wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-07 15:43:54 +02:00
Code Issues Projects Releases Wiki Activity

remove unused files

Browse source
This commit is contained in:
jack 2016-09-18 13:10:38 +03:00
parent 9804df3728
commit 1feb1dd937
3 changed files with 1 additions and 223 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -130,7 +130,7 @@ I would, but I don't know of any [suitable ones](https://github.com/trailofbits/
### Why aren't you using OpenVPN? ### Why aren't you using OpenVPN?
OpenVPN does not have out-of-the-box client support on any major desktop or mobile operating system. This introduces user experience issues and requires the user to update and maintain the software themselves. OpenVPN depends on the security of [TLS](https://tools.ietf.org/html/rfc7457), both the protocol and its implementations, and we simply trust the server less due to [past security incidents](https://www.exploit-db.com/exploits/34879/). OpenVPN does not have out-of-the-box client support on any major desktop or mobile operating system. This introduces user experience issues and requires the user to [update](https://www.exploit-db.com/exploits/34037/) and [maintain](https://www.exploit-db.com/exploits/20485/) the software themselves. OpenVPN depends on the security of [TLS](https://tools.ietf.org/html/rfc7457), both the [protocol](http://arstechnica.com/security/2016/08/new-attack-can-pluck-secrets-from-1-of-https-traffic-affects-top-sites/) and its [implementations](http://arstechnica.com/security/2014/04/confirmed-nasty-heartbleed-bug-exposes-openvpn-private-keys-too/), and we simply trust the server less due to past [security](https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin/blob/master/README.md) [incidents](https://www.exploit-db.com/exploits/34879/).
### Why aren't you using Alpine Linux, OpenBSD, or HardenedBSD? ### Why aren't you using Alpine Linux, OpenBSD, or HardenedBSD?

112
ec2.yml
View file

@ -1,112 +0,0 @@
# vim:ft=ansible:
- name: Create a sandbox instance
hosts: localhost
gather_facts: False
vars_files:
- config.cfg
vars:
instance_type: t2.nano
security_group: vpn-secgroup
regions:
"1": "us-east-1"
"2": "us-west-1"
"3": "us-west-2"
"4": "ap-south-1"
"5": "ap-northeast-2"
"6": "ap-southeast-1"
"7": "ap-southeast-2"
"8": "ap-northeast-1"
"9": "eu-central-1"
"10": "eu-west-1"
"11": "sa-east-1"
vars_prompt:
- name: "aws_access_key"
prompt: "Enter your aws_access_key (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html):\n"
private: yes
- name: "aws_secret_key"
prompt: "Enter your aws_secret_key (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html):\n"
private: yes
- name: "region"
prompt: >
What region should the server be located in?
1. us-east-1 US East (N. Virginia)
2. us-west-1 US West (N. California)
3. us-west-2 US West (Oregon)
4. ap-south-1 Asia Pacific (Mumbai)
5. ap-northeast-2 Asia Pacific (Seoul)
6. ap-southeast-1 Asia Pacific (Singapore)
7. ap-southeast-2 Asia Pacific (Sydney)
8. ap-northeast-1 Asia Pacific (Tokyo)
9. eu-central-1 EU (Frankfurt)
10. eu-west-1 EU (Ireland)
11. sa-east-1 South America (São Paulo)
default: "1"
private: no
- name: "aws_server_name"
prompt: "Name the vpn server:\n"
default: "algo.local"
private: no
- name: "ssh_public_key"
prompt: "Enter the local path to your SSH public key:\n"
default: "~/.ssh/id_rsa.pub"
private: no
- name: "dns_enabled"
prompt: "Do you want to install a local DNS resolver to block ads while surfing? (y/n):\n"
default: "y"
private: no
- name: "proxy_enabled"
prompt: "Do you want to install an HTTP proxy to block ads and decrease traffic usage while surfing? (y/n):\n"
default: "y"
private: no
- name: "auditd_enabled"
prompt: "Do you want to use auditd for security monitoring (see config.cfg)? (y/n):\n"
default: "y"
private: no
- name: "ssh_tunneling_enabled"
prompt: "Do you want each user to have their own account for SSH tunneling? (y/n):\n"
default: "y"
private: no
- name: "security_enabled"
prompt: "Do you want to enable the security role? (y/n):\n"
default: "y"
private: no
- name: "easyrsa_p12_export_password"
prompt: "Enter a password for p12 certificates and SSH private keys: (minimum five characters)\n"
default: "vpnpw"
private: yes
roles:
- cloud-ec2
- name: Post-provisioning tasks
hosts: vpn-host
gather_facts: false
become: true
vars_files:
- config.cfg
pre_tasks:
- name: Install prerequisites
raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
- name: Configure defaults
raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
roles:
- common
- { role: security, when: security_enabled is defined and security_enabled == "y" }
- { role: proxy, when: proxy_enabled is defined and proxy_enabled == "y" }
- { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "y" }
- { role: logging, when: auditd_enabled is defined and auditd_enabled == "y" }
- { role: ssh_tunneling, when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }
- vpn

110
gce.yml
View file

@ -1,110 +0,0 @@
# vim:ft=ansible:
- name: Configure the server and install required software
hosts: localhost
gather_facts: false
vars:
zones:
"1": "us-central1-a"
"2": "us-central1-b"
"3": "us-central1-c"
"4": "us-central1-f"
"5": "us-east1-b"
"6": "us-east1-c"
"7": "us-east1-d"
"8": "europe-west1-b"
"9": "europe-west1-c"
"10": "europe-west1-d"
"11": "asia-east1-a"
"12": "asia-east1-b"
"13": "asia-east1-c"
vars_prompt:
- name: "credentials_file"
prompt: "Enter the local path to your credentials JSON file [ex: ~/gogle_cloud.json] (https://support.google.com/cloud/answer/6158849?hl=en&ref_topic=6262490#serviceaccounts):\n"
private: no
- name: "ssh_public_key"
prompt: "Enter the local path to your SSH public key:\n"
default: "~/.ssh/id_rsa.pub"
private: no
- name: "zone"
prompt: >
What zone should the server be located in?
1. Central US (Iowa A)
2. Central US (Iowa B)
3. Central US (Iowa C)
4. Central US (Iowa F)
5. Eastern US (South Carolina B)
6. Eastern US (South Carolina C)
7. Eastern US (South Carolina D)
8. Western Europe (Belgium B)
9. Western Europe (Belgium C)
10. Western Europe (Belgium D)
11. East Asia (Taiwan A)
12. East Asia (Taiwan B)
13. East Asia (Taiwan C)
Please choose the number of your zone. Press enter for default (#8) zone.
default: "8"
private: no
- name: "server_name"
prompt: "Name the vpn server:\n"
default: "algo"
private: no
- name: "dns_enabled"
prompt: "Do you want to install a local DNS resolver to block ads while surfing? (y/n):\n"
default: "y"
private: no
- name: "proxy_enabled"
prompt: "Do you want to install an HTTP proxy to block ads and decrease traffic usage while surfing? (y/n):\n"
default: "y"
private: no
- name: "auditd_enabled"
prompt: "Do you want to use auditd for security monitoring (see config.cfg)? (y/n):\n"
default: "y"
private: no
- name: "ssh_tunneling_enabled"
prompt: "Do you want each user to have their own account for SSH tunneling? (y/n):\n"
default: "y"
private: no
- name: "security_enabled"
prompt: "Do you want to enable the security role? (y/n):\n"
default: "y"
private: no
- name: "easyrsa_p12_export_password"
prompt: "Enter a password for p12 certificates and SSH private keys: (minimum five characters)\n"
default: "vpnpw"
private: yes
roles:
- cloud-gce
- name: Post-provisioning tasks
hosts: vpn-host
gather_facts: false
become: true
vars_files:
- config.cfg
pre_tasks:
- name: Install prerequisites
raw: sudo apt-get update -qq && sudo apt-get install -qq -y python2.7
- name: Configure defaults
raw: sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
roles:
- common
- { role: security, when: security_enabled is defined and security_enabled == "y" }
- { role: proxy, when: proxy_enabled is defined and proxy_enabled == "y" }
- { role: dns_adblocking , when: dns_enabled is defined and dns_enabled == "y" }
- { role: logging, when: auditd_enabled is defined and auditd_enabled == "y" }
- { role: ssh_tunneling, when: ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y" }
- vpn