the-bastion

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	a728c2f760	fix: opensuse: tests: no longer rely on sysV scripts	1 month ago
Stéphane Lesimple	36850d6a05	fix: early check for port validity to avoid warnings later on	1 month ago
jon4hz	2637281424	fix: missing syslog-ng config for bastion-scripts	1 month ago
Stéphane Lesimple	306d1304e7	chore: add relnotes for v3.23.01	3 months ago
Stéphane Lesimple	01c896ba63	release v3.23.01	3 months ago
Stéphane Lesimple	11cbf63be8	chore: deprecate the use of -f and -l in selfListIngressKeys	3 months ago
jon4hz	2b75792318	feat: accept -l as user option	3 months ago
Stéphane Lesimple	b0868c1f29	enh: better interaction between systemd units and /home encryption	3 months ago
Stephane Lesimple	44488e8300	fix: add accountGidMin to avoid stealing an account's GID Between account system groups (bearing the same GID number than the UID they pertain to) and bastion groups, there might be collisions on bastions with a very high amount of both accounts and groups. This is only of importance if you're using fixed UIDs to create accounts, and can't let the system pick the UIDs itself (for example because these UIDs are referenced in some other system of your company). This fix applies a GID shifting to all the bastion groups to ensure they can never take a GID that would pertain to a later-to-be-created account with a fixed GID. This shift amount is configurable in bastion.conf as ``accountGidMin``, 500000 by default. Use the updated bin/admin/fix-group-gid.sh script to shift any preexisting group GID that would be out of the new groupGidMin range.	3 months ago
Mathieu MD	7b3240e47a	Fix missing `-regex` following @cdbd6c7 from #550	3 months ago
Stéphane Lesimple	7275605565	release v3.23.00 (#605 ) * release v3.23.00 * Update doc/release-notes/v3.23.00.md --------- Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	4 months ago
Jonah	41bcbe3cd0	fix: stop banner service, not restart (#603 )	4 months ago
Stéphane Lesimple	7457f3db0d	feat: add admin script apply-ingress-keys-from-globally.pl (#604 )	4 months ago
Stéphane Lesimple	98336fdafe	feat: httpproxy: add support for more HTTP methods (#601 ) By default this stays as before (GET and POST), but more methods can be allowed through the HTTP Proxy configuration.	4 months ago
Stéphane Lesimple	38d883c654	scp: more robust parsing for remote users with special chars (#600 )	4 months ago
Stéphane Lesimple	aa14c0e14f	enh: allow colon in remote user names (#602 )	4 months ago
François Magimel	2ceab97ef9	docs(dev,setup): fix the pre-commit example and script helper (#599 ) * docs(dev,setup): fix the pre-commit example * docs(dev,setup): update the script helper	4 months ago
Jonah	bd9ba6fc4d	fix: return accountInfo if grace period is set (#594 ) Signed-off-by: Jonah Zürcher <jonah.zuercher@adfinis.com>	4 months ago
toutoen	d558552c55	fix: hide mfa info msg in quiet mode (#598 ) fixes #596 Co-authored-by: Antoine Guerrée <antoine.guerree+github@corp.ovh.com>	4 months ago
Jonah	bdc360b421	fix: debian 13 uses lastlog2 (#590 ) * fix: debian 13 uses lastlog2 * fix: also make sure libpam-lastlog2 is installed * fix: handle lastlog for ubuntu correctly Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>	6 months ago
jon4hz	fd14ddf5ed	docs: add link to ansible role	7 months ago
jon4hz	9daf0007e1	feat: switch banner if node is sealed	7 months ago
Stéphane Lesimple	f8694351e8	chore: bump version number to v3.22.00	7 months ago
Stéphane Lesimple	2c71d4ec80	release v3.22.00	7 months ago
Stéphane Lesimple	c1817bc887	enh: tests: add tests for sign files issue	7 months ago
Stoiko Ivanov	9bc85ec3f4	fix: sign files when encrypting This commit should address the issue reported as GHSA-h66q-g57p-rgg6 via github security reporting. the missing command-line switch seems like a omission. adding it caused the files to be signed and verifiable in my tests. Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>	7 months ago
Stéphane Lesimple	c8b86b718a	fix: httpproxy: duplicate X-Bastion-Local-Status headers in some cases	7 months ago
Stéphane Lesimple	c1f0789aee	feat: httpproxy: craft the Host header on the egress request (#564 ) And also return X-Bastion-Remote-Host in addition to X-Bastion-Remote-IP to our caller.	7 months ago
Stéphane Lesimple	bea7d64146	fix: docker sandbox: restore ACLs on start	7 months ago
Stéphane Lesimple	a62439f2be	Update doc/sphinx/faq.rst Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	7 months ago
Stéphane Lesimple	3452682794	doc: faq: note about ttyrec/script	7 months ago
Stéphane Lesimple	9529ec07fa	doc: note about the refresh of bastion.conf (#573 )	7 months ago
jon4hz	53ee50f9ca	fix: check if first admin is already in adminAccounts	8 months ago
Jonah	71cf11a707	fix: use mountpoint to check if /home is mounted Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>	8 months ago
jon4hz	848fdbd1bf	fix: check if /home is actually mounted before exiting the script early	8 months ago
jon4hz	939cc2bcac	fix: execute systemctl daemon-reload after /etc/fstab changes	8 months ago
jon4hz	73f3d85309	fix: dont return status code 1 if unlock-home.sh is already linked	8 months ago
Stéphane Lesimple	d55aa7e1e9	release v3.21.00	8 months ago
Stéphane Lesimple	8184991f7b	chore: shell functions: detect OS without requiring uname	8 months ago
Stéphane Lesimple	93671ef571	fix: tests: more robust sshd reloading across OSes	8 months ago
Stéphane Lesimple	a7814db804	fix: osh-lingering-session-reaper.sh: make 'ps' usage FreeBSD compatible Closes #550	8 months ago
Stéphane Lesimple	9473e5437b	fix: scp/sftp: handle case where TMPDIR is mounted in noexec (#569 ) * fix: scp/sftp: handle case where TMPDIR is mounted in noexec * review: fix copy/paste Co-authored-by: Adrien Barreau <adrien.barreau@live.fr> --------- Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	8 months ago
Stéphane Lesimple	b367cd7f59	fix: tests: freebsd: proper reload of recent sshd	8 months ago
Stéphane Lesimple	9779d68cc8	fix: recent versions of sshd have a separate sshd-session $0	8 months ago
Stéphane Lesimple	7cac4dc911	chore: remove references to NetBSD/OpenBSD in the code	8 months ago
Stéphane Lesimple	579e5d0617	chore: tests: bump FreeBSD from 14.2 to 14.3	8 months ago
Stéphane Lesimple	a9589658f8	fix: tests: remove support for MD5 fingerprints	8 months ago
Stéphane Lesimple	9a357f9ff7	fix: tests: better detect faulty modules syntax	8 months ago
Stéphane Lesimple	8e25642f42	fix: remove tests for DSA keys, compiled out of recent OpenSSH versions These keys have always been denied by the bastion code anyway.	8 months ago
Stéphane Lesimple	2873af8221	fix: supported key algorithms detection for OpenSSH >= 10	8 months ago

1 2 3 4 5 ...

796 Commits (master) All Branches Search

796 Commits (master)

All Branches