the-bastion

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	11cbf63be8	chore: deprecate the use of -f and -l in selfListIngressKeys	3 weeks ago
jon4hz	2b75792318	feat: accept -l as user option	3 weeks ago
Stéphane Lesimple	b0868c1f29	enh: better interaction between systemd units and /home encryption	3 weeks ago
Stephane Lesimple	44488e8300	fix: add accountGidMin to avoid stealing an account's GID Between account system groups (bearing the same GID number than the UID they pertain to) and bastion groups, there might be collisions on bastions with a very high amount of both accounts and groups. This is only of importance if you're using fixed UIDs to create accounts, and can't let the system pick the UIDs itself (for example because these UIDs are referenced in some other system of your company). This fix applies a GID shifting to all the bastion groups to ensure they can never take a GID that would pertain to a later-to-be-created account with a fixed GID. This shift amount is configurable in bastion.conf as ``accountGidMin``, 500000 by default. Use the updated bin/admin/fix-group-gid.sh script to shift any preexisting group GID that would be out of the new groupGidMin range.	3 weeks ago
Mathieu MD	7b3240e47a	Fix missing `-regex` following @cdbd6c7 from #550	1 month ago
Stéphane Lesimple	7275605565	release v3.23.00 (#605 ) * release v3.23.00 * Update doc/release-notes/v3.23.00.md --------- Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	2 months ago
Jonah	41bcbe3cd0	fix: stop banner service, not restart (#603 )	2 months ago
Stéphane Lesimple	7457f3db0d	feat: add admin script apply-ingress-keys-from-globally.pl (#604 )	2 months ago
Stéphane Lesimple	98336fdafe	feat: httpproxy: add support for more HTTP methods (#601 ) By default this stays as before (GET and POST), but more methods can be allowed through the HTTP Proxy configuration.	2 months ago
Stéphane Lesimple	38d883c654	scp: more robust parsing for remote users with special chars (#600 )	2 months ago
Jonah	bd9ba6fc4d	fix: return accountInfo if grace period is set (#594 ) Signed-off-by: Jonah Zürcher <jonah.zuercher@adfinis.com>	2 months ago
toutoen	d558552c55	fix: hide mfa info msg in quiet mode (#598 ) fixes #596 Co-authored-by: Antoine Guerrée <antoine.guerree+github@corp.ovh.com>	2 months ago
Jonah	bdc360b421	fix: debian 13 uses lastlog2 (#590 ) * fix: debian 13 uses lastlog2 * fix: also make sure libpam-lastlog2 is installed * fix: handle lastlog for ubuntu correctly Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>	4 months ago
jon4hz	9daf0007e1	feat: switch banner if node is sealed	5 months ago
Stoiko Ivanov	9bc85ec3f4	fix: sign files when encrypting This commit should address the issue reported as GHSA-h66q-g57p-rgg6 via github security reporting. the missing command-line switch seems like a omission. adding it caused the files to be signed and verifiable in my tests. Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>	5 months ago
Stéphane Lesimple	c8b86b718a	fix: httpproxy: duplicate X-Bastion-Local-Status headers in some cases	5 months ago
Stéphane Lesimple	c1f0789aee	feat: httpproxy: craft the Host header on the egress request (#564 ) And also return X-Bastion-Remote-Host in addition to X-Bastion-Remote-IP to our caller.	5 months ago
jon4hz	53ee50f9ca	fix: check if first admin is already in adminAccounts	5 months ago
Jonah	71cf11a707	fix: use mountpoint to check if /home is mounted Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>	6 months ago
jon4hz	848fdbd1bf	fix: check if /home is actually mounted before exiting the script early	6 months ago
jon4hz	939cc2bcac	fix: execute systemctl daemon-reload after /etc/fstab changes	6 months ago
jon4hz	73f3d85309	fix: dont return status code 1 if unlock-home.sh is already linked	6 months ago
Stéphane Lesimple	a7814db804	fix: osh-lingering-session-reaper.sh: make 'ps' usage FreeBSD compatible Closes #550	6 months ago
Stéphane Lesimple	9473e5437b	fix: scp/sftp: handle case where TMPDIR is mounted in noexec (#569 ) * fix: scp/sftp: handle case where TMPDIR is mounted in noexec * review: fix copy/paste Co-authored-by: Adrien Barreau <adrien.barreau@live.fr> --------- Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	6 months ago
Stéphane Lesimple	9779d68cc8	fix: recent versions of sshd have a separate sshd-session $0	6 months ago
Stéphane Lesimple	7cac4dc911	chore: remove references to NetBSD/OpenBSD in the code	6 months ago
Stéphane Lesimple	579e5d0617	chore: tests: bump FreeBSD from 14.2 to 14.3	6 months ago
Stéphane Lesimple	c4112994f4	chg: drop Debian 10, preliminary support for Debian 13	6 months ago
Stéphane Lesimple	cdbd6c701e	fix: FreeBSD compat for 2 cron scripts (#550 )	8 months ago
Stéphane Lesimple	ed6ea14fb6	fix: ping max deadline is 3600 on FreeBSD (close #547 )	8 months ago
Stéphane Lesimple	d37e20cd0c	fix: FreeBSD: add missing package for interactive mode (close #548 )	8 months ago
Stéphane Lesimple	395243f665	fix: sftp wrapper: handle -P properly (close #553 )	8 months ago
Stéphane Lesimple	763ae8e9a7	enh: scp: add more scp options, update doc	8 months ago
Stéphane Lesimple	d2c8f46f56	enh: httpproxy: use List::Util first & pairkeys	11 months ago
Stéphane Lesimple	f09a370d97	chg: deprecate Ubuntu 18.04, up required perl version to v5.26	11 months ago
Stéphane Lesimple	74447f58a7	fix: httpproxy: allow binary data to be passed through unmodified	11 months ago
Nabil	fcc3044903	Fix: typos	11 months ago
Stéphane Lesimple	f04ddd26fc	chore: fix yubico-piv-checker package name since 1.0.2	11 months ago
Stéphane Lesimple	f79b186727	chore: github actions: replace ubuntu 20.04 by 24.04 (EOL)	12 months ago
Stéphane Lesimple	11cb6ce351	feat: httpproxy: optional support for plain http on egress	12 months ago
Stéphane Lesimple	02bacede06	fix: selfPlaySession: warn in syslog properly	12 months ago
Stéphane Lesimple	a2f1d4f4f1	enh: ssh autologin: allow TERM env passthrough	12 months ago
vt1t1	ff5931e9d7	[fix] Add comment to groupSetServers and test	12 months ago
Roy van Baekel	c9503f50e7	Implement ssh --forward-agent \| -x functionality	1 year ago
Stéphane Lesimple	19390986fa	feat: add undocumented rename-account.sh and modify osh-orphaned-homedir.sh accordingly	1 year ago
Stéphane Lesimple	fdb6c292a8	chore: use proper naming of 'subnet' instead of 'prefix' or 'slash' To avoid confusion, we now use 'subnet' to talk about a subnet represented with the CIDR notation, such as 10.0.0.0/8. In in that case: - 10.0.0.0/8 is a 'subnet' - 10.0.0.0 is the 'prefix' - 8 is the 'prefix length', or by extension the 'subnet length' Use these words everywhere in the code and documentation for clarity.	1 year ago
Stéphane Lesimple	8d33197061	feat: IPv6 support	1 year ago
Stéphane Lesimple	58354cc305	chore: factorize user@host:port display in machine_display()	1 year ago
Stéphane Lesimple	9e357333db	chg: groupInfo: remove deprecated JSON fields Remove 'partial_members' and 'full_members' from JSON output, which were replaced by 'members' and 'guests' since pre-v3.00.00	1 year ago
Stéphane Lesimple	26932258be	enh: accountInfo: add osh-only information for accounts	1 year ago

1 2 3 4 5 ...

393 Commits (master)