing 'lock' or 'retry' in their name
would falsely trigger the /etc/passwd and /etc/group lock
contention detection, due to their presence in the output of
the system command, implying several retries that were not
needed.
 2021-09-28 09:08:31 +02:00
Stéphane Lesimple
b5c5d9d5ee release v3.05.01 2021-09-22 10:43:40 +02:00
Stéphane Lesimple
b58388a3d9 feat: add --proactive-mfa and mfa/nofa interactive commands 
For bastions using JIT MFA, where MFA can be requested when
attempting to connect through specific groups, or when using
some commands, with respect to MFA being enforced at connection
time directly through the sshd authentication process, one can
now request MFA validation in advance, to workaround problems
in commands such as ``clush``  or ``batch``, and interactive mode.
 2021-09-21 12:06:40 +02:00
Stéphane Lesimple
f64cf79260 chore: rename an envvar for clarity 2021-09-21 12:06:40 +02:00
Stéphane Lesimple
db8f621abf doc: add help about the interactive builtin commands (#227) 2021-09-20 17:00:46 +02:00
Stéphane Lesimple
d3f443a532 release v3.05.00 2021-09-14 10:21:04 +02:00
Stéphane Lesimple
ef10d509fd enh: add max_inactive_days to account configuration (#230) 2021-09-06 14:52:46 +02:00
Stéphane Lesimple
873804dbbe enh: config reading: add rootonly option 2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9b2aa996b3 enh: better use of account creation metadata 
Store account creation information in a JSON.
Display this information in `accountInfo` for auditors.
 2021-07-23 09:50:18 +02:00
Stéphane Lesimple
c0bebf23d4 fix: accountCreate --uid-auto: rare case where a free UID couldn't be found 
This happened when a free UID was found, along with a corresponding GID,
but the corresponding GID for the ttyrec group of the account was not
available. Now this is checked directly in get_next_available_uid()
 2021-07-19 11:53:18 +02:00
Stéphane Lesimple
858598d80b chore: add debug info in get_acls() 2021-07-15 18:27:42 +02:00
Stéphane Lesimple
f483b1540a enh: max account length is now 28 chars up from 18 2021-07-02 17:41:12 +02:00
Stéphane Lesimple
a447662cfd release v3.04.00 2021-07-02 17:31:47 +02:00
Stéphane Lesimple
01690e8111 bump to v3.03.99-rc2 2021-06-30 17:20:48 +02:00
Stéphane Lesimple
ecee68c8bc chore: fix spurious empty lines at end of generated rst files 2021-06-30 15:52:47 +02:00
Stéphane Lesimple
b942131092 fix: use local $_ before while(<>) loops 
This closes a range of bugs that can happen if a function using $_ implicitly
in a while is called in a grep {} or map {} which also uses $_
 2021-06-30 09:53:04 +02:00
Stéphane Lesimple
2193ee487d enh: replace 'allowUTF8' (introduced in rc1) by 'fanciness' 2021-06-30 09:53:04 +02:00