ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-12-29 19:50:50 +08:00
Code Issues Projects Releases Packages Wiki Activity
594 commits 6 branches 48 tags 7 MiB
Commit graph

594 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stéphane Lesimple
fd6850c7ef fix: osh-sync-watcher: default to a valid rshcmd (fixes #433) 2024-02-20 12:13:43 +01:00
Stéphane Lesimple
ad9e14d568 chore: silence tr on secret generation 2024-02-20 12:13:33 +01:00
Stéphane Lesimple
a458e4b63c fix: fixrights.sh: add +x run-tool.sh 2024-01-17 11:18:19 +01:00
Stéphane Lesimple
6dd43c66c0 enh: batch: openhandle() is overkill and doesn't work on EOF 2024-01-17 11:01:50 +01:00
Stéphane Lesimple
692ebca3c2 fix: accountInfo: return always_active=1 for globally-always-active accounts 2024-01-17 11:01:21 +01:00
Stéphane Lesimple
0502d13d0e enh: osh-lingering-sessions-reaper.sh: handle dangling plugins 2024-01-10 14:46:25 +01:00
Stéphane Lesimple
797ef68273 enh: osh-orphaned-homedir.sh: also cleanup /run/faillock 2024-01-09 14:19:29 +01:00
Stéphane Lesimple
345a1f951f fix: don't exit with fping host is unreachable 
As ping can return unknown exit codes for unknown cases,
just never bail out to avoid taking bad decisions,
as we retry each second maximum, there's no DoS risk
 2023-12-05 10:02:52 +01:00
Stéphane Lesimple
25ee7dcda5 doc: more details about upgrade to 3.14.15 2023-11-09 10:42:23 +01:00
Stéphane Lesimple
137c7b5454 release v3.14.15 2023-11-08 14:55:44 +01:00
Stéphane Lesimple
3d402a1bc6 feat: add admin-configurable lock/kill timeout per plugin 2023-11-08 14:55:35 +01:00
Stéphane Lesimple
7a288bd812 chore: perlcritic adjustement on RequireArgUnpacking 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
9d509b7f2d doc: CVE-2023-45140 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
59b04ab761 tests: add tests for MFA with scp/sftp 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
47e058c272 refacto: use osh_print to obey force_stderr 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
1bcec68d2a enh: scp and sftp with mfa support 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
b48463076f feat: osh.pl: jit mfa for plugins 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
926a177aa0 refacto: osh.pl: move code to do_jit_mfa() 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
c849e7d6ef refacto: osh.pl: move code to get_details_from_access_array() 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
5ba7e52054 refacto: osh.pl: move hardcoded plugin special cases to config 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
998080260c refacto: osh.pl: use hash instead of multiple vars 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
ac5eb9b636 enh: tests: more mfa tests 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
027521b875 chore: fix FreeBSD GitHub Action 2023-11-07 12:16:49 +01:00
Stéphane Lesimple
d3ece7b9f4 enh: add tests for multiple gpg keys setup 2023-10-27 17:26:23 +02:00
Pierre-Elliott Bécue
35d4841638 Allow setup-gpg.sh --import to receive, trust, and add to configure multiple public keys at once 2023-10-27 17:26:23 +02:00
Stéphane Lesimple
6d5255d841 enh: orphaned homedirs: adjust behavior on master instances 2023-10-15 12:53:26 +02:00
Stéphane Lesimple
4fb5e17166 chore: connect.pl: more readable indentation 2023-10-09 17:22:55 +02:00
Stéphane Lesimple
ce9cf3213c enh: connect.pl: report empty ttyrec as ttyrec_empty instead of ttyrec_error 2023-10-09 17:22:55 +02:00
Stéphane Lesimple
cbd0ac6d5c doc: add documentation on how to write integration tests 2023-10-04 18:25:11 +02:00
Stéphane Lesimple
7934b6283b Update bin/admin/check_uid_gid_collisions.pl 
Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>
 2023-10-04 17:55:07 +02:00
Stéphane Lesimple
a468220df7 fix: check_collisions: don't report orphan uids on slave, just use their name 2023-10-04 17:55:07 +02:00
Stéphane Lesimple
0353557939 enh: check_collisions: allow usage of /dev/null 2023-10-04 17:55:07 +02:00
Stéphane Lesimple
0eb61f26f2 meta: dev: add devenv docker, pre-commit info, and doc 2023-10-03 14:23:30 +02:00
Stéphane Lesimple
213bd28616 fix: scp: adapt wrapper and tests to new scp versions 2023-09-20 16:39:29 +02:00
Stéphane Lesimple
8459d03945 chore: bump OpenSUSE Leap from 15.4 to 15.5 2023-09-20 16:39:29 +02:00
Stéphane Lesimple
dfff1c9baa chore: ghactions: bump short test to deb12 2023-09-20 16:39:29 +02:00
Stéphane Lesimple
3ce7eedb88 chore: bump github actions checkout from v2 to v4 2023-09-20 16:39:29 +02:00
Stéphane Lesimple
fe41e62be9 chore: upgrade sandbox and tester dockerfiles to bookworm 2023-09-20 16:39:29 +02:00
Stéphane Lesimple
733fd054a6 fix: setup-gpg.sh: in some cases, an invalid configuration file could be generated 
The escape code didn't work correctly, remove it as it's not needed,
indeed we already ensure that the generated password doesn't contain
any " or \, hence surrounding the var by "" quotes is enough.
 2023-09-20 15:14:55 +02:00
Stéphane Lesimple
5c7389e85f fix: when no command-line is passed, a warn could be emitted in some cases 
This depends on the version of Perl libs, but in any case we shouldn't
pass an undef var to GetOptionsFromString, ensure this never happens
 2023-09-20 13:38:40 +02:00
Stéphane Lesimple
d70e52a09b release v3.14.00 2023-09-19 17:32:43 +02:00
Stéphane Lesimple
13c885df42 enh: enable stealth_stdout mode for sftp 2023-09-19 17:32:27 +02:00
Stéphane Lesimple
a6a25fd53b feat: add type8 and type9 password hashes 
This requires the-bastion-mkhash-helper v1.1.0+
 2023-09-19 17:12:48 +02:00
Stéphane Lesimple
5dc50b3e57
feat: add stealth_stderr/stdout ttyrec support, enable it for scp (#413) 2023-09-19 15:27:00 +02:00
Stéphane Lesimple
ee149cb185
release v3.13.01 (#410) 2023-08-23 11:41:43 +02:00
Stéphane Lesimple
8532a85ba1
doc: add JSON API and MFA documentations (#407) 
* doc: add JSON API documentation
* doc: add MFA section
* doc: clarifications on MFA and JSON API
* Update doc/sphinx/using/api.rst

Co-authored-by: toutoen <74724122+toutoen@users.noreply.github.com>

* Update doc/sphinx/using/api.rst

Co-authored-by: toutoen <74724122+toutoen@users.noreply.github.com>

---------

Co-authored-by: toutoen <74724122+toutoen@users.noreply.github.com>
 2023-08-22 15:57:58 +02:00
Stéphane Lesimple
87d3f721e5 fix: clush: restore default handlers for SIGHUP/PIPE 2023-08-22 15:53:27 +02:00
Philipp Walter
e616f24d89 enh: setup-gpg.sh: create additional backup signing config with --generate 2023-08-22 14:32:30 +02:00
Stéphane Lesimple
9bdfca1c76 release v3.13.00 2023-07-28 14:18:15 +02:00
Stéphane Lesimple
4d8b5f520d fix: selfMFASetupPassword: restore default sighandlers to avoid being zombified 2023-07-28 14:17:50 +02:00