the-bastion

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	b0868c1f29	enh: better interaction between systemd units and /home encryption	3 weeks ago
Stephane Lesimple	44488e8300	fix: add accountGidMin to avoid stealing an account's GID Between account system groups (bearing the same GID number than the UID they pertain to) and bastion groups, there might be collisions on bastions with a very high amount of both accounts and groups. This is only of importance if you're using fixed UIDs to create accounts, and can't let the system pick the UIDs itself (for example because these UIDs are referenced in some other system of your company). This fix applies a GID shifting to all the bastion groups to ensure they can never take a GID that would pertain to a later-to-be-created account with a fixed GID. This shift amount is configurable in bastion.conf as ``accountGidMin``, 500000 by default. Use the updated bin/admin/fix-group-gid.sh script to shift any preexisting group GID that would be out of the new groupGidMin range.	3 weeks ago
Stéphane Lesimple	7275605565	release v3.23.00 (#605 ) * release v3.23.00 * Update doc/release-notes/v3.23.00.md --------- Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	2 months ago
Jonah	41bcbe3cd0	fix: stop banner service, not restart (#603 )	2 months ago
Stéphane Lesimple	7457f3db0d	feat: add admin script apply-ingress-keys-from-globally.pl (#604 )	2 months ago
Jonah	bdc360b421	fix: debian 13 uses lastlog2 (#590 ) * fix: debian 13 uses lastlog2 * fix: also make sure libpam-lastlog2 is installed * fix: handle lastlog for ubuntu correctly Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>	4 months ago
jon4hz	9daf0007e1	feat: switch banner if node is sealed	5 months ago
jon4hz	53ee50f9ca	fix: check if first admin is already in adminAccounts	5 months ago
Jonah	71cf11a707	fix: use mountpoint to check if /home is mounted Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>	6 months ago
jon4hz	848fdbd1bf	fix: check if /home is actually mounted before exiting the script early	6 months ago
jon4hz	939cc2bcac	fix: execute systemctl daemon-reload after /etc/fstab changes	6 months ago
jon4hz	73f3d85309	fix: dont return status code 1 if unlock-home.sh is already linked	6 months ago
Stéphane Lesimple	7cac4dc911	chore: remove references to NetBSD/OpenBSD in the code	6 months ago
Stéphane Lesimple	c4112994f4	chg: drop Debian 10, preliminary support for Debian 13	6 months ago
Stéphane Lesimple	d37e20cd0c	fix: FreeBSD: add missing package for interactive mode (close #548 )	8 months ago
Stéphane Lesimple	f09a370d97	chg: deprecate Ubuntu 18.04, up required perl version to v5.26	11 months ago
Nabil	fcc3044903	Fix: typos	11 months ago
Stéphane Lesimple	f04ddd26fc	chore: fix yubico-piv-checker package name since 1.0.2	12 months ago
Stéphane Lesimple	f79b186727	chore: github actions: replace ubuntu 20.04 by 24.04 (EOL)	12 months ago
Stéphane Lesimple	19390986fa	feat: add undocumented rename-account.sh and modify osh-orphaned-homedir.sh accordingly	1 year ago
Stéphane Lesimple	c93498c762	fix: opensuse: add procps package (for pkill)	1 year ago
Stéphane Lesimple	e368bb37e9	chore: install-ttyrec: bump latest known version fallback	2 years ago
Stéphane Lesimple	603425b31e	fix: install under FreeBSD 13.2	2 years ago
Stéphane Lesimple	914d8b30b4	chg: remove support for EOL CentOS 7	2 years ago
Stéphane Lesimple	c53f50ddf9	enh: remove nc dependency	2 years ago
Stéphane Lesimple	e2a45596d0	fix: generation of MFA secret under FreeBSD	2 years ago
Stéphane Lesimple	fd6850c7ef	fix: osh-sync-watcher: default to a valid rshcmd (fixes #433 )	2 years ago
Stéphane Lesimple	ad9e14d568	chore: silence tr on secret generation	2 years ago
Stéphane Lesimple	a458e4b63c	fix: fixrights.sh: add +x run-tool.sh	2 years ago
Stéphane Lesimple	7a288bd812	chore: perlcritic adjustement on RequireArgUnpacking	2 years ago
Stéphane Lesimple	b48463076f	feat: osh.pl: jit mfa for plugins	2 years ago
Pierre-Elliott Bécue	35d4841638	Allow setup-gpg.sh --import to receive, trust, and add to configure multiple public keys at once	2 years ago
Stéphane Lesimple	7934b6283b	Update bin/admin/check_uid_gid_collisions.pl Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	2 years ago
Stéphane Lesimple	a468220df7	fix: check_collisions: don't report orphan uids on slave, just use their name	2 years ago
Stéphane Lesimple	0353557939	enh: check_collisions: allow usage of /dev/null	2 years ago
Stéphane Lesimple	733fd054a6	fix: setup-gpg.sh: in some cases, an invalid configuration file could be generated The escape code didn't work correctly, remove it as it's not needed, indeed we already ensure that the generated password doesn't contain any " or \, hence surrounding the var by "" quotes is enough.	2 years ago
Stéphane Lesimple	a6a25fd53b	feat: add type8 and type9 password hashes This requires the-bastion-mkhash-helper v1.1.0+	2 years ago
Stéphane Lesimple	5dc50b3e57	feat: add stealth_stderr/stdout ttyrec support, enable it for scp (#413 )	2 years ago
Philipp Walter	e616f24d89	enh: setup-gpg.sh: create additional backup signing config with --generate	3 years ago
Stéphane Lesimple	902508f7d1	fix: update undocumented rename-group.sh script	3 years ago
Stéphane Lesimple	c6a6f806d2	feat: add uid/gid collisions checking script & amend doc	3 years ago
Stéphane Lesimple	708efd90ca	chore: add RockyLinux 9 support	3 years ago
Stéphane Lesimple	6f13149093	chore: bump OpenSUSE Leap tests from 15.3 to 15.4	3 years ago
Stéphane Lesimple	49dc104dd7	chore: push sandbox and tester images from Deb10 to Deb11 Also remove old config files from previsously dropped OS versions	3 years ago
Stéphane Lesimple	76f25f287e	enh: setup-encryption.sh: don't require install to be called before us	3 years ago
Stéphane Lesimple	ebebed7be0	fix: remove spurious set +e/-e after commit `bdea34c`	4 years ago
Stéphane Lesimple	72cefa6417	fix: performance issues introduced by `effab4a` Commit that introduced the performance degradation is `effab4a` (fix: workaround for undocumented caching in getpw/getgr funcs) Rewrote caching at the getpwent/getpwnam/getgrent/getgrnam level, which restores performance pre-effab4a and even enhances it in somes cases, for example on a 2000-accounts and 2000-groups bastion, we are: - 11% faster on --osh help - 35% faster on --osh selfListAccesses (reduces syscalls by 87%)	4 years ago
Stéphane Lesimple	bdea34ccad	enh: install: better error detection	4 years ago
Stéphane Lesimple	73b6a625f5	feat: add support and tests for Ubuntu 22.04 LTS	4 years ago
Stéphane Lesimple	46a01a546a	feat: groupModify: add --idle-lock-timeout and --idle-kill-timeout for group-specific timeouts	4 years ago

1 2 3

117 Commits (master)