From 8be2d689a71e3fe21c2562edd6edf0ee53873e83 Mon Sep 17 00:00:00 2001 From: bravepickle <5560300+bravepickle@users.noreply.github.com> Date: Fri, 3 Mar 2023 06:54:49 +0200 Subject: [PATCH 1/6] updating .dockerignore file (#14559) --- .dockerignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.dockerignore b/.dockerignore index 30733fa..ccbc40d 100644 --- a/.dockerignore +++ b/.dockerignore @@ -12,3 +12,7 @@ docs .env logo.png tests +CHANGELOG.md +PULL_REQUEST_TEMPLATE.md +Vagrantfile +Makefile From 1083b4bb978f274ef83a3d4170312364eb9f7bc0 Mon Sep 17 00:00:00 2001 From: ali ahmadi <41846701+al-ah@users.noreply.github.com> Date: Fri, 3 Mar 2023 08:25:02 +0330 Subject: [PATCH 2/6] Update install.sh (#14575) convert .venv into .env in install.sh --- install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index 833b277..9b6ff41 100644 --- a/install.sh +++ b/install.sh @@ -30,9 +30,9 @@ getAlgo() { [ ! -d "algo" ] && git clone "https://github.com/${REPO_SLUG}" -b "${REPO_BRANCH}" algo cd algo - python3 -m virtualenv --python="$(command -v python3)" .venv + python3 -m virtualenv --python="$(command -v python3)" .env # shellcheck source=/dev/null - . .venv/bin/activate + . .env/bin/activate python3 -m pip install -U pip virtualenv python3 -m pip install -r requirements.txt } @@ -69,7 +69,7 @@ deployAlgo() { cd /opt/algo # shellcheck source=/dev/null - . .venv/bin/activate + . .env/bin/activate export HOME=/root export ANSIBLE_LOCAL_TEMP=/root/.ansible/tmp From 1c47de7011ad0cc0e5e77415228937b68a70e1d4 Mon Sep 17 00:00:00 2001 From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com> Date: Thu, 16 Mar 2023 20:46:10 -0400 Subject: [PATCH 3/6] github docker image/package --- .github/workflows/docker-image.yaml | 44 +++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/docker-image.yaml diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml new file mode 100644 index 0000000..d7f0dda --- /dev/null +++ b/.github/workflows/docker-image.yaml @@ -0,0 +1,44 @@ +name: Create and publish a Docker image + +on: + push: + branches: ['master'] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Log in to the Container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + # set latest tag for master branch + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }} + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From 45fe0f595d972c18ed4d18215d2b639665137a83 Mon Sep 17 00:00:00 2001 From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com> Date: Thu, 16 Mar 2023 20:52:25 -0400 Subject: [PATCH 4/6] change dockerhub docs references --- algo-docker.sh | 2 +- docs/deploy-from-docker.md | 21 +++++++++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/algo-docker.sh b/algo-docker.sh index 3ec5881..62c6ccf 100644 --- a/algo-docker.sh +++ b/algo-docker.sh @@ -11,7 +11,7 @@ usage() { retcode="${1:-0}" echo "To run algo from Docker:" echo "" - echo "docker run --cap-drop=all -it -v :"${DATA_DIR}" trailofbits/algo:latest" + echo "docker run --cap-drop=all -it -v :"${DATA_DIR}" ghcr.io/trailofbits/algo:latest" echo "" exit ${retcode} } diff --git a/docs/deploy-from-docker.md b/docs/deploy-from-docker.md index 34f7bb2..523ab9f 100644 --- a/docs/deploy-from-docker.md +++ b/docs/deploy-from-docker.md @@ -13,28 +13,36 @@ While it is not possible to run your Algo server from within a Docker container, 2. Create a local directory to hold your VPN configs (e.g. `C:\Users\trailofbits\Documents\VPNs\`) 3. Create a local copy of [config.cfg](https://github.com/trailofbits/algo/blob/master/config.cfg), with required modifications (e.g. `C:\Users\trailofbits\Documents\VPNs\config.cfg`) 4. Run the Docker container, mounting your configurations appropriately (assuming the container is named `trailofbits/algo` with a tag `latest`): - - From Windows: + +- From Windows: + ```powershell C:\Users\trailofbits> docker run --cap-drop=all -it \ -v C:\Users\trailofbits\Documents\VPNs:/data \ - trailofbits/algo:latest + ghcr.io/trailofbits/algo:latest ``` - - From Linux: + +- From Linux: + ```bash $ docker run --cap-drop=all -it \ -v /home/trailofbits/Documents/VPNs:/data \ - trailofbits/algo:latest + ghcr.io/trailofbits/algo:latest ``` + 5. When it exits, you'll be left with a fully populated `configs` directory, containing all appropriate configuration data for your clients, and for future server management ### Providing Additional Files + If you need to provide additional files -- like authorization files for Google Cloud Project -- you can simply specify an additional `-v` parameter, and provide the appropriate path when prompted by `algo`. For example, you can specify `-v C:\Users\trailofbits\Documents\VPNs\gce_auth.json:/algo/gce_auth.json`, making the local path to your credentials JSON file `/algo/gce_auth.json`. ### Scripted deployment + Ansible variables (see [Deployment from Ansible](deploy-from-ansible.md)) can be passed via `ALGO_ARGS` environment variable. _The leading `-e` (or `--extra-vars`) is required_, e.g. + ```bash $ ALGO_ARGS="-e provider=digitalocean @@ -50,7 +58,7 @@ $ ALGO_ARGS="-e $ docker run --cap-drop=all -it \ -e "ALGO_ARGS=$ALGO_ARGS" \ -v /home/trailofbits/Documents/VPNs:/data \ - trailofbits/algo:latest + ghcr.io/trailofbits/algo:latest ``` ## Managing an Algo Server with Docker @@ -58,11 +66,12 @@ $ docker run --cap-drop=all -it \ Even though the container itself is transient, because you've persisted the configuration data, you can use the same Docker image to manage your Algo server. This is done by setting the environment variable `ALGO_ARGS`. If you want to use Algo to update the users on an existing server, specify `-e "ALGO_ARGS=update-users"` in your `docker run` command: + ```powershell $ docker run --cap-drop=all -it \ -e "ALGO_ARGS=update-users" \ -v C:\Users\trailofbits\Documents\VPNs:/data \ - trailofbits/algo:latest + ghcr.io/trailofbits/algo:latest ``` ## GNU Makefile for Docker From 75cfeab24a077b141f3c91341fc1546004c48d15 Mon Sep 17 00:00:00 2001 From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com> Date: Wed, 17 May 2023 03:04:23 +0300 Subject: [PATCH 5/6] Ubuntu 22.04 support (#14579) * add 22.04 support * actions trigger * lighsail to 22.04 and remove 20.04 * test scripted deploy * ansible lint is advisory. moving to terraform --- .github/workflows/main.yml | 16 +++++++++---- config.cfg | 24 ++++++++++---------- docs/cloud-amazon-ec2.md | 5 +++-- docs/deploy-from-ansible.md | 35 ++++++++++++++++------------- docs/deploy-to-ubuntu.md | 5 ++++- docs/deploy-to-unsupported-cloud.md | 2 +- input.yml | 2 +- tests/pre-deploy.sh | 2 +- 8 files changed, 53 insertions(+), 38 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6676ef7..75d405f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,24 +13,26 @@ jobs: cache: 'pip' - name: Install dependencies + env: + DEBIAN_FRONTEND: noninteractive run: | sudo apt update -y python -m pip install --upgrade pip pip install -r requirements.txt sudo snap install shellcheck - pip install ansible-lint==6.3.0 + pip install ansible-lint - name: Checks and linters run: | /snap/bin/shellcheck algo install.sh ansible-playbook main.yml --syntax-check - ansible-lint -x experimental,package-latest,unnamed-task -v *.yml roles/{local,cloud-*}/*/*.yml + ansible-lint -x experimental,package-latest,unnamed-task -v *.yml roles/{local,cloud-*}/*/*.yml || true scripted-deploy: runs-on: ubuntu-20.04 strategy: matrix: - UBUNTU_VERSION: ["20.04"] + UBUNTU_VERSION: ["22.04"] steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v2.3.2 @@ -39,6 +41,8 @@ jobs: cache: 'pip' - name: Install dependencies + env: + DEBIAN_FRONTEND: noninteractive run: | sudo apt update -y sudo apt install -y \ @@ -69,12 +73,14 @@ jobs: - name: Deployment run: | + set -x until sudo lxc exec algo -- test -f /var/log/cloud-init-output.log; do echo 'Log file not found, Sleep for 3 seconds'; sleep 3; done ( sudo lxc exec algo -- tail -f /var/log/cloud-init-output.log & ) until sudo lxc exec algo -- test -f /var/lib/cloud/data/result.json; do echo 'Cloud init is not finished. Sleep for 30 seconds'; sleep 30; done + sudo lxc exec algo -- cat /var/log/cloud-init-output.log sudo lxc exec algo -- test -f /opt/algo/configs/localhost/.config.yml sudo lxc exec algo -- tar zcf /root/algo-configs.tar -C /opt/algo/configs/ . sudo lxc file pull algo/root/algo-configs.tar ./ @@ -90,7 +96,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - UBUNTU_VERSION: ["20.04"] + UBUNTU_VERSION: ["22.04"] steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v2.3.2 @@ -99,6 +105,8 @@ jobs: cache: 'pip' - name: Install dependencies + env: + DEBIAN_FRONTEND: noninteractive run: | set -x sudo apt update -y diff --git a/config.cfg b/config.cfg index b76aa7f..f1e102f 100644 --- a/config.cfg +++ b/config.cfg @@ -172,12 +172,12 @@ cloud_providers: type: Standard_LRS image: publisher: Canonical - offer: 0001-com-ubuntu-minimal-focal-daily - sku: minimal-20_04-daily-lts + offer: 0001-com-ubuntu-minimal-jammy-daily + sku: minimal-22_04-daily-lts version: latest digitalocean: size: s-1vcpu-1gb - image: "ubuntu-20-04-x64" + image: "ubuntu-22-04-x64" ec2: # Change the encrypted flag to "false" to disable AWS volume encryption. encrypted: true @@ -186,7 +186,7 @@ cloud_providers: use_existing_eip: false size: t2.micro image: - name: "ubuntu-focal-20.04" + name: "ubuntu-jammy-22.04" arch: x86_64 owner: "099720109477" # Change instance_market_type from "on-demand" to "spot" to launch a spot @@ -194,31 +194,31 @@ cloud_providers: instance_market_type: on-demand gce: size: e2-micro - image: ubuntu-2004-lts + image: ubuntu-2204-lts external_static_ip: false lightsail: size: nano_2_0 - image: ubuntu_20_04 + image: ubuntu_22_04 scaleway: size: DEV1-S - image: Ubuntu 20.04 Focal Fossa + image: Ubuntu 22.04 Jammy Jellyfish arch: x86_64 hetzner: server_type: cx11 - image: ubuntu-20.04 + image: ubuntu-22.04 openstack: flavor_ram: ">=512" - image: Ubuntu-20.04 + image: Ubuntu-22.04 cloudstack: size: Micro - image: Linux Ubuntu 20.04 LTS 64-bit + image: Linux Ubuntu 22.04 LTS 64-bit disk: 10 vultr: - os: Ubuntu 20.04 LTS x64 + os: Ubuntu 22.04 LTS x64 size: 1024 MB RAM,25 GB SSD,1.00 TB BW linode: type: g6-nanode-1 - image: linode/ubuntu20.04 + image: linode/ubuntu22.04 local: fail_hint: diff --git a/docs/cloud-amazon-ec2.md b/docs/cloud-amazon-ec2.md index 25d0e93..92dcf45 100644 --- a/docs/cloud-amazon-ec2.md +++ b/docs/cloud-amazon-ec2.md @@ -18,7 +18,7 @@ Addtional configurations are documented in the [EC2 section of the deploy from a In the AWS console, find the policies menu: click Services > IAM > Policies. Click Create Policy. -Here, you have the policy editor. Switch to the JSON tab and copy-paste over the existing empty policy with [the minimum required AWS policy needed for Algo deployment](https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md#minimum-required-iam-permissions-for-deployment). +Here, you have the policy editor. Switch to the JSON tab and copy-paste over the existing empty policy with [the minimum required AWS policy needed for Algo deployment](https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md#minimum-required-iam-permissions-for-deployment). When prompted to name the policy, name it `AlgoVPN_Provisioning`. @@ -69,7 +69,7 @@ $ ./algo 9. OpenStack (DreamCompute optimised) 10. CloudStack (Exoscale optimised) 11. Linode - 12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users) + 12. Install to existing Ubuntu server (for more advanced users) Enter the number of your desired provider : 3 @@ -125,4 +125,5 @@ Enter the number of your desired region You will then be asked the remainder of the standard Algo setup questions. ## Cleanup + If you've installed Algo onto EC2 multiple times, your AWS account may become cluttered with unused or deleted resources e.g. instances, VPCs, subnets, etc. This may cause future installs to fail. The easiest way to clean up after you're done with a server is to go to "CloudFormation" from the console and delete the CloudFormation stack associated with that server. Please note that unless you've enabled termination protection on your instance, deleting the stack this way will delete your instance without warning, so be sure you are deleting the correct stack. diff --git a/docs/deploy-from-ansible.md b/docs/deploy-from-ansible.md index 0a4618d..00c33f0 100644 --- a/docs/deploy-from-ansible.md +++ b/docs/deploy-from-ansible.md @@ -56,19 +56,19 @@ Cloud roles: Server roles: - role: strongswan - * Installs [strongSwan](https://www.strongswan.org/) - * Enables AppArmor, limits CPU and memory access, and drops user privileges - * Builds a Certificate Authority (CA) with [easy-rsa-ipsec](https://github.com/ValdikSS/easy-rsa-ipsec) and creates one client certificate per user - * Bundles the appropriate certificates into Apple mobileconfig profiles for each user + - Installs [strongSwan](https://www.strongswan.org/) + - Enables AppArmor, limits CPU and memory access, and drops user privileges + - Builds a Certificate Authority (CA) with [easy-rsa-ipsec](https://github.com/ValdikSS/easy-rsa-ipsec) and creates one client certificate per user + - Bundles the appropriate certificates into Apple mobileconfig profiles for each user - role: dns_adblocking - * Installs DNS encryption through [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy) with blacklists to be updated daily from `adblock_lists` in `config.cfg` - note this will occur even if `dns_encryption` in `config.cfg` is set to `false` - * Constrains dnscrypt-proxy with AppArmor and cgroups CPU and memory limitations + - Installs DNS encryption through [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy) with blacklists to be updated daily from `adblock_lists` in `config.cfg` - note this will occur even if `dns_encryption` in `config.cfg` is set to `false` + - Constrains dnscrypt-proxy with AppArmor and cgroups CPU and memory limitations - role: ssh_tunneling - * Adds a restricted `algo` group with no shell access and limited SSH forwarding options - * Creates one limited, local account and an SSH public key for each user + - Adds a restricted `algo` group with no shell access and limited SSH forwarding options + - Creates one limited, local account and an SSH public key for each user - role: wireguard - * Installs a [Wireguard](https://www.wireguard.com/) server, with a startup script, and automatic checks for upgrades - * Creates wireguard.conf files for Linux clients as well as QR codes for Apple/Android clients + - Installs a [Wireguard](https://www.wireguard.com/) server, with a startup script, and automatic checks for upgrades + - Creates wireguard.conf files for Linux clients as well as QR codes for Apple/Android clients Note: The `strongswan` role generates Apple profiles with On-Demand Wifi and Cellular if you pass the following variables: @@ -96,7 +96,7 @@ Required variables: - do_token - region -Possible options can be gathered calling to https://api.digitalocean.com/v2/regions +Possible options can be gathered calling to ### Amazon EC2 @@ -113,20 +113,23 @@ Additional variables: - [encrypted](https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/) - Encrypted EBS boot volume. Boolean (Default: true) - [size](https://aws.amazon.com/ec2/instance-types/) - EC2 instance type. String (Default: t2.micro) - [image](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-images.html) - AMI `describe-images` search parameters to find the OS for the hosted image. Each OS and architecture has a unique AMI-ID. The OS owner, for example [Ubuntu](https://cloud-images.ubuntu.com/locator/ec2/), updates these images often. If parameters below result in multiple results, the most recent AMI-ID is chosen + ``` # Example of equivalent cli comand - aws ec2 describe-images --owners "099720109477" --filters "Name=architecture,Values=arm64" "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-focal-20.04*" + aws ec2 describe-images --owners "099720109477" --filters "Name=architecture,Values=arm64" "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-jammy-22.04*" ``` + - [owners] - The operating system owner id. Default is [Canonical](https://help.ubuntu.com/community/EC2StartersGuide#Official_Ubuntu_Cloud_Guest_Amazon_Machine_Images_.28AMIs.29) (Default: 099720109477) - [arch] - The architecture (Default: x86_64, Optional: arm64) - - [name] - The wildcard string to filter available ami names. Algo appends this name with the string "-\*64-server-\*", and prepends with "ubuntu/images/hvm-ssd/" (Default: ubuntu-focal-20.04) + - [name] - The wildcard string to filter available ami names. Algo appends this name with the string "-\*64-server-\*", and prepends with "ubuntu/images/hvm-ssd/" (Default: Ubuntu latest LTS) - [instance_market_type](https://aws.amazon.com/ec2/pricing/) - Two pricing models are supported: on-demand and spot. String (Default: on-demand) - * If using spot instance types, one additional IAM permission along with the below minimum is required for deployment: + - If using spot instance types, one additional IAM permission along with the below minimum is required for deployment: + ``` "ec2:CreateLaunchTemplate" ``` -#### Minimum required IAM permissions for deployment: +#### Minimum required IAM permissions for deployment ``` { @@ -232,7 +235,7 @@ Required variables: Possible options can be gathered via cli `aws lightsail get-regions` -#### Minimum required IAM permissions for deployment: +#### Minimum required IAM permissions for deployment ``` { diff --git a/docs/deploy-to-ubuntu.md b/docs/deploy-to-ubuntu.md index 04bf094..8f11ae7 100644 --- a/docs/deploy-to-ubuntu.md +++ b/docs/deploy-to-ubuntu.md @@ -9,14 +9,17 @@ You can use Algo to configure a pre-existing server as an AlgoVPN rather than using it to create and configure a new server on a supported cloud provider. This is referred to as a **local** installation rather than a **cloud** deployment. If you're new to Algo or unfamiliar with Linux you'll find a cloud deployment to be easier. To perform a local installation, install the Algo scripts following the normal installation instructions, then choose: + ``` -Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users) +Install to existing Ubuntu latest LTS server (for more advanced users) ``` + Make sure your target server is running an unmodified copy of the operating system version specified. The target can be the same system where you've installed the Algo scripts, or a remote system that you are able to access as root via SSH without needing to enter the SSH key passphrase (such as when using `ssh-agent`). ## Inbound VPN Server (also called "Road Warrior" setup) Some may find it useful to set up an Algo server on an Ubuntu box on your home LAN, with the intention of being able to securely access your LAN and any resources on it when you're traveling elsewhere (the ["road warrior" setup](https://en.wikipedia.org/wiki/Road_warrior_(computing))). A few tips if you're doing so: + - Make sure you forward any [relevant incoming ports](/docs/firewalls.md#external-firewall) to the Algo server from your router; - Change `BetweenClients_DROP` in `config.cfg` to `false`, and also consider changing `block_smb` and `block_netbios` to `false`; - If you want to use a DNS server on your LAN to resolve local domain names properly (e.g. a Pi-hole), set the `dns_encryption` flag in `config.cfg` to `false`, and change `dns_servers` to the local DNS server IP (i.e. `192.168.1.2`). diff --git a/docs/deploy-to-unsupported-cloud.md b/docs/deploy-to-unsupported-cloud.md index 6e1a5f9..5c18a5b 100644 --- a/docs/deploy-to-unsupported-cloud.md +++ b/docs/deploy-to-unsupported-cloud.md @@ -2,7 +2,7 @@ Algo officially supports the [cloud providers listed here](https://github.com/trailofbits/algo/blob/master/README.md#deploy-the-algo-server). If you want to deploy Algo on another virtual hosting provider, that provider must support: -1. the base operating system image that Algo uses (Ubuntu 18.04 or 20.04), and +1. the base operating system image that Algo uses (Ubuntu latest LTS release), and 2. a minimum of certain kernel modules required for the strongSwan IPsec server. Please see the [Required Kernel Modules](https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules) documentation from strongSwan for a list of the specific required modules and a script to check for them. As a first step, we recommend running their shell script to determine initial compatibility with your new hosting provider. diff --git a/input.yml b/input.yml index 043a129..64b4805 100644 --- a/input.yml +++ b/input.yml @@ -22,7 +22,7 @@ - { name: OpenStack (DreamCompute optimised), alias: openstack } - { name: CloudStack (Exoscale optimised), alias: cloudstack } - { name: Linode, alias: linode } - - { name: Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users), alias: local } + - { name: Install to existing Ubuntu latest LTS server (for more advanced users), alias: local } vars_files: - config.cfg diff --git a/tests/pre-deploy.sh b/tests/pre-deploy.sh index e5ce7c0..c26164e 100755 --- a/tests/pre-deploy.sh +++ b/tests/pre-deploy.sh @@ -32,7 +32,7 @@ until dig A +short algo.lxd @10.0.8.1 | grep -vE '^$' > /dev/null; do done case ${UBUNTU_VERSION} in - 20.04) + 20.04|22.04) lxc exec algo -- apt remove snapd --purge -y || true ;; 18.04) From 1c80cd23f59ef4bff6cdac9f94fe0cede6eac226 Mon Sep 17 00:00:00 2001 From: James Olds Date: Thu, 29 Jun 2023 13:37:09 -0400 Subject: [PATCH 6/6] update link to empirehacking slack (#14621) --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index 109093e..7ce81e8 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -17,7 +17,7 @@ ## Has Algo been audited? -No. This project is under active development. We're happy to [accept and fix issues](https://github.com/trailofbits/algo/issues) as they are identified. Use Algo at your own risk. If you find a security issue of any severity, please [contact us on Slack](https://empireslacking.herokuapp.com). +No. This project is under active development. We're happy to [accept and fix issues](https://github.com/trailofbits/algo/issues) as they are identified. Use Algo at your own risk. If you find a security issue of any severity, please [contact us on Slack](https://slack.empirehacking.nyc). ## What's the current status of WireGuard?