Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
862 Commits
5 Branches
2 Tags
10 MiB
fix/14704
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5d74ded90f'
${ noResults }
Commit Graph

35 Commits (5d74ded90fc8218e863ffd74085eaa8f7da4809a)

Author SHA1 Message Date
Jack Ivanov a66d8f0069 on-build python venvs (#1199) 6 years ago
David Myers 65b0239625 Display the invocation environment to aid debugging (#1108) 6 years ago
Jack Ivanov e8947f318b Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 6 years ago
Jack Ivanov d27b849f24 Ubuntu1804 (#925) 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
 6 years ago
Jack Ivanov 35e526a5a3 IPv6 fixes (#930) 6 years ago
Micah R Ledbetter e944ee993a Embed certs into Windows deployment scripts (#840) 
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
  directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store

As part of this work, rewrite the windows_client.ps1.j2 deployment
script template

- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
  installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
 6 years ago
Jack Ivanov bb094a7b16 More debug for travis 6 years ago
Jack Ivanov 02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 6 years ago
Paul.W Harvey e891d5c43b Generate stronger p12_export_password (#654) (#657) 
This buys us an extra 16bits of password guessing entropy by expanding the characterset from hex to [a-zA-Z0-9_@]
 7 years ago
Paul.W Harvey dd43e1e47e Use openssl to generate better quality p12_export_password (#655) 
We're already doing it this way for CA_password, and ansible's to_uuid is problematic as it uses uuid v5 under the hood (#654)
 7 years ago
Ruben Jongejan e9e6c6e383 cleaner syntax for local actions (#536) 
* refactored local actions to cleaner syntax

* openssl commands folded

* removed unnecessary local_action's
 7 years ago
Jack Ivanov d10a86b331 Revert "define local_dns if dns tag used (#531)" (#532) 
This reverts commit 627b7d5d9b.
 7 years ago
Jack Ivanov 627b7d5d9b define local_dns if dns tag used (#531) 7 years ago
Christopher J. Pilkington 27f9cda361 Add additional delay for ec2 instance prior to ssh (#527) 
* Add additional delay for ec2 instance prior to ssh

* Add 10 second delay to all, rather than to cloud-ec2
 7 years ago
Jack Ivanov 451394100d Some enhances in the compat ciphers (#464) 
raise the IntegrityCheckMethod to SHA384

Move Windows to ECDSA

Increase IntegrityCheckMethod
 7 years ago
Jack Ivanov a7b06058cb remove the proxy role #440 (#457) 
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
 7 years ago
Andy Boutte aa0aadd66e Removing update to ~/.ssh/config #400 (#435) 7 years ago
Jack Ivanov 16329fe088 Instance size (#404) 
* Escaping Special Characters #388

* Make instance sizes more flexible to edit #355
 7 years ago
Jack Ivanov 25e0e9085d move back to RSA 7 years ago
Jack Ivanov 95e0134f21 1. Disable SSH key deploying if installation on existing server 
2. Move to the ed25519 algorithm
3. Delete unneeded option RSAAuthentication
Fixes #272
 7 years ago
Casey Lang 9b76282a37 Check for creation of private key during its generation (#322) 
This task was previously checking for the public key even though it is
in place to generate the private key. A simple switch to the `creates`
arg resolves the issue.
 7 years ago
Jack Ivanov 9daec9be9e fix ssh tasks 7 years ago
Jack Ivanov 4de4229e82 Fix hardcoded names 7 years ago
Jack Ivanov 6facb6cb4f FreeBSD / HardenedBSD (#262) 
* FreeBSD draft

ifconfig fix

Pre-tasks fixes

fix hardcoded IP

some refactoring

disable system-based tags

disable freebsd tags

FreeBSD vpn role

add defaults

ssh role freebsd

default fix

dns_adblocking freebsd

ubuntu dict fix

* HardenedBSD

update-users BSD

* Rebuild the kernel

docs changing
 7 years ago
Jack Ivanov f7da2e3888 EC2 dynamic enventory. Fixes #73 7 years ago
Jack Ivanov eba04b3c91 ssh_config fix 7 years ago
Jack Ivanov 1cca3b1093 Ensure that ssh keys and configs are exist Fixes #250 (#254) 7 years ago
Jack Ivanov d23c952a4e Add the algo ssh key to any server (prevent fails when a user wants to update-users on a server deployed by algo but not with the algo ssh key) 8 years ago
Jack Ivanov 1d07200c74 generating ssh-keys #152 #151 #112 8 years ago
Jack Ivanov 275663264a ipv6 option is available in ansible 2.2; Fixed #158 8 years ago
Jack Ivanov bb90bb26a6 a fix for ipv6 provisioning on DO #158 8 years ago
Jack Ivanov d558781473 dirty fix #148 8 years ago
Jack Ivanov abafe1581c Fixed #147 8 years ago
Jack Ivanov 4d731580b7 linting 8 years ago
Jack Ivanov 97a00699b7 new tags 8 years ago