the-bastion

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	c93498c762	fix: opensuse: add procps package (for pkill)	1 year ago
Stéphane Lesimple	e368bb37e9	chore: install-ttyrec: bump latest known version fallback	2 years ago
Stéphane Lesimple	603425b31e	fix: install under FreeBSD 13.2	2 years ago
Stéphane Lesimple	914d8b30b4	chg: remove support for EOL CentOS 7	2 years ago
Stéphane Lesimple	c53f50ddf9	enh: remove nc dependency	2 years ago
Stéphane Lesimple	e2a45596d0	fix: generation of MFA secret under FreeBSD	2 years ago
Stéphane Lesimple	fd6850c7ef	fix: osh-sync-watcher: default to a valid rshcmd (fixes #433 )	2 years ago
Stéphane Lesimple	ad9e14d568	chore: silence tr on secret generation	2 years ago
Stéphane Lesimple	a458e4b63c	fix: fixrights.sh: add +x run-tool.sh	2 years ago
Stéphane Lesimple	7a288bd812	chore: perlcritic adjustement on RequireArgUnpacking	2 years ago
Stéphane Lesimple	b48463076f	feat: osh.pl: jit mfa for plugins	2 years ago
Pierre-Elliott Bécue	35d4841638	Allow setup-gpg.sh --import to receive, trust, and add to configure multiple public keys at once	2 years ago
Stéphane Lesimple	7934b6283b	Update bin/admin/check_uid_gid_collisions.pl Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	2 years ago
Stéphane Lesimple	a468220df7	fix: check_collisions: don't report orphan uids on slave, just use their name	2 years ago
Stéphane Lesimple	0353557939	enh: check_collisions: allow usage of /dev/null	2 years ago
Stéphane Lesimple	733fd054a6	fix: setup-gpg.sh: in some cases, an invalid configuration file could be generated The escape code didn't work correctly, remove it as it's not needed, indeed we already ensure that the generated password doesn't contain any " or \, hence surrounding the var by "" quotes is enough.	2 years ago
Stéphane Lesimple	a6a25fd53b	feat: add type8 and type9 password hashes This requires the-bastion-mkhash-helper v1.1.0+	2 years ago
Stéphane Lesimple	5dc50b3e57	feat: add stealth_stderr/stdout ttyrec support, enable it for scp (#413 )	2 years ago
Philipp Walter	e616f24d89	enh: setup-gpg.sh: create additional backup signing config with --generate	3 years ago
Stéphane Lesimple	902508f7d1	fix: update undocumented rename-group.sh script	3 years ago
Stéphane Lesimple	c6a6f806d2	feat: add uid/gid collisions checking script & amend doc	3 years ago
Stéphane Lesimple	708efd90ca	chore: add RockyLinux 9 support	3 years ago
Stéphane Lesimple	6f13149093	chore: bump OpenSUSE Leap tests from 15.3 to 15.4	3 years ago
Stéphane Lesimple	49dc104dd7	chore: push sandbox and tester images from Deb10 to Deb11 Also remove old config files from previsously dropped OS versions	3 years ago
Stéphane Lesimple	76f25f287e	enh: setup-encryption.sh: don't require install to be called before us	3 years ago
Stéphane Lesimple	ebebed7be0	fix: remove spurious set +e/-e after commit `bdea34c`	4 years ago
Stéphane Lesimple	72cefa6417	fix: performance issues introduced by `effab4a` Commit that introduced the performance degradation is `effab4a` (fix: workaround for undocumented caching in getpw/getgr funcs) Rewrote caching at the getpwent/getpwnam/getgrent/getgrnam level, which restores performance pre-effab4a and even enhances it in somes cases, for example on a 2000-accounts and 2000-groups bastion, we are: - 11% faster on --osh help - 35% faster on --osh selfListAccesses (reduces syscalls by 87%)	4 years ago
Stéphane Lesimple	bdea34ccad	enh: install: better error detection	4 years ago
Stéphane Lesimple	73b6a625f5	feat: add support and tests for Ubuntu 22.04 LTS	4 years ago
Stéphane Lesimple	46a01a546a	feat: groupModify: add --idle-lock-timeout and --idle-kill-timeout for group-specific timeouts	4 years ago
Stéphane Lesimple	e040afb074	chore: new perltidy rules	4 years ago
Stéphane Lesimple	884b4bbaf0	fix: install: ensure that the healthcheck user can always connect from 127.0.0.1 Regardless of the bastion config about the ingressKeysFrom configuration	4 years ago
Stéphane Lesimple	bbdf5a36b8	feat: add NRPE probes	4 years ago
Stéphane Lesimple	a178aa7906	enh: cron scripts: factorize common code and standardize logging	4 years ago
Stéphane Lesimple	86c7bf39e6	remove compress-old-logs script, as osh-encrypt-rsync will do the job instead	4 years ago
Stéphane Lesimple	e5cfa26853	fix: install: avoid cases of sigpipe on `tr`	4 years ago
Stéphane Lesimple	7bb0843de1	feat: add osh-remove-empty-folders.sh	4 years ago
Stéphane Lesimple	7f28cce490	chore: install: remove obsolete upgrading sections These portions of code were only useful to upgrade bastions from versions older than v3.00.00, which was the first public release. There has been no remaining pre-v3.x version in production internally since some time now, so there is no use keeping that code.	4 years ago
Stéphane Lesimple	37842c29d3	chore: packages-check.sh: remove obsolete -t and -v options	4 years ago
Stéphane Lesimple	da5cb3c232	chore: packages-check.sh: implement installed pkg detection in rhel/suse, use proper pkg names	4 years ago
Stéphane Lesimple	6694518ab5	chore: remove obsolete check-ssh-hardening.pl	4 years ago
Stéphane Lesimple	000ed4e8af	feat: move scripts to GnuPG 2.x and add tests	4 years ago
Stéphane Lesimple	e847a19857	enh: ttyrec & yubico installs: hardcode URLs for when API is down	4 years ago
Stéphane Lesimple	a68ccb3f8c	feat: add new OSes and deprecate old ones add: - Debian 11 - RockyLinux 8 remove: - OpenSUSE Leap 15.2 - Old minor versions of CentOS 7.x - Old minor versions of CentOS 8.x	4 years ago
Stéphane Lesimple	d51c4c8be0	fix: tests: full tests on FreeBSD	4 years ago
Christophe Crochet	d85298f229	new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required	4 years ago
madx	ea8ed97a34	new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both	4 years ago
Stéphane Lesimple	0dc448943a	doc: add osh-sync-watcher.sh config reference	5 years ago
Stéphane Lesimple	9b2aa996b3	enh: better use of account creation metadata Store account creation information in a JSON. Display this information in `accountInfo` for auditors.	5 years ago
Stéphane Lesimple	6b4418e864	chore: fixrights: ensure tests/functional/proxy/remote-daemon is +x	5 years ago

1 2

97 Commits (jsonvalidator)