the-bastion

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	f43fdaaf82	enh: osh-lingering-sessions-reaper: make it configurable	4 years ago
Stéphane Lesimple	572ced2af7	enh: osh-piv-grace-reaper: run only on master, standardize config reading	4 years ago
Stéphane Lesimple	07f5c35458	fix: piv-grace-reaper: don't use hash values (had no impact) This coding error had no impact because the values are hash references, hence were rejected immediately as invalid accoounts by account_config()	4 years ago
Stéphane Lesimple	bd13e5a476	enh: osh-encrypt-rsync: catch warnings emitted by GetOptions	4 years ago
Stéphane Lesimple	c38c9c09f2	chore: fix typos	4 years ago
Stéphane Lesimple	a178aa7906	enh: cron scripts: factorize common code and standardize logging	4 years ago
Stéphane Lesimple	2c2064a484	feat: osh-encrypt-rsync: handle sqlite and user logs along with ttyrec files	4 years ago
Stéphane Lesimple	86c7bf39e6	remove compress-old-logs script, as osh-encrypt-rsync will do the job instead	4 years ago
Stéphane Lesimple	6baa61a7f4	fix: accountInfo: missing creation date on non-json output	4 years ago
Stéphane Lesimple	e5cfa26853	fix: install: avoid cases of sigpipe on `tr`	4 years ago
Stéphane Lesimple	dc16e628e2	fix: osh-remove-empty-folders: fix folders counting (logging only)	4 years ago
Stéphane Lesimple	3331e158a0	enh: better error detection and logging in (account\|group)Delete	4 years ago
Stéphane Lesimple	7bb0843de1	feat: add osh-remove-empty-folders.sh	4 years ago
Stéphane Lesimple	744bd5fa0c	enh: introduce exit_fail and exit_success for shell scripts	4 years ago
Antoine Leblanc	1c8efa6590	fix: osh-accountCreate: fix typo Signed-off-by: Antoine Leblanc <antoine.leblanc@ovhcloud.com>	4 years ago
Stéphane Lesimple	7f28cce490	chore: install: remove obsolete upgrading sections These portions of code were only useful to upgrade bastions from versions older than v3.00.00, which was the first public release. There has been no remaining pre-v3.x version in production internally since some time now, so there is no use keeping that code.	4 years ago
Stéphane Lesimple	37842c29d3	chore: packages-check.sh: remove obsolete -t and -v options	4 years ago
Stéphane Lesimple	da5cb3c232	chore: packages-check.sh: implement installed pkg detection in rhel/suse, use proper pkg names	4 years ago
Stéphane Lesimple	6694518ab5	chore: remove obsolete check-ssh-hardening.pl	4 years ago
Stéphane Lesimple	ae74a823f8	chore: perltidy: rewrite perl-tidy.sh to support single-file tidy	4 years ago
Stéphane Lesimple	ae997dd93c	chore: shellcheck: rewrite shell-check.sh and make files compliant with v0.8.0	4 years ago
Stéphane Lesimple	f609565fe8	enh: batch: detect when asked to start a plugin requiring MFA	4 years ago
Stéphane Lesimple	000ed4e8af	feat: move scripts to GnuPG 2.x and add tests	4 years ago
Stéphane Lesimple	f8f193b298	enh: selfMFASetupPassword: add more messages for the user	4 years ago
Stéphane Lesimple	e847a19857	enh: ttyrec & yubico installs: hardcode URLs for when API is down	4 years ago
Stéphane Lesimple	a68ccb3f8c	feat: add new OSes and deprecate old ones add: - Debian 11 - RockyLinux 8 remove: - OpenSUSE Leap 15.2 - Old minor versions of CentOS 7.x - Old minor versions of CentOS 8.x	4 years ago
Stéphane Lesimple	aaaa173764	feat: add the accountUnlock restricted plugin	4 years ago
Stéphane Lesimple	d51c4c8be0	fix: tests: full tests on FreeBSD	4 years ago
Stéphane Lesimple	7cc350b40d	chore: check for spurious args in all helpers	4 years ago
Stéphane Lesimple	90dbe04dde	enh: detect silent password change failures	4 years ago
Stéphane Lesimple	850152a88c	enh: ensure proper Getopt::Long options are set everywhere	4 years ago
Stéphane Lesimple	d4cc727f74	chore: factorize helpers header	4 years ago
Stéphane Lesimple	2c2f723bbb	fix: add helpers handling of SIGPIPE/SIGHUP To avoid having e.g. a group creation interrupted in the middle just because the caller killed their ssh connection while we're still working	4 years ago
Stéphane Lesimple	1725130a15	fix: avoid double-close log messages on HUP	4 years ago
Stéphane Lesimple	373f4907de	fix: tests under OpenSUSE (fping raw sockets)	4 years ago
Christophe Crochet	98c1c79382	update of --force-password: code style cleanup	4 years ago
Christophe Crochet	e9841b89bc	update of --force-password: removed guest support	4 years ago
Christophe Crochet	ff40617624	update of --force-password: guest support, autocompletion, new tests, code cleanups	4 years ago
Christophe Crochet	e4b132ed9a	new access option: --force-password <HASH>, to only try one specific password	4 years ago
Stéphane Lesimple	89ecb2c0d7	feat: add support for Duo PAM auth as MFA (#249 )	4 years ago
Stéphane Lesimple	7dcbfeebc6	fix: --self-password was missing as a -P synonym (#257 )	4 years ago
Stéphane Lesimple	00aa2e7efc	fix: selfMFASetupTOTP: bad return func	4 years ago
Christophe Crochet	d85298f229	new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required	4 years ago
madx	ea8ed97a34	new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both	4 years ago
Stéphane Lesimple	a65cbd55b8	accountPIV: fix bad autocompletion rule	4 years ago
Stéphane Lesimple	8d84fce34f	fix: proactive-mfa: make it work for --osh batch and --osh clush	4 years ago
Stéphane Lesimple	b58388a3d9	feat: add --proactive-mfa and mfa/nofa interactive commands For bastions using JIT MFA, where MFA can be requested when attempting to connect through specific groups, or when using some commands, with respect to MFA being enforced at connection time directly through the sshd authentication process, one can now request MFA validation in advance, to workaround problems in commands such as ``clush`` or ``batch``, and interactive mode.	4 years ago
Stéphane Lesimple	f64cf79260	chore: rename an envvar for clarity	4 years ago
Stéphane Lesimple	99686499b1	feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209 )	4 years ago
Stéphane Lesimple	4a21cfc421	enh: add --max-inactive-days to accountCreate	5 years ago
Stéphane Lesimple	ef10d509fd	enh: add max_inactive_days to account configuration (#230 )	5 years ago
Stéphane Lesimple	15cb2c2453	enh: accountInfo: add --list-groups Listing groups can be slow on bastions having thousands of groups, hence this is now disabled by default.	5 years ago
Stéphane Lesimple	f1e875ca4b	fix: erroneous message in connect.pl	5 years ago
Stéphane Lesimple	56d4078605	feat: add --fallback-password-delay (3) for ssh password autologin	5 years ago
Stéphane Lesimple	5930775626	enh: better error message when unknown option is used	5 years ago
Stéphane Lesimple	cd5b61b239	chore: perlcritic: remove Variables::RequireInitializationForLocalVars check	5 years ago
Stéphane Lesimple	92d4a46ac5	doc: add osh-piv-grace-reaper.pl config reference	5 years ago
Stéphane Lesimple	9f28dfa977	doc: add osh-backup-acl-keys.sh config reference	5 years ago
Stéphane Lesimple	3c6ce52e8e	doc: add osh-encrypt-rsync.pl config reference	5 years ago
Stéphane Lesimple	0dc448943a	doc: add osh-sync-watcher.sh config reference	5 years ago
Stéphane Lesimple	9b2aa996b3	enh: better use of account creation metadata Store account creation information in a JSON. Display this information in `accountInfo` for auditors.	5 years ago
Stéphane Lesimple	c0bebf23d4	fix: accountCreate --uid-auto: rare case where a free UID couldn't be found This happened when a free UID was found, along with a corresponding GID, but the corresponding GID for the ttyrec group of the account was not available. Now this is checked directly in get_next_available_uid()	5 years ago
Stéphane Lesimple	6b4418e864	chore: fixrights: ensure tests/functional/proxy/remote-daemon is +x	5 years ago
Stéphane Lesimple	2390f56c9a	chore: groupCreate: fix help message	5 years ago
Stéphane Lesimple	f483b1540a	enh: max account length is now 28 chars up from 18	5 years ago
thibault.dewailly	5415ed2793	Feat: Add admin and super owner accounts list in info plugin For auditing purposes, get admin and super owner list in info plugin Available for auditor role only Closes #206	5 years ago
Stéphane Lesimple	2f1e3fbfa8	support: del deb8/ubuntu1404/opensuse150/opensuse151, add opensuse153 Remove support for EOL OSes: - Debian 8 - Ubuntu 14.04 - OpenSUSE 15.0 - OpenSUSE 15.1 Add support for: - OpenSUSE 15.3	5 years ago
Stéphane Lesimple	d400ceeb9f	doc: clush: document --user and --port Partly fixes #201	5 years ago
Stéphane Lesimple	8d2aaf8d8f	fix: setup-first-admin-account.sh: support to add several admins Fixes #202	5 years ago
Thomas Soëte	c61a3eaae9	Remove duplicate groupAddGuestAccess groupDelGuestAccess groupAddGuestAccess groupDelGuestAccess are present twice in help	5 years ago
Stéphane Lesimple	2e9fe9288b	enh: httpproxy: add options to fine-tune logging Added the `log_request_response` and `log_request_response_max_size` options to osh-http-proxy.conf. By default, requests are logged, including their body, up to a size of 64K per request response. Before, there was no size limit to the logged body response.	5 years ago
Stéphane Lesimple	45cfb78b0b	fix: httpproxy: allow more passthrough headers The following additional header is now allowed to come back from the remote server to the client: * Content-Length The following additional headers are now passed through to the remote server: * Content-Length * Content-Encoding	5 years ago
Stéphane Lesimple	b364706f37	feat: httpproxy: add functional tests	5 years ago
Stéphane Lesimple	d6291f3ad4	feat: httpproxy: add and use execute_simple() for more performance Also handle errors better in hand_http_request()	5 years ago
Stéphane Lesimple	7da3ef3e25	fix: connect.pl: decode 2K bytes of the ttyrec instead of 1K to not miss messages	5 years ago
Stéphane Lesimple	3925e67d43	feat: add groupDestroy command for owners This command deletes a group, as `groupDelete` does, but works for owners so that they can delete their own group. `groupDelete` remains as a restricted command, able to delete any group. Closes #40.	5 years ago
Stéphane Lesimple	8cc990ad57	feat: add filtering options to several cmds,nicify print_acls() The commands selfListAccesses, accountListAccesses, groupList, groupListServers, groupListGuestAccesses and accountList now have options to filter their output through pattern matching, with --include and --exclude. The output from the commands using print_acls() is also more human-friendly, with auto-adjusting column length, and empty columns omitted. Closes #60.	5 years ago
Stéphane Lesimple	adb9d8c374	feat: add UTF-8 chars to output when supported and allowed To enhance the readability and visibility of important messages (such as critical ones). This can be disabled with the `allowUTF8` global option set to `false`. It's never enabled if the user locale or their terminal don't seem to support it.	5 years ago
Stéphane Lesimple	60ad30ce5b	fix: install: adjust a sed to be FreeBSD 13 compliant	5 years ago
Stéphane Lesimple	344865884b	fix: groupCreate: deny groups starting with 'key' Mitigates #178	5 years ago
Stéphane Lesimple	f4c59ca96b	enh: setup-gpg.sh: clarify the use of ^D with --import Closes #179	5 years ago
Stéphane Lesimple	e865964dd2	enh: setup-encryption.sh: check that luks-config.sh exists As seen in #181	5 years ago
Stéphane Lesimple	68e088a607	doc: accountModify: more details on the --egress-strict-host-key-checking option	5 years ago
Jonathan Marsaud	b7b2533604	accountModify - Add a new `accept-new` POLICY in egress-strict-host-key-checking parameter	5 years ago
Jérémy Lecour	3e0202d914	Fix typo in unlock-home.sh Typo : Mouting → Mounting	5 years ago
Stéphane Lesimple	c2b4bb192a	fix: osh-help: put groupDelEgressKey in the proper category Fixes #174	5 years ago
Stéphane Lesimple	90d6dc2e3c	fix: superowners need to have +x on group homes	5 years ago
Stéphane Lesimple	e412083272	fix: accountCreate: incorrect help message (#167 )	5 years ago
Stéphane Lesimple	5ec805f26b	fix: groupGenerateEgressKey: --help wasn't working properly	5 years ago
Stéphane Lesimple	003052530e	feat: preparatory work to support Debian 11 "Bullseye" We still need to replacee pam_tally2 by pam_faillock Debian 11 is NOT yet supported, and won't be before it's released as stable.	5 years ago
Stéphane Lesimple	1d9018ef7f	fix: strict check failure was no longer detected to print a help message Fixes #155	5 years ago
Stéphane Lesimple	3b4ea53cce	fix: fixrights.sh: 'chmod --' not supported under FreeBSD	5 years ago
Stéphane Lesimple	1b04b800b8	fix: packages-check.sh: centos: ensure cache is up to date before trying to install packages	5 years ago
Stéphane Lesimple	5920b09aed	chore: mkdir -p doesn't fail if dir already exists	5 years ago
Stéphane Lesimple	c5cd5d4464	fix: groupDelServer: missing autocompletion in interactive mode	5 years ago
Stéphane Lesimple	7b7c395c55	enh: osh-orphaned-homedir.sh: add more security checks to ensure we don't archive still-used home dirs	5 years ago
Stéphane Lesimple	7dabfc7135	fix: install-yubico-piv-checker: ppc64le installation was broken	5 years ago
Stéphane Lesimple	255f0684cc	fix: scp: abort early if host is not found to avoid a warn() The following warn would happen if the scp wrapper was called with an invalid hostname: Use of uninitialized value in bitwise and (&) at /usr/share/perl5/Net/Netmask.pm line 699. at /opt/bastion/bin/plugin/open/../../../lib/perl/OVH/Bastion.pm line 41. OVH::Bastion::__ANON__("Use of uninitialized value \ in bitwise and (&) at /usr/shar"...) called at /usr/share/perl5/Net/Netmask.pm line 697 Net::Netmask::match(Net::Netmask=HASH(0x55b1d5f11860), undef) called at /opt/bastion/lib/perl/OVH/Bastion/allowdeny.inc line 214 OVH::Bastion::is_access_way_granted("port", 22, "exactUserMatch", 1, "ipfrom", "X.X.X.X", "ip", undef, ...) called at /opt/bastion/lib/perl/OVH/Bastion/allowdeny.inc line 688 OVH::Bastion::is_access_granted(\"account\", \"johndoe\", \"user\", \"!scpupload\", \"ipfrom\", \"X.X.X.X\", \"ip\", undef, ...) called at /opt/bastion/bin/plugin/open/scp line 136	5 years ago
Stéphane Lesimple	6ae85d5afd	fix: osh-backup-acl-keys: detect file removed transient error	5 years ago
Stéphane Lesimple	b444dc027f	chore: tests: support multiple unit-tests	5 years ago
Stéphane Lesimple	4fd010c355	chore: microfixes after review	5 years ago
Stéphane Lesimple	8a0f7c6b4f	fix: accountInfo: get rid of a warn() This occurred since v3.01.99-rc1 when requesting an accountInfo of an account without an ingress_piv_policy set. Use of uninitialized value in concatenation (.) or string at /usr/share/perl/5.28/Term/ANSIColor.pm line 510. at /opt/bastion/bin/plugin/restricted/../../../lib/perl/OVH/Bastion.pm line 41. OVH::Bastion::__ANON__("Use of uninitialized value \ in concatenation (.) or st"...) called at /usr/share/perl/5.28/Term/ANSIColor.pm line 510 Term::ANSIColor::colored(undef, "green") called at /opt/bastion/bin/plugin/restricted/accountInfo line 178	5 years ago
Stéphane Lesimple	edb1b77dfc	feat: auto-add hostname as comment in groupAddServer / selfAddPersonalAccesss Implements a side suggestion of #60	5 years ago
Stéphane Lesimple	383f2a011c	enh: guests: groupAddGuestAccess now supports setting a comment If no comment is set, the comment is inherited from the group ACL, as seen in groupListServers. selfAddPersonalAccess now also return details about the added server in the returned JSON. Closes #18 Closes #17	5 years ago
Stéphane Lesimple	9216e2db1b	enh: groupAddServer: augment the returned JSON with the added server details	5 years ago
Stéphane Lesimple	ed77c1ef3e	feat: transmit PIV enforcement status to remote realms Closes #33	5 years ago
Stéphane Lesimple	5eb5135d26	doc: update	5 years ago
Stéphane Lesimple	e760cf6142	feat: add groupGenerateEgressKey and groupDelEgressKey	5 years ago
Stéphane Lesimple	e235199715	fix: groupModify: deny early if user is not an owner of the group This way, the error message is clearer	5 years ago
Stéphane Lesimple	7eeccb7c5d	enh: groupInfo: nicer message when no egress key exists	5 years ago
Stéphane Lesimple	70feff2c2d	enh: install: use in-place overwrite for sudoers files This fixes a race condition in sudo where it would log a log of error messages to syslog if used while we're running the install script: files around sudoers.d/ are then moved around, and it'll yell for each file it previously listed if the file no longer exists when it tries to stat() it. It also deprecates the --no-wait flag of the install script, as now the sudoers.d/ directory will always have integrity at all times. Signed-off-by: Stéphane Lesimple <stephane.lesimple+bastion@ovhcloud.com>	5 years ago
Stéphane Lesimple	efe3710e4c	feat: groupList/accountList: add --include --exclude	5 years ago
Stéphane Lesimple	148d5206e5	enh: rootListIngressKeys: look for all well-known authkeys files	5 years ago
Stéphane Lesimple	69778815bb	enh: groupList: use cache to speedup calls On bastions with thousands of group, the speedup is ~x10	5 years ago
Stéphane Lesimple	141791db92	fix: scripts: (( )) returns 1 if evaluated to zero	5 years ago
Stéphane Lesimple	d04b15a19e	fix: tocttou in ttyrec rotation script	5 years ago
Stéphane Lesimple	361c6a37a2	fix: osh-lingering-sessions-reaper.sh: tocttou on kill could terminate the script early	5 years ago
Pierre Kuhner	e7e045a40d	fix: confusing error messages in groupDelServer	5 years ago
Stéphane Lesimple	1129850771	fix: global-log: directly set proper perms on file creation	5 years ago
Stéphane Lesimple	1676979913	feat: add PIV keys support and policy enforcement A new global option 'ingressRequirePIV' was added, to enable or disable a bastion-wide policy forcing everybody to use only PIV keys.	5 years ago
Stéphane Lesimple	62d6393d56	feat: add yubico-piv-checker install script	5 years ago
Stéphane Lesimple	41121f7723	fix: proper sqlite log location for invalid realm accounts	5 years ago
Stéphane Lesimple	e8d60810f1	Merge pull request #111 from ovh/perluseall chore: perl-use-all: dynamically find required modules	5 years ago
Stéphane Lesimple	b4f32d5afe	Merge pull request #110 from ovh/aclbackup enh: satellite scripts: better error handling	5 years ago
Stéphane Lesimple	16323667e2	Merge pull request #106 from ovh/logs feat: revamp logs	5 years ago
Stéphane Lesimple	8e7fc9b949	chore: perl-use-all: dynamically find required modules	5 years ago
Stéphane Lesimple	9a10ddebd9	enh: satellite scripts: better error handling	5 years ago
Stéphane Lesimple	a479810d83	feat: revamp logs All connections and plugin executions emit two logs, an 'open' and a 'close' log. We now add all the details of the connection to the 'close' logs, those that were previously only available in the corresponding 'open' log. This way, it is no longer required to correlate both logs with their uniqid to have all the data: the 'close' log should suffice. The 'open' log is still there if for some reason the 'close' log can't be emitted (kill -9, system crash, etc.), or if the 'open' and the 'close' log are several hours, days or months appart. An additional field "duration" has been added to the 'close' logs, this represents the number of seconds (with millisecond precision) the connection lasted. Two new fields "globalsql" and "accountsql" have been added to the 'open'-type logs. These will contain either "ok" if we successfully logged to the corresponding log database, "no" if it is disabled, or "error $aDetailedMessage" if we got an error trying to insert the row. The 'close'-type log also has the new "accountsql_close" field, but misses the "globalsql_close" field as we never update the global database on this event. On the 'close' log, we can also have the value "missing", indicating that we couldn't update the access log row in the database, as the corresponding 'open' log couldn't insert it. The "ttyrecsize" log field for the 'close'-type logs has been removed, as it was never completely implemented, and contains bogus data if ttyrec log rotation occurs. It has also been removed from the sqlite log databases. The 'open' and 'close' events are now pushed to our own log files, in addition to syslog, if logging to those files is enabled (see ``enableGlobalAccesssLog`` and ``enableAccountAccessLog``), previously the 'close' events were only pushed to syslog. The /home/osh.log is no longer used for ``enableGlobalAccessLog``, the global log is instead written to /home/logkeeper/global-log-YYYYMM.log. The global sql file, enabled with ``enableGlobalSqlLog``, is now split by year-month instead of by year, to /home/logkeeper/global-log-YYYYMM.sqlite.	5 years ago
Stéphane Lesimple	2cfde997f3	fix: realmDelete: bad sudoers configuration	5 years ago
Stéphane Lesimple	81db4b10bb	feat: realms: use remote bastion MFA validation information for local policy enforcement	5 years ago
Stéphane Lesimple	16f42221ca	feat: add LC_BASTION_DETAILS envvar	5 years ago
Stéphane Lesimple	a204313af9	feat: accountModify: add --osh-only (closes #97 )	5 years ago
Stéphane Lesimple	03ad1da046	chore: perlcritic: including forgotten .inc files	5 years ago
Stéphane Lesimple	a676692fe6	chore: fix an error message	5 years ago
Stéphane Lesimple	fdb786d62c	Merge pull request #89 from ovh/dev/aleblanc/bin-helper-osh-account-delete fix: osh-accountDelete: fix typo	5 years ago
Stéphane Lesimple	790802e6da	fix: osh.pl: plugin_config 'disabled' key is a boolean	5 years ago
Antoine Leblanc	82f2c96ea6	fix: osh-accountDelete: fix typo Signed-off-by: Antoine Leblanc <antoine.leblanc@ovhcloud.com>	5 years ago
Stéphane Lesimple	e2186978da	fix: sudogen: don't check for account/groups validity too much when deleting them Fixes #86	5 years ago
Stéphane Lesimple	c68b696702	chore: shellcheck & perltidy	5 years ago
Stéphane Lesimple	7707b1c351	fix: osh-groupCreate: fix for centos 8.3	5 years ago
Stéphane Lesimple	457a8fae82	chore: packages-check: remove unused packages	5 years ago
Stéphane Lesimple	dca45a44c5	chore: fix latest centos 8 release, add tests for last 3 minors	5 years ago
Stéphane Lesimple	c4d2cea3b0	fix: packages-check: centos8: handle new repo names	5 years ago
Stéphane Lesimple	8276f3878d	Merge pull request #76 from ovh/fixsudoers fix: sudogen: handle '.' and OS-specific templates correctly	5 years ago
thibault.dewailly	1e32cfde7d	osh-encrypt-rsync: Remove logfile as mandatory parameter	5 years ago
Stéphane Lesimple	50c016be10	fix: sudogen: properly handle accounts & groups containing '.'	5 years ago
Stéphane Lesimple	526a5d0389	fix: sudogen: proper detection of OS-specific templates	5 years ago
Thomas Soëte	9647ae9cdb	fix: Fix 'selfAddPersonalAccess' helptext	5 years ago
Stéphane Lesimple	4cb09a9570	nh: remove hardcoded .ssh/authorized_keys2 everywhere	5 years ago
Stéphane Lesimple	71cd9a46df	Merge branch 'master' into autocompletion	5 years ago
Stéphane Lesimple	9fb6b8d444	enh: accountCreate: handle --uid-auto in autocompletion rules	5 years ago
Thomas SOËTE	ef531308d5	enh: doc: add from parameter as it is mandatory	5 years ago
Stéphane Lesimple	f07e00b1e9	Merge branch 'master' into adminSudo	5 years ago
Stéphane Lesimple	e2a64a9d8f	enh: adminSudo: better autocompletion rules	5 years ago
Thomas SOËTE	2a51a78b54	fix: Enable perl-tidy.sh test * Move to ubuntu-20.04 runner * Remove check in dockers tests	5 years ago
Stéphane Lesimple	d0e7e9046b	enh: httpproxy: add informational headers to the egress side request	5 years ago
Stéphane Lesimple	15cad00c27	fix: osh.pl: validate user and host format	5 years ago
Stéphane Lesimple	396e0d2d32	Merge branch 'master' into backupfix	5 years ago
Stéphane Lesimple	5d3de83e50	fix: osh-encrypt-rsync.pl: allow more broad chars to avoid letting weird-named files behind	5 years ago
Stéphane Lesimple	e907532447	fix: osh-backup-acl-keys.sh: don't exclude .gpg, or we'll miss /root/.gnupg/secring.gpg	5 years ago
Stéphane Lesimple	8f60646c65	feat: add interactiveModeByDefault option	5 years ago
Stéphane Lesimple	d6be60e4a2	Merge branch 'master' into centos	5 years ago
Stéphane Lesimple	60d0f12018	Merge branch 'master' into freebsd	5 years ago
Stéphane Lesimple	1a5404cf75	Merge branch 'master' into sort-selfListSessions-output	5 years ago
Thomas SOËTE	632076565e	Fix sort of the list of past sessions	5 years ago
Stéphane Lesimple	4fd24a3dbc	enh: install: freebsd: check whether acls are enabled	5 years ago
Stéphane Lesimple	231c62b581	feat: install: add SELinux module for TOTP MFA Fixes #26	5 years ago
Stéphane Lesimple	615f26af8b	enh: freebsd: use ttyrec prebuild static version	5 years ago
Stéphane Lesimple	cb02fd2a33	fixes after review	5 years ago
Stéphane Lesimple	1b164c1197	fix typo	5 years ago
Stéphane Lesimple	0b0200951e	enh: sudoers: support per-OS templates, add one for FreeBSD	5 years ago
Stéphane Lesimple	7085b2d091	fix: osh.pl: fix pamtester use under FreeBSD Under FreeBSD, users can't read /etc/spwd.db, and there is no helper for pam_unix.so to validate user passwords, as this is the case under Linux, so we have to launch pamtester under root so that pam_unix.so can do its job	5 years ago
Stéphane Lesimple	60cea897f8	enh: osh.pl: replace harcoded selfMFASetupPassword logic by configuration	5 years ago
Stéphane Lesimple	ee81bd4070	enh: packages-check.sh: better handling of FreeBSD packagees	5 years ago
Stéphane Lesimple	7ee203aa71	enh: install-ttyrec.h: error msg for non-supported OSes	5 years ago
Stéphane Lesimple	9f1a8b925e	enh: install: better handling of non-Linux standard paths	5 years ago
Stéphane Lesimple	234dd0768a	feat: freebsd: add specific FreeBSD ssh config templates	5 years ago
Stéphane Lesimple	09bd6dffd9	fix: freebsd: add md5sum_compat() to account for systems where md5sum's binary name is gmd5sum	5 years ago
Stéphane Lesimple	4105c10193	fix: freebsd: replace 'root' by '0' so that it works even if uid0's name is not root	5 years ago
Stéphane Lesimple	811b2f9c15	Merge branch 'master' into master	5 years ago
Stéphane Lesimple	418dc3a332	feat: add more archs to dockerhub sandbox	5 years ago
snk33	7685114cfd	allow adminSudo plugin to read from stdin add expects_stdin to the execute call so an admin will be able to replay session from another account	5 years ago
Stéphane Lesimple	cfef70daef	chore: install-ttyrec.sh: adapt for multiarch	5 years ago
Stéphane Lesimple	5c72c92bdd	chore: fix typos everywhere	5 years ago
Stéphane Lesimple	619000fa84	enh: install-ttyrec.sh replaces build-and-install-ttyrec.sh No longer build ttyrec inplace, either download and install the Debian/RPM package, or install the prebuild static binaries. Modify the Dockerfiles accordingly.	5 years ago
Stéphane Lesimple	202790367d	enh: packages-check.sh: add qrencode-libs for rhel/centos This enables direct printing of the qrcode on the terminal for TOTP enrollment	5 years ago
Thomas Soëte	9a23c1ce6a	Add missing dev package Install shellcheck too Signed-off-by: Thomas SOËTE <github@alkorin.fr>	5 years ago
Stéphane Lesimple	d3a7818046	Merge pull request #10 from ovh/issue-8 fix: accountModify is master-only	5 years ago
Stéphane Lesimple	4b8b1457e9	fix: accountModify is master-only	5 years ago
Romain Beuque	cb1e54b42a	clush: change description for --no-pause-on-failure to represent the actual behavior Signed-off-by: Romain Beuque <romain.beuque@ovhcloud.com>	5 years ago
Stéphane Lesimple	e453377245	chore: add some documentation and fix a few comments	5 years ago
Thomas Soëte	e766a54a35	Enhance osh-sync-watcher logs With server name and step number	5 years ago
Stéphane Lesimple	fde20136ef	Initial commit	5 years ago

... 3 4 5 6 7 ...

393 Commits (master)