the-bastion/doc/CHANGELOG.md
Stéphane Lesimple 55f276e8cf release v3.17.01
2024-10-23 13:46:09 +02:00

21 KiB

v3.17.01 - 2024/10/23

  • enh: interactive: handle CTRL+C nicely (fix #497)
  • fix: osh.pl: remove a warning on interactive mode timeout
  • fix: allow ssh-as in connect.pl
  • chore: fix bad scpup/scpupload scp/scpdownload references in help and doc
  • chore: change pod cuts to make recent versions of perltidy happy

v3.17.00 - 2024/10/14

  • fix: osh.pl: propagate signals to plugins before exiting
  • fix: opensuse: add procps package (for pkill)

v3.16.99-rc3 - 2024/09/25

  • fix: regression introduced by 932e72e (rc1) for stealth stdout in ssh

v3.16.99-rc2 - 2024/09/17

  • feat: add rsync support through the --protocol rsync option in all plugins
  • feat: add --egress-session-multiplexing option to accountModify
  • feat: add groupSetServers to entirely change a group ACL in one shot
  • enh: add lock for group ACL change to avoid race conditions on busy bastions
  • enh: selfPlaySession: remove sqliteLog.ttyrecfile dependency
  • chore: FreeBSD: ignore OS version mismatch with packages
  • chore: selfMFASetupPassword: clearer message

v3.16.99-rc1 - 2024/07/04

  • feat: support wildcards in --user for ACL management plugins (fix #461)
  • feat: accountFreeze: terminate running sessions if any
  • chg: support: add Ubuntu 24.04 LTS
  • chg: support: bump OpenSUSE Leap from 15.5 to 15.6
  • chg: support: remove CentOS 7 (EOL)
  • chg: support: remove Ubuntu 16.04 LTS (EOL)
  • enh: enable sntrup KEX by default for supported OpenSSH versions (Debian12, Ubuntu20+)
  • enh: autologin: set term to raw noecho when --no-tty is used
  • fix: stealth_stdout/stderr was ignored for plugins (fix #482)
  • fix: ignore transient errors during global destruction
  • fix: install of ttyrec was failing under FreeBSD 13.2
  • fix: selfGenerateProxyPassword: help message was incorrect

v3.16.01 - 2024/04/17

  • enh: info: removed uname dependency, added configuration
  • chg: bastion-sync-helper.sh: use sh instead of bash
  • fix: alive: don't mask signals
  • chore: add README file into install/modules to ensure the folder exists even if empty
  • chore: linters: limit to known directories

v3.16.00 - 2024/04/10

  • feat: support hardware-based Secure Keys (FIDO2) for ingress authentication
  • enh: remove netcat dependency by using perl builtins
  • enh: --wait now checks whether the TCP port is open instead of just pinging the host
  • fix: logic error in etc/pam.d/sshd.rhel breaking MFA handling if enabled

v3.15.00 - 2024/03/22

  • feat: add dnsSupportLevel option for systems with broken DNS (fixes #397)
  • enh: allow @ as a valid remote user char (fixes #437)
  • enh: interactive: autocomplete: allow multi-spaces, remove unnecessary loops, fix display
  • fix: connect.pl: don't look for error messages when sysret==0
  • fix: avoid a warning when an non-resolvable host is specified with scp or sftp

v3.14.16 - 2024/02/20

  • feat: add ttyrecStealthStdoutPattern config
  • enh: batch: openhandle() is overkill and doesn't work on EOF
  • enh: osh-lingering-sessions-reaper.sh: handle dangling plugins
  • enh: osh-orphaned-homedir.sh: also cleanup /run/faillock
  • enh: plugins: better signal handling to avoid dangling children processes
  • fix: accountInfo: return always_active=1 for globally-always-active accounts
  • fix: don't exit with fping when host is unreachable
  • fix: fixrights.sh: add +x run-tool.sh
  • fix: osh-sync-watcher: default to a valid rshcmd (fixes #433)
  • fix: install: generation of the MFA secret under FreeBSD
  • fix: install: silence tr message on secret generation

v3.14.15 - 2023/11/08

  • feat: support JIT MFA through plugins, including sftp and scp (fixes CVE-2023-45140)
  • feat: add configuration option for plugins to override the global lock/kill timeout
  • enh: setup-gpg.sh: allow importing multiple public keys at once
  • enh: connect.pl: report empty ttyrec as ttyrec_empty instead of ttyrec_error
  • enh: orphaned homedirs: adjust behavior on master instances
  • fix: check_collisions: don't report orphan uids on slave, just use their name
  • fix: scp: adapt wrapper and tests to new scp versions requiring -O
  • meta: dev: add devenv docker, pre-commit info, and documentation on how to use them, along with how to write integration tests

v3.14.00 - 2023/09/19

  • feat: add type8 and type9 password hashes
  • feat: add stealth_stderr/stdout ttyrec support, enable it for scp & sftp

v3.13.01 - 2023/08/22

  • enh: setup-gpg.sh: create additional backup signing config with --generate
  • fix: clush: restore default handlers for SIGHUP/PIPE
  • doc: add JSON API and MFA documentations

v3.13.00 - 2023/07/28

  • enh: use ttyrec instead of sqlite to record plugin output
  • fix: selfMFASetupPassword: restore default sighandlers to avoid being zombified
  • chore: tests: ensure test modules don't pollute the caller's env
  • chore: remove incorrect -v ssh option in help text
  • chore: doc: fix a few typos

v3.12.00 - 2023/06/27

  • feat: add 2 configurable knobs to (self|account)AddPersonalAccess
  • feat: add dryrun in access_modify() and widest prefix precondition check
  • feat: plugins: add loadConfig parameter & config validator support
  • chg: drop support for Debian 9, add support for Debian 12
  • fix: accountList: crash in some cases
  • fix: add missing autocompletions, readonly flags and help category for some plugins
  • fix: update undocumented rename-group.sh script
  • chore: doc: adding plugin configuration autogeneration
  • chore: fix GitHub actions under FreeBSD
  • chore: shell/functions: remove now unused global var

v3.11.02 - 2023/04/18

  • feat: add uid/gid collisions checking script & document it for HA cluster setup and backup restore (#378)
  • fix: groupAddServer: --force-key wasn't working properly (#259)
  • fix: groupInfo: reintroduce group name in human-readable output (mistakenly removed in v3.11.00)
  • fix: tests: race condition after sshd reload that could sometimes make testcases fail
  • chg: add Debian 12 to tests (not released yet, so not officially supported for now)
  • chg: add RockyLinux 9 support
  • chg: bump OpenSUSE Leap tests from 15.3 to 15.4
  • chg: push sandbox and tester images from Debian 10 to Debian 11
  • remove: get rid of decade-old Debian openssh-blacklist logic
  • remove: get rid of deprecated UseRoaming option from ssh_config
  • chore: update DockerHub workflow to push sandbox image on release
  • doc: update broken blog links

v3.11.01 - 2023/03/27

  • fix: groupInfo: empty gatekeepers list and guest accesses list amount in human output (introduced in v3.11.00)

v3.11.00 - 2023/03/23

  • feat: add sftp support
  • feat: add the possibility to auditors of listing all groups with groupInfo and all accounts with accountInfo, using --all, along with filtering additional data with --with-* and without-* new options
  • enh: setup-encryption.sh: don't require install to be called before us
  • fix: race condition when two parallel account creations used the uid-auto option
  • doc: add restore from backup howto
  • doc: add PuTTY connection setup howto

v3.10.00 - 2023/02/17

  • feat: add accountFreeze/accountUnfreeze commands
  • enh: accountList: add --no-password-info and --no-output options
  • enh: more precise matching of ssh client error messages
  • enh: osh.pl: add the account name on each error message
  • fix: invalid suffixed account creation (#357)
  • chore: generate-sudoers.sh: sort alphabetically

v3.09.02 - 2022/11/15

  • fix: execute: rare race condition introduced in v3.09.01
  • fix: basic mitigation for scp's CVE-2020-15778 (upstream doesn't consider it a bug)

v3.09.01 - 2022/10/10

  • fix: batch: don't attempt to read if stdin is closed
  • enh: make execute() way WAY faster

v3.09.00 - 2022/09/21

  • enh: tests: faster perl-check script
  • fix: accountInfo wasn't showing TTL account expiration #329
  • fix: remove spurious set +e/-e after commit bdea34c
  • fix: accountUnlock: add missing check_spurious_args and no_auto_abbrev
  • fix: doc: use code-blocks:: instead of code::
  • doc: add a missing parameter in ping's help
  • chore: selfListEgressKeys: fix typo

v3.09.00-rc3 - 2022/07/12

  • enh: install: better error detection
  • fix: cleanup-guest-key-access: use cache for performance
  • fix: performance issues introduced by effab4a

v3.09.00-rc2 - 2022/07/05

  • enh: MFA: specify account name in message
  • enh: move some code from get_hashes_list() to a new get_password_file()
  • enh: print_public_key: better formatter
  • doc: osh-encrypt-rsync.conf: add verbose

v3.09.00-rc1 - 2022/07/04

  • feat: osh-encrypt-rsync.pl: handle sqlite and user logs along with ttyrec files
  • feat: add osh-cleanup-guest-key-access.pl script
  • feat: add NRPE probes in contrib/
  • remove: compress-old-logs.sh script, as osh-encrypt-rsync.pl does the job now
  • chg: CentOS 8 no longer supported (EOL)
  • chg: Ubuntu 22.04 LTS now supported
  • enh: standardize snake_case for all system scripts json config files
  • enh: cron scripts: factorize common code and standardize logging & config
  • enh: osh-lingering-sessions-reaper.pl: make it configurable
  • enh: osh-piv-grace-reaper.pl: run only on master, standardize config reading
  • enh: add more info in syslog warnings for accountDelete
  • fix: ping: force a deadline, and restore default sighandlers
  • fix: accountInfo: missing creation date on non-json output
  • fix: osh-remove-empty-folders.pl: fix folders counting (logging only)
  • fix: osh-encrypt-rsync.pl: delete +a source files properly
  • fix: osh-encrypt-rsync.pl: ensure $verbose is always set & make it configurable
  • fix: install: ensure that the healthcheck user can always connect from 127.0.0.1
  • fix: install: avoid cases of sigpipe on tr
  • fix: don't emit a membership log when nothing changed
  • fix: {group,account}Delete: move() would sometimes fail, replace by mv
  • fix: workaround for undocumented caching in getpw/getgr funcs
  • doc: better menu organization and more complete config files reference

v3.08.01 - 2022/01/19

  • feat: add osh-remove-empty-folders.sh script
  • enh: better errror detection and logging in accountDelete & groupDelete

v3.08.00 - 2022/01/04

  • feat: move scripts to GnuPG 2.x, add tests & doc
  • feat: add new OSes (Debian "Bullseye" 11, RockyLinux 8.x) and deprecate old ones (OpenSUSE Leap 15.2, older minor releases of CentOS 7.x and 8.x)
  • feat: add the accountUnlock restricted plugin
  • enh: detect silent password change failures
  • enh: batch: detect when asked to start a plugin requiring MFA
  • enh: rewrite packages-check.sh, perl-tidy.sh and shell-check.sh with more features and deprecated code removed
  • feat: add the code-info syslog type in addition to code-warn
  • enh: tests: --module can now be specified multiple times
  • fix: FreeBSD tests & portions of code, regression since v3.03.99-rc2
  • chore: install: remove obsolete upgrading sections for pre-v3.x versions

v3.07.00 - 2021/12/13

  • feat: add support for Duo PAM auth as MFA (#249)
  • feat: new access option: --force-password <HASH>, to only try one specific egress password (#256)
  • fix: add helpers handling of SIGPIPE/SIGHUP
  • fix: avoid double-close log messages on SIGHUP
  • fix: --self-password was missing as a -P synonym (#257)
  • fix: tests under OpenSUSE (fping raw sockets)
  • chore: ensure proper Getopt::Long options are set everywhere
  • chore: move HEXIT() to helper module, use HEXIT only in helpers
  • chore: factorize helpers header

v3.06.00 - 2021/10/15

  • feat: accountModify: add --pubkey-auth-optional
  • fix: accountPIV: fix bad autocompletion rule
  • fix: groupdel: false positive in lock contention detection
  • doc: bastion.conf: add superowner system group requirement

v3.05.01 - 2021/09/22

  • feat: add --proactive-mfa and mfa/nofa interactive commands
  • feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209)
  • doc: add help about the interactive builtin commands (#227)

v3.05.00 - 2021/09/13

  • feat: support pam_faillock for Debian 11 (#163)
  • feat: add --fallback-password-delay (3) for ssh password autologin
  • enh: add max_inactive_days to account configuration (#230)
  • enh: accountInfo: add --list-groups
  • enh: max account length is now 28 chars up from 18
  • enh: better error message when unknown option is used
  • enh: better use of account creation metadata
  • enh: config reading: add rootonly parameter
  • fix: accountCreate: --uid-auto: rare case where a free UID couldn't be found
  • doc: generate scripts doc reference for satellite scripts
  • doc: add faq about session locking (#226)
  • misc: a few other unimportant fixes

v3.04.00 - 2021/07/02

No changes since rc2.

v3.03.99-rc2 - 2021/06/30

  • OS support: /!\ drop EOL OSes: Debian 8, Ubuntu 14.04, OpenSUSE 15.0/15.1, add OpenSUSE 15.3
  • feat: add admin and super owner accounts list in info plugin (#206)
  • enh: replace bool 'allowUTF8' (introduced in rc1) by 'fanciness' enum
  • enh: tests: refactor the framework for more maintainability
  • fix: setup-first-admin-account.sh: support to add several admins (#202)
  • fix: use local $\_ before while(<>) loops
  • doc: added a lot of new content
  • doc: clush: document --user and --port
  • doc: several other fixes here and there

v3.03.99-rc1 - 2021/06/03

  • enh: osh-orphaned-homedir.sh: add more security checks to ensure we don't archive still-used home dirs
  • enh: install.inc: try harder to hit GitHub API in CI
  • fix: fixrights.sh: 'chmod --' not supported under FreeBSD
  • fix: packages-check.sh: centos: ensure cache is up to date before trying to install packages
  • fix: groupDelServer: missing autocompletion in interactive mode
  • fix: install-yubico-piv-checker: ppc64le installation was broken
  • fix: scp: abort early if host is not found to avoid a warn()
  • fix: osh-backup-acl-keys: detect file removed transient error
  • fix: add a case to the ignored perl panic race condition
  • chore: mkdir -p doesn't fail if dir already exists
  • chore: tests: support multiple unit-test files

v3.03.01 - 2021/03/25

  • enh: osh-orphaned-homedir.sh: add more security checks to ensure we don't archive still-used home dirs
  • enh: install.inc: try harder to hit GitHub API in CI
  • fix: fixrights.sh: 'chmod --' not supported under FreeBSD
  • fix: packages-check.sh: centos: ensure cache is up to date before trying to install packages
  • fix: groupDelServer: missing autocompletion in interactive mode
  • fix: install-yubico-piv-checker: ppc64le installation was broken
  • fix: scp: abort early if host is not found to avoid a warn()
  • fix: osh-backup-acl-keys: detect file removed transient error
  • fix: add a case to the ignored perl panic race condition
  • chore: mkdir -p doesn't fail if dir already exists
  • chore: tests: support multiple unit-test files

v3.03.00 - 2021/02/22

  • feat: transmit PIV enforcement status to remote realms, so that the remote policy can be enforced (#33)
  • feat: add groupGenerateEgressKey and groupDelEgressKey (#135)
  • feat: auto-add hostname as comment in groupAddServer and selfAddPersonalAccesss (side-note in #60)
  • enh: groupAddGuestAccess now supports setting a comment (#17, #18)
  • enh: groupAddServer: augment the returned JSON with the added server details
  • enh: move unexpected-sudo messages from security to code-warning type
  • enh: egress ssh key: compute an ID so that keys can be pointed to and deleted
  • fix: groupDelGuestAccess: deleting a guest access returned an error on TTL-forced groups
  • fix: groupSetRole(): pass sudo param to subfuncs to avoid a security warning
  • fix: execute(): remove osh_warn on tainted params to avoid exposing arguments on coding error
  • fix: groupModify: deny early if user is not an owner of the group
  • enh: groupInfo: nicer message when no egress key exists
  • enh: install: use in-place overwrite for sudoers files, the 3-seconds wait by default has been removed (and the --no-wait parameter now does nothing)
  • fix: interactive: omit inactivity message warning when set to 0 seconds
  • a few other internal fixes here and there

v3.02.00 - 2021/02/01

  • no functional change since rc4, this version ends the rc cycle and is considered stable

v3.01.99-rc4 - 2021/01/25

  • fix: admins no longer inherited superowner powers (since rc1)

v3.01.99-rc3 - 2021/01/21

  • feat: rootListIngressKeys: look for all well-known authkeys files
  • feat: add --(in|ex)clude filters to groupList and accountList
  • enh: groupList: use cache to speedup calls
  • enh: config: detect warnBefore/idleTimeout misconfiguration (#125)
  • fix: scripts: (( )) returns 1 if evaluated to zero, hence failing under set -e
  • fix: config: be more permissive for documentationURL regex
  • fix: TOCTTOU fixes in ttyrec rotation script and lingering sessions reaper
  • fix: confusing error messages in groupDelServer
  • chore: tests: also update totalerrors while tests are running

v3.01.99-rc2 - 2021/01/12

  • fix: re-introduce the ttyrecfile field (fixes #114)
  • fix: logs: sql dbname was not properly passed through the update logs func (fixes #114)
  • doc: upgrade: add a note about config normalization
  • chore: fix: documentation build was missing a prereq

v3.01.99-rc1 - 2021/01/12

  • feat: add support for a PIV-enforced policy (see https://ovh.github.io/the-bastion/using/piv)
  • feat: revamp logs (see the UPGRADING section of the documentation)
  • feat: realms: use remote bastion MFA validation information for local policy enforcement
  • feat: add LC_BASTION_DETAILS envvar so that remote hosts can gather more information about the connection
  • feat: accountModify: add --osh-only policy (closes #97)
  • enh: satellite scripts: better error handling
  • enh: config: better parsing and normalization
  • fix: groupList: remove 9K group limit
  • fix: realmDelete: bad sudoers configuration
  • fix: global-log: directly set proper perms on file creation
  • fix: remove useless warning when there is no guest access
  • fix: proper sqlite log location for invalid realm accounts
  • fix: tests: syslog-logged errors were not counted towards the total
  • chore: tests: remove OpenSUSE Leap 15.0 (due to https://bugzilla.opensuse.org/show_bug.cgi?id=1146027)
  • chore: a few other fixes & enhancements around tests, documentation, perlcritic et al.

v3.01.03 - 2020/12/15

  • fix: sudogen: don't check for account/groups validity too much when deleting them (fixes #86)
  • fix: guests: get rid of ghost guest accesses in corner cases (fixes internal ticket)
  • fix: osh.pl: plugin_config 'disabled' key is a boolean
  • chore: speedup tests by ~20%
  • chore: osh-accountDelete: fix typo

v3.01.02 - 2020/12/08

  • fix: is_valid_remote_user: extend allowed size from 32 to 128
  • feat: add support for CentOS 8.3
  • doc: bastion.conf.dist: accountMFAPolicy wrong options values in comment
  • chore: tests: now test the 3 more recent minor versions of CentOS 7 and CentOS 8

v3.01.01 - 2020/12/04

  • fix: interactive mode: mark non-printable chars as such to avoid readline quirks
  • fix: osh-encrypt-rsync: remove 'logfile' as mandatory parameter
  • fix: typo in MFAPasswordWarnDays parameter in bastion.conf.dist
  • enh: interactive mode: better autocompletion for accountCreate and adminSudo
  • enh: allow dot in group name as it is allowed in account, and adjust sudogen accordingly
  • doc: add information about puppet-thebastion and yubico-piv-checker + some adjustments
  • chore: tests: fail the tests when code is not tidy

v3.01.00 - 2020/11/20

  • feat: add FreeBSD 12.1 to automated tests, and multiple fixes to get back proper FreeBSD compatibility/experience
  • feat: partial MFA support for FreeBSD
  • feat: add interactiveModeByDefault option (#54)
  • feat: install: add SELinux module for TOTP MFA (#26)
  • enh: httpproxy: add informational headers to the egress side request
  • fix: osh.pl: validate remote user and host format to fail early if invalid
  • fix: osh-encrypt-rsync.pl: allow more broad chars to avoid letting weird-named files behind
  • fix: osh-backup-acl-keys.sh: don't exclude .gpg, or we miss /root/.gnupg/secring.gpg
  • fix: selfListSessions: bad sorting of the list
  • misc: a few other fixes here and there

v3.00.02 - 2020/11/16

  • feat: add more archs to dockerhub sandbox
  • fix: adminSudo: allow called plugins to read from stdin (#43)
  • fix: add missing echo in the entrypoint of the sandbox
  • chore: install-ttyrec.sh: adapt for multiarch

v3.00.01 - 2020/11/06

  • feat: add OpenSUSE 15.2 to the officially supported distros
  • enh: install-ttyrec.sh: replaces build-and-install-ttyrec.sh, no longer builds in-place but prefers .deb and .rpm packages & falls back to precompiled static binaries otherwise
  • enh: packages-check.sh: add qrencode-libs for RHEL/CentOS
  • enh: provide a separated Dockerfile for the sandbox, squashing useless layers
  • doc: a lot of fixes here and there
  • chore: remove spurious config files
  • chore: a few GitHub actions workflow fixes

v3.00.00 - 2020/10/30

  • First public release \o/