Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
788 Commits
5 Branches
2 Tags
10 MiB
fix/14704
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e8947f318b'
${ noResults }
Commit Graph

67 Commits (e8947f318b197cc8e7c3dfeb7a1289f2593f3b6c)

Author SHA1 Message Date
Jack Ivanov e8947f318b Large refactor to support Ansible 2.5 (#976) 
* Refactoring, booleans declaration and update users fix

* Make server_name more FQDN compatible

* Rename variables

* Define the default value for store_cakey

* Skip a prompt about the SSH user if deploying to localhost

* Disable reboot for non-cloud deployments

* Enable EC2 volume encryption by default

* Add default server value (localhost) for the local installation

Delete empty files

* Add default region to aws_region_facts

* Update docs

* EC2 credentials fix

* Warnings fix

* Update deploy-from-ansible.md

* Fix a typo

* Remove lightsail from the docs

* Disable EC2 encryption by default

* rename droplet to server

* Disable dependencies

* Disable tls_cipher_suite

* Convert wifi-exclude to a string. Update-users fix

* SSH access congrats fix

* 16.04 > 18.04

* Dont ask for the credentials if specified in the environment vars

* GCE server name fix
 6 years ago
Jack Ivanov 4ca8c03e3c New default cipher suite (#991) 
* New ciphers enabled

* Update CHANGELOG.md

* Switch ecparam to secp384r1

* Change CertificateType to ECDSA384
 6 years ago
Jack Ivanov 3488e660ad Add WireGuard support for Android (#910) 
* WireGuard Implementation

* Update client-android.md

* Update README.md

* WireGuard unattended upgrades

* Update README.md

* reload-module-on-update and syntax fix

* SaveConfig to true

* Azure firewall. Fixes #962

* Update README.md

* Update client-android.md
 6 years ago
Evgeny Aleksandrov d9dc68164f Remove algo_params (#961) 6 years ago
Evgeny Aleksandrov 87836e0358 Fix typo (#960) 6 years ago
Jack Ivanov 35e526a5a3 IPv6 fixes (#930) 6 years ago
Jack Ivanov c82bd8c5ff DNS-over-HTTPS (#875) 6 years ago
Jack Ivanov ed6e2d998d Add ipv6 address to subjectAltName if supported (#881) 
CHANGELOG

Some changes

Some changes
 6 years ago
Micah R Ledbetter e944ee993a Embed certs into Windows deployment scripts (#840) 
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
  directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store

As part of this work, rewrite the windows_client.ps1.j2 deployment
script template

- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
  installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
 6 years ago
Micah R Ledbetter 4b0aea8f5a Document iptables rules (#854) 
* Remove firewall rule related to the old proxy role

* Remove proxy conditionals from mobileconfig template

* Add comments explaining firewall rules
 6 years ago
Jack Ivanov 4e4440a318 Exclude CA from P12 (#835) 6 years ago
Jack Ivanov 02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 6 years ago
Jack Ivanov f18c1a0d67 Certificate revocation fix (#719) 7 years ago
Jack Ivanov 6b803e069f LibreSSL fix #625 (#685) 7 years ago
Jack Ivanov 9d8e39f63d Move back to the Xenial repo (#606) 7 years ago
Jack Ivanov f0283856ad fix revocation (#586) 7 years ago
Jack Ivanov 26c202ded5 Generate p12 each deployment. Generate ps1 scripts if windows supported. Define `become` for all the section. (#580) 7 years ago
Jack Ivanov ba7859ba5f Revoke non-existing users fix 7 years ago
Jack Ivanov ee6db37428 Change the P12 and SSH passwords only for new users (#550) 7 years ago
Jack Ivanov 40e0363b18 Add html helper for Android (#554) 
* add html helper #280

move to the new local schema

fix a typo

* Update client-android.md
 7 years ago
Ruben Jongejan e9e6c6e383 cleaner syntax for local actions (#536) 
* refactored local actions to cleaner syntax

* openssl commands folded

* removed unnecessary local_action's
 7 years ago
tetov ac6db06a19 grammar edit (#540) 
* grammar edit

* Update openssl.yml
 7 years ago
Jack Ivanov 58d5a06e87 delete tasks and move to roles (#519) 7 years ago
Ruben Jongejan 07ddb5863b improved readability with native yaml (#530) 7 years ago
Jack Ivanov 9f698fdd68 Get strongswan from the Zesty repo on Xenial (#515) 7 years ago
Jack Ivanov bd348af9c2 Implementing blocks and additional fail hints #487 (#497) 
change the troubleshooting url
 7 years ago
Jack Ivanov c3fcfe5d0d Let users choose the distro version #449 (#466) 
Make dpdaction great again

add 1704 to travis

Make EC2 image name more convenient

modify apparmor profile
 7 years ago
Jack Ivanov a7b06058cb remove the proxy role #440 (#457) 
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
 7 years ago
MiWCryptAnalytics 04b61ca3d2 Increase CA key entropy to 128bit (#415) 
Changes the default CA key size from 48 bit to 128bit with OpenSSL usermode CSPRNG with hex encoding
 7 years ago
brad2014 09e5d87c7b Minor name and documentation edits (#327) 7 years ago
Dan Guido 655a917dd2 iptables filter table fix (#285) 7 years ago
Jack Ivanov 6facb6cb4f FreeBSD / HardenedBSD (#262) 
* FreeBSD draft

ifconfig fix

Pre-tasks fixes

fix hardcoded IP

some refactoring

disable system-based tags

disable freebsd tags

FreeBSD vpn role

add defaults

ssh role freebsd

default fix

dns_adblocking freebsd

ubuntu dict fix

* HardenedBSD

update-users BSD

* Rebuild the kernel

docs changing
 7 years ago
Jack Ivanov 237fcc7a7f additional variables 7 years ago
Jack Ivanov 8eb208c5b7 enable ipv6 if the default gateway is defined. Fixes #244 7 years ago
Craig 43c2f5c31a Installs the recommended packages with strongswan, because we need the OpenSSL (#260) 
plugin from libstrongswan-standard-plugins for ECDH to work.
 7 years ago
Jack Ivanov e31f10da6d Fixes #255 7 years ago
Jack Ivanov aca036142f AndroidVPNClientProfiles #240 7 years ago
Jack Ivanov 35faf4bca7 Local openssl tasks (#169) 
* Draft

works with ECDSA

RSA support for Windows

* update-users with local_openssl_tasks

* move prompts to the algo script

* additional directory for SSH keys

* move easyrsa_p12_export_password to pre_tasks

* update-users testing

* Fix hardcoded vars

* Delete the CA key

* Hardcoded IP. Fixes #219

* Some fixes
 8 years ago
Jack Ivanov 2798f84d3f ensure that apparmor is supported by the kernel #215 8 years ago
Jack Ivanov a50a396b94 addtiional fixes 8 years ago
Jack Ivanov f246165298 Fix a typo 8 years ago
Jack Ivanov abf94989fc the password for the CA private key #75 8 years ago
Jack Ivanov f1715c4e0b random password for the p12 certificates #135 8 years ago
Jack Ivanov 3d53dde6ca Fixed. #137 8 years ago
Jack Ivanov 8a0c5ab971 Windows support implemented 8 years ago
fkt 27ea98e7a8 Show congrats message at the end - #115 8 years ago
Jack Ivanov 5383c71499 Fixed #108 8 years ago
Jack Ivanov 8c284a16e3 Done. #96 8 years ago
Jack Ivanov 062426e0ec client configuration templates #43 8 years ago
Jack Ivanov c43ccc3898 iptables moved to the vpn role #61 8 years ago