Archives/algo
2
0
Fork 0
mirror of https://github.com/trailofbits/algo synced 2024-11-13 19:12:06 +00:00
Code Issues Projects Releases Wiki Activity
736 Commits 5 Branches 2 Tags 10 MiB
e78df40468
Commit Graph

30 Commits

Author SHA1 Message Date
Micah R Ledbetter
e944ee993a Embed certs into Windows deployment scripts (#840) 
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
  directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store

As part of this work, rewrite the windows_client.ps1.j2 deployment
script template

- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
  installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
 2018-03-28 11:20:43 -07:00
Jack Ivanov
bb094a7b16 More debug for travis 2018-03-27 19:28:48 +03:00
Jack Ivanov
02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 2018-03-02 07:55:54 -05:00
Paul.W Harvey
e891d5c43b Generate stronger p12_export_password (#654) (#657) 
This buys us an extra 16bits of password guessing entropy by expanding the characterset from hex to [a-zA-Z0-9_@]
 2017-09-29 16:04:45 +02:00
Paul.W Harvey
dd43e1e47e Use openssl to generate better quality p12_export_password (#655) 
We're already doing it this way for CA_password, and ansible's to_uuid is problematic as it uses uuid v5 under the hood (#654)
 2017-08-29 08:32:12 -05:00
Ruben Jongejan
e9e6c6e383 cleaner syntax for local actions (#536) 
* refactored local actions to cleaner syntax

* openssl commands folded

* removed unnecessary local_action's
 2017-05-17 02:30:04 -04:00
Jack Ivanov
d10a86b331 Revert "define local_dns if dns tag used (#531)" (#532) 
This reverts commit 627b7d5d9b.
 2017-05-08 22:12:49 +02:00
Jack Ivanov
627b7d5d9b define local_dns if dns tag used (#531) 2017-05-08 16:10:59 -04:00
Christopher J. Pilkington
27f9cda361 Add additional delay for ec2 instance prior to ssh (#527) 
* Add additional delay for ec2 instance prior to ssh

* Add 10 second delay to all, rather than to cloud-ec2
 2017-05-07 12:35:27 -04:00
Jack Ivanov
451394100d Some enhances in the compat ciphers (#464) 
raise the IntegrityCheckMethod to SHA384

Move Windows to ECDSA

Increase IntegrityCheckMethod
 2017-04-23 16:00:37 -04:00
Jack Ivanov
a7b06058cb remove the proxy role #440 (#457) 
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
 2017-04-20 18:00:17 -04:00
Andy Boutte
aa0aadd66e Removing update to ~/.ssh/config #400 (#435) 2017-04-17 22:01:42 -04:00
Jack Ivanov
16329fe088 Instance size (#404) 
* Escaping Special Characters #388

* Make instance sizes more flexible to edit #355
 2017-04-16 10:19:47 -04:00
Jack Ivanov
25e0e9085d move back to RSA 2017-04-10 07:22:40 +02:00
Jack Ivanov
95e0134f21 1. Disable SSH key deploying if installation on existing server 
2. Move to the ed25519 algorithm
3. Delete unneeded option RSAAuthentication
Fixes #272
 2017-04-09 20:41:45 +02:00
Casey Lang
9b76282a37 Check for creation of private key during its generation (#322) 
This task was previously checking for the public key even though it is
in place to generate the private key. A simple switch to the `creates`
arg resolves the issue.
 2017-03-31 13:25:39 -04:00
Jack Ivanov
9daec9be9e fix ssh tasks 2017-03-19 21:45:21 +03:00
Jack Ivanov
4de4229e82 Fix hardcoded names 2017-03-18 12:41:26 +03:00
Jack Ivanov
6facb6cb4f FreeBSD / HardenedBSD (#262) 
* FreeBSD draft

ifconfig fix

Pre-tasks fixes

fix hardcoded IP

some refactoring

disable system-based tags

disable freebsd tags

FreeBSD vpn role

add defaults

ssh role freebsd

default fix

dns_adblocking freebsd

ubuntu dict fix

* HardenedBSD

update-users BSD

* Rebuild the kernel

docs changing
 2017-03-18 12:22:07 +03:00
Jack Ivanov
f7da2e3888 EC2 dynamic enventory. Fixes #73 2017-03-05 23:19:15 +03:00
Jack Ivanov
eba04b3c91 ssh_config fix 2017-02-28 22:22:06 +03:00
Jack Ivanov
1cca3b1093 Ensure that ssh keys and configs are exist Fixes #250 (#254) 2017-02-28 20:05:22 +03:00
Jack Ivanov
d23c952a4e Add the algo ssh key to any server (prevent fails when a user wants to update-users on a server deployed by algo but not with the algo ssh key) 2017-01-14 19:38:21 +03:00
Jack Ivanov
1d07200c74 generating ssh-keys #152 #151 #112 2016-12-17 14:54:44 +03:00
Jack Ivanov
275663264a ipv6 option is available in ansible 2.2; Fixed #158 2016-12-13 21:12:51 +03:00
Jack Ivanov
bb90bb26a6 a fix for ipv6 provisioning on DO #158 2016-12-13 09:08:12 +03:00
Jack Ivanov
d558781473 dirty fix #148 2016-12-12 18:13:58 +03:00
Jack Ivanov
abafe1581c Fixed #147 2016-12-12 18:04:51 +03:00
Jack Ivanov
4d731580b7 linting 2016-09-19 20:18:27 +03:00
Jack Ivanov
97a00699b7 new tags 2016-08-28 23:04:59 +03:00