Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
428 Commits
5 Branches
2 Tags
10 MiB
fix/14704
dependabot/pip/ansible-9.4.0
master
dependabot/github_actions/actions/setup-python-5.1.0
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a5801f434'
${ noResults }
Commit Graph

146 Commits (9a5801f43407af6c32e64d9425636812c2b2c152)

Author SHA1 Message Date
Jack Ivanov 20ebd7a595 rename connection 8 years ago
akirilov 05ab1f5feb Modified certificate generation to address issues #234 and #228 (#235) 
* Modified certificate generation to address issues #234 and #228

I have made the following modifications to comply with the IKEv2 client certificate requirements:

- Changed client certificate CN to {{ IP_subject_alt_name }}_{{ item }} from {{ item }}
- Changed client certificate SAN to {{IP_subject_alt_name }} from {{ item }}
- Added clientAuth to client certificate EKU

I have made the following changes to address a mismatch in the windows deployment script and file names:

- Changed the client certificate (.p12) filename in config/{{ IP_subject_alt_name }} to {{ IP_subject_alt_name}}_{{ item }}.p12 from {{ item }}.p12 to match the ps1 script

Testing:

I have tested the changes on Windows 10 client, Ubuntu 16.04.1 server (DigitalOcean) - the config described in Issue #234

I apologize for not being able to test on other configurations. I hope that someone else can verify my changes

* fixed iOS issues

* fixed accidentall user change

* simplified changes

* Final iteration. I think that's all I can do to minimize the changes
 8 years ago
Jack Ivanov 35faf4bca7 Local openssl tasks (#169) 
* Draft

works with ECDSA

RSA support for Windows

* update-users with local_openssl_tasks

* move prompts to the algo script

* additional directory for SSH keys

* move easyrsa_p12_export_password to pre_tasks

* update-users testing

* Fix hardcoded vars

* Delete the CA key

* Hardcoded IP. Fixes #219

* Some fixes
 8 years ago
Jack Ivanov 257be0f395 make the fail message more understandable. Fixes #217 8 years ago
Jack Ivanov 2798f84d3f ensure that apparmor is supported by the kernel #215 8 years ago
Jack Ivanov 3e852caf04 disable compression #146 8 years ago
Jack Ivanov cbf59addb3 additional tags 8 years ago
Jack Ivanov a50a396b94 addtiional fixes 8 years ago
Defunct b0f9ab94b1 ec2_ami_copy boto3 module, KMS, tagging, AMI caching (Encrypted support) 8 years ago
Defunct 0eb048383a refactored ec2 encryption 8 years ago
Jack Ivanov 1a81372192 EC2 Encryption Implemented #133 8 years ago
Jack Ivanov f246165298 Fix a typo 8 years ago
Glenn Rempe 9a46b671f7 Fixes #198, replace typo ECXLUDE with EXCLUDE 8 years ago
Damian Gerow b444398fab Drop the MSS for GCE instances 8 years ago
Defunct a9dd0af3fe resolves #176 + other ec2 env issues 8 years ago
Dan Guido 75194675eb closes #175 8 years ago
kennwhite d2aa52f4e9 UX hint on profile name 
Add explicit label for Algo-generated VPNs. If the user has multiple (non-Algo) VPNs for home/office, there is typically a label other than an IP address and "IKEv2".  This can be seen, for example, on OSX on the top menu bar for networks.
 8 years ago
Jack Ivanov 33b3af540a Fix SSH keys for DigitalOcean 8 years ago
Jack Ivanov 2c9c3ccb09 Fixed #146 8 years ago
Jack Ivanov cd5b096ab7 DO fix 8 years ago
Jack Ivanov 90cc5fa1f7 some fixes 8 years ago
Jack Ivanov 1d07200c74 generating ssh-keys #152 #151 #112 8 years ago
Jack Ivanov abf94989fc the password for the CA private key #75 8 years ago
Jack Ivanov 8b0fe4d8f3 Block client-to-client traffic. Fixed #166 8 years ago
Jack Ivanov ecb6b498b9 unnecessarry to use such way Fixed #162 8 years ago
Jack Ivanov f1715c4e0b random password for the p12 certificates #135 8 years ago
Jack Ivanov 03c805cb87 reorganize the wait_for functions #159 8 years ago
Jack Ivanov 275663264a ipv6 option is available in ansible 2.2; Fixed #158 8 years ago
Jack Ivanov 37ec574d8d IP_subject_alt_name is not declared for localhost. Fixed #149 8 years ago
Jack Ivanov 517366f194 EC2 fix 8 years ago
Jack Ivanov 50e9dbfce0 draft EC2 #150 #157 8 years ago
Jack Ivanov 981809998c Merge branch 'master' of github.com:trailofbits/algo 8 years ago
kennwhite 016a8c7708 Change default instance to free tier (t2.micro) 
I know this is a bit goofy, but the t2.nano is not in the free tier for AWS even though it is smaller than the t2.micro instance. See: https://aws.amazon.com/blogs/aws/ec2-update-t2-nano-instances-now-available/ (the "PS" at the bottom), confirmed on pricing page. The difference is $4.30 per mo vs. free/$8.76  per mo. Maybe add this to config questions, but at least one reviewer has noted this as an issue for his just-setup AWS free account.
 8 years ago
Jack Ivanov 0269cafff7 DNS fix 8 years ago
Jack Ivanov 29ef4d45df Merge pull request #144 from trailofbits/ami_latest_image 
Sort by latest AMI - resolves #140
 8 years ago
Jack Ivanov c552602724 Azure support #26 8 years ago
Defunct 27e5a4feca Sort by latest AMI - resolves #140 8 years ago
Jack Ivanov 3d53dde6ca Fixed. #137 8 years ago
Jack Ivanov 790bcb2efc Merge branch 'win10_support' #9 8 years ago
Jack Ivanov 8a0c5ab971 Windows support implemented 8 years ago
Jack Ivanov f6166ccde4 modify ciphers #9 8 years ago
Jack Ivanov 195697a1f0 Merge pull request #131 from trailofbits/ec2updates 
EC2 Updates and fixes
 8 years ago
Jack Ivanov ad162f55a2 here were no credentials #127 8 years ago
defunct e40545cce5 opens #126 
This commit reverts changes in 437d659 to avoid breaking changes.
 8 years ago
Jack Ivanov e90b58802d fix in the mobileconfig template 8 years ago
Jack Ivanov 2cb98b4516 Windows RSA support #9 8 years ago
Jack Ivanov ede452fad4 Merge branch 'master' of github.com:trailofbits/algo 8 years ago
Jack Ivanov c5860cbc5d Merge pull request #125 from cernekee/tag-fix. Fix #128 
Add missing playbook tags
 8 years ago
Jack Ivanov ee95846445 mobileconfig fix 8 years ago
Defunct d54ba6c7ce Merge branch 'master' into ec2updates 8 years ago