wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-18 15:17:07 +02:00
Code Issues Projects Releases Wiki Activity
1152 commits 5 branches 2 tags 10 MiB
Commit graph

419 commits

Author SHA1 Message Date
Jack Ivanov
d27b849f24 Ubuntu1804 (#925) 
- Fixes #897 #944 #956

Work in progress. Lightsail is not ready for Ubuntu 18.04 yet

- [x] DigitalOcean
~~- [ ] Amazon Lightsail~~
- [x] Amazon EC2
- [x] Microsoft Azure
- [x] Google Compute Engine
- [x] Scaleway
- [x] OpenStack (DreamCompute optimised)
 2018-05-24 07:08:14 -07:00
Evgeny Aleksandrov
d9dc68164f Remove algo_params (#961) 2018-05-24 09:01:26 +03:00
Evgeny Aleksandrov
87836e0358 Fix typo (#960) 2018-05-24 09:00:38 +03:00
Jack Ivanov
35e526a5a3 IPv6 fixes (#930) 2018-05-08 13:55:17 -07:00
Brian Hulette
e01e82b1c3 Don't download minisig dnscrypt release (#905) 2018-04-29 10:32:10 -07:00
adamluk
3d9fa7f8c8 Update dnscrypt-proxy.toml.j2 (#899) 
Updated dnscrypt-proxy.tml with new options: cache_neg_min_ttl and cache_neg_max_ttl
 2018-04-27 07:29:29 -07:00
Dan Guido
c276f971b7
monkey patch problematic dnscrypt-proxy cgroup limits (#894) 2018-04-25 15:32:50 -07:00
Jack Ivanov
c82bd8c5ff DNS-over-HTTPS (#875) 2018-04-25 12:27:58 -07:00
Jack Ivanov
ed6e2d998d Add ipv6 address to subjectAltName if supported (#881) 
CHANGELOG

Some changes

Some changes
 2018-04-23 16:06:34 -07:00
Micah R Ledbetter
e944ee993a Embed certs into Windows deployment scripts (#840) 
- Obviate need to copy separate script and certificate files
- Allow execution from any directory, not just the script's parent
  directory (no assumption of any particular working directory)
- Fix docs that neglected to mention copying cacert.pem
- Fix docs that incorrectly referred to the user cert store

As part of this work, rewrite the windows_client.ps1.j2 deployment
script template

- Add comment-based help
- Require admin privileges
- Use a Param() block
- Use parameter sets with -Add and -Remove switches
- Add the -GetInstalledCerts switch, to list any Algo certificates
  installed the machine's cert store
- Add the -SaveCerts switch, to save the embedded certificates to files
- Put Jinja2 variables inside Powershell variables,
- Use native Powershell cmdlets rather than shell out to certutil.exe
- Add a playbook to regenerate the windows_USER.ps1 scripts
 2018-03-28 11:20:43 -07:00
Micah R Ledbetter
4b0aea8f5a Document iptables rules (#854) 
* Remove firewall rule related to the old proxy role

* Remove proxy conditionals from mobileconfig template

* Add comments explaining firewall rules
 2018-03-28 11:17:56 -07:00
Jack Ivanov
78830d96aa Android: add the CA and set the ciphers explicitly (#837) 2018-03-19 12:05:30 -04:00
Jack Ivanov
4e4440a318 Exclude CA from P12 (#835) 2018-03-17 17:16:22 -04:00
Jack Ivanov
3b19f13082 Enable no-resolv (#816) 2018-03-12 12:00:48 -04:00
adamluk
b30f6db079 Update rules.v6.j2 (#818) 
Updated to use -m conntrack for consistency as per the other IPv6 rules.
 2018-03-12 11:51:34 -04:00
Jack Ivanov
7e07c35474 proper cloudformation template (#815) 2018-03-02 16:13:49 -05:00
Jack Ivanov
02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 2018-03-02 07:55:54 -05:00
Jack Ivanov
4da752b603 Ubuntu 17.10 support (#811) 2018-02-24 14:17:34 +01:00
Micah R Ledbetter
5eed1bbba4 Use dns_servers in dnsmasq.conf (#794) 2018-01-27 12:01:12 -08:00
Douglas Gastonguay-Goddard
7eb4fc5f22 DigitalOcean - Add cleanup step for SSH key (#784) 
* Add cleanup step for SSH key.

* Two space tabs are hard to see.
 2018-01-19 20:06:15 -05:00
Jack Ivanov
a844870b7a Sendmail should not be installed (#738) 2017-11-22 09:15:43 -05:00
Marcelo Elizeche Landó
07a1c70bf4 Update adblock.sh for systemd to fix issue #735 (#736) 
* Update script to restart the dnsmasq service using systemctl(systemd) command instead of service(Upstart)

* Use  instead of legacy  REF: https://github.com/koalaman/shellcheck/wiki/SC2006

* Replace non-standard egrep(deprecated) for grep -E. REF: https://github.com/koalaman/shellcheck/wiki/SC2196
 2017-11-21 00:50:05 -05:00
Jack Ivanov
f18c1a0d67 Certificate revocation fix (#719) 2017-11-12 17:09:57 -05:00
Jack Ivanov
b64f682bae remove the dead code. Fixes #671 2017-11-08 18:22:58 +03:00
Jurgen Verhasselt
185c0f51d7 correct configs_prefix vars in client tasks (#712) 2017-11-04 07:16:29 +01:00
Julie Bernosky
dc4dff040e Add StrongSwan log level config option to ipsec.conf template (#700) 2017-10-19 16:06:43 +02:00
Jack Ivanov
3c55cd15a4 GCE. replace underscores (#698) 2017-10-18 16:23:57 -04:00
Jack Ivanov
ee7264f26e Ask users to enter the p12 password manually (#697) 2017-10-18 16:15:39 -04:00
Jack Ivanov
6b803e069f LibreSSL fix #625 (#685) 2017-10-01 16:40:08 -04:00
Jack Ivanov
8da53f859b Some browsers (eg. Safari) stop loading pages if the element with ads can't be loaded (#633) 2017-07-23 14:23:57 -04:00
Samuel Horwitz
0607e968d7 Update main.yml (#621) 2017-07-12 08:36:43 +02:00
Jack Ivanov
0bb9279094 bug in the gce_net module #616 (#620) 2017-07-09 10:32:06 -04:00
Jack Ivanov
78bd5b017c client fixes (#605) 2017-06-21 13:39:54 -04:00
Jack Ivanov
9d8e39f63d Move back to the Xenial repo (#606) 2017-06-21 13:39:29 -04:00
Jack Ivanov
f0283856ad fix revocation (#586) 2017-06-06 12:42:23 +02:00
Jack Ivanov
a8ebb16437 Enable timeouts. Fixes #581 2017-06-05 17:33:03 +02:00
Jack Ivanov
26c202ded5 Generate p12 each deployment. Generate ps1 scripts if windows supported. Define become for all the section. (#580) 2017-06-04 12:18:55 -04:00
Jack Ivanov
ba7859ba5f Revoke non-existing users fix 2017-06-04 11:30:55 +02:00
Jack Ivanov
0131505195 Enhance PS1 script (#510) 
update docs

Update README.md

update readme
 2017-05-23 11:31:53 -04:00
Jack Ivanov
e6c8f19d3c Create a VPC network for each instane (#561) 2017-05-23 11:30:57 -04:00
Jack Ivanov
ee6db37428 Change the P12 and SSH passwords only for new users (#550) 2017-05-21 22:28:18 -04:00
Jack Ivanov
40e0363b18 Add html helper for Android (#554) 
* add html helper #280

move to the new local schema

fix a typo

* Update client-android.md
 2017-05-21 22:27:53 -04:00
Ruben Jongejan
e9e6c6e383 cleaner syntax for local actions (#536) 
* refactored local actions to cleaner syntax

* openssl commands folded

* removed unnecessary local_action's
 2017-05-17 02:30:04 -04:00
Rod Vagg
75d64ac018 Make DNS blocklist URLs configurable (#548) 2017-05-15 12:39:34 +02:00
tetov
ac6db06a19 grammar edit (#540) 
* grammar edit

* Update openssl.yml
 2017-05-10 10:06:19 -04:00
Jack Ivanov
58d5a06e87 delete tasks and move to roles (#519) 2017-05-08 16:34:45 -04:00
Ruben Jongejan
07ddb5863b improved readability with native yaml (#530) 2017-05-08 16:34:24 -04:00
Jack Ivanov
97369c303a define local_dns if dns tag used (#533) 2017-05-08 16:33:30 -04:00
Jack Ivanov
0031d2809e Disable the Signature Algorithm check and add default vars. Fixes #525 2017-05-08 21:40:38 +02:00
Christopher J. Pilkington
a225bde2b8 Specify EIP domain (#521) 2017-05-06 09:16:28 -04:00