wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-23 17:51:25 +02:00
Code Issues Projects Releases Wiki Activity
634 commits 5 branches 2 tags 10 MiB
Commit graph

220 commits

Author SHA1 Message Date
Christopher J. Pilkington
a225bde2b8 Specify EIP domain (#521) 2017-05-06 09:16:28 -04:00
Jack Ivanov
6f170982aa move to Elastic IP (#512) 2017-05-04 08:33:31 -04:00
Jack Ivanov
9f698fdd68 Get strongswan from the Zesty repo on Xenial (#515) 2017-05-03 16:03:10 -04:00
Jack Ivanov
bd348af9c2 Implementing blocks and additional fail hints #487 (#497) 
change the troubleshooting url
 2017-04-29 10:48:25 -04:00
Jack Ivanov
2f5c050fd2 dpdaction to clear (#498) 2017-04-27 14:47:45 -04:00
Jack Ivanov
0ed68b6c30 Properly configure ICMP restrictions (#492) 2017-04-27 12:47:05 -04:00
Ryan Kasper
0cb43650cb Windows 10 -PfsGroup None --> -PfsGroup ECP256 (#493) 
* Windows 10 -PfsGroup None --> -PfsGroup ECP256

Fixes broken tunnel when rekey (CREATE_CHILD_SA request [ N(REKEY_SA) SA No TSi TSr KE ]) occurs (on my Windows 10 1703 build 15063.138 Creator's Update system this is ~every 57 minutes)

* Update Windows Client PfsGroup Commandline
 2017-04-27 12:46:50 -04:00
Jack Ivanov
540c761d3b Disable RSA in the mobileconfigs. Fixes #486 2017-04-25 23:06:51 +02:00
Jack Ivanov
451394100d Some enhances in the compat ciphers (#464) 
raise the IntegrityCheckMethod to SHA384

Move Windows to ECDSA

Increase IntegrityCheckMethod
 2017-04-23 16:00:37 -04:00
Dan Guido
aac052da46 this option is deprecated (#477) 2017-04-23 09:04:30 -04:00
Jack Ivanov
c3fcfe5d0d Let users choose the distro version #449 (#466) 
Make dpdaction great again

add 1704 to travis

Make EC2 image name more convenient

modify apparmor profile
 2017-04-22 17:06:10 -04:00
Andy Boutte
76cdc69548 CF tested and working for EC2 deployment (#431) 
* AWS CloudFormation #132

* IPv6 EC2 draft

* CF tested and working for EC2 deployment

* IPv6 Implementation, EC2, Cloudformation

* Fixed ipv6 networking

* adding ip6tables rule for DHCP on AWS
 2017-04-20 18:04:57 -04:00
Jack Ivanov
a7b06058cb remove the proxy role #440 (#457) 
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
 2017-04-20 18:00:17 -04:00
Dan Guido
0b05ea19bc Windows needs SHA2-256. Closes #453. (#456) 2017-04-20 07:26:46 -04:00
Dan Guido
8173b84ff8 Change uniqueids back to never (#448) 
We need this to allow multiple connections with the same id/certificate
 2017-04-19 09:53:30 +02:00
Dan Guido
b29772f146 prefer ed25519 2017-04-18 02:20:44 -04:00
Dan Guido
f9f7be7b0d Fix a typo from #439 2017-04-18 01:15:07 -04:00
Dan Guido
1778cb1f45 disable dpd #430 (#437) 
Closes #430
 2017-04-18 01:12:21 -04:00
Dan Guido
8e5e6d5088 remove extraneous integrity algos from AEAD ciphers (#439) 
In reference to
https://github.com/trailofbits/algo/issues/9#issuecomment-294370560
 2017-04-18 01:11:56 -04:00
Jauder Ho
5b2e13d18f Only enable ChaCha cipher (#412) 
* Only enable ChaCha cipher

* Add back a few ciphers for compatability
 2017-04-17 23:17:40 -04:00
Jack Ivanov
fa5a956193 Add URLStringProbe (#428) 
* Add URLStringProbe

* switch to Apple's hotspot-detect.html
 2017-04-17 23:16:05 -04:00
Jack Ivanov
ea5976f49b write logs to file if BSD only 2017-04-17 18:12:38 +02:00
Jack Ivanov
9c12272c8c Python False-y values should be accepted. #417 (#426) 2017-04-16 16:40:24 -04:00
Jack Ivanov
16329fe088 Instance size (#404) 
* Escaping Special Characters #388

* Make instance sizes more flexible to edit #355
 2017-04-16 10:19:47 -04:00
Jack Ivanov
bf75a1bb03 move generating of the known_hosts file to local_action (#425) 2017-04-16 10:18:54 -04:00
MiWCryptAnalytics
04b61ca3d2 Increase CA key entropy to 128bit (#415) 
Changes the default CA key size from 48 bit to 128bit with OpenSSL usermode CSPRNG with hex encoding
 2017-04-15 16:23:15 -04:00
Jack Ivanov
02f363d825 change the order of ciphers 2017-04-15 16:36:39 +02:00
mathew19
ae43ed6f81 Update client_ipsec.secrets.j2 (#414) 
Fix filename in client ipsec_user.secrets
 2017-04-15 14:57:22 +02:00
mathew19
5e56996f5c Fix name (#411) 2017-04-15 14:57:07 +02:00
Jack Ivanov
c61a07fb60 Escaping Special Characters #388 (#403) 2017-04-14 14:57:27 -04:00
Jack Ivanov
56a72e5af2 New ciphers implementing #247 (#352) 
Switches to SHA2_512_256 HMAC integrity algorithm and adds cipher compatibility for other platforms.
 2017-04-11 16:08:03 -04:00
Jack Ivanov
70738ed8be Enable IP forwarding GCE #369 2017-04-09 20:52:54 +02:00
Jack Ivanov
95e0134f21 1. Disable SSH key deploying if installation on existing server 
2. Move to the ed25519 algorithm
3. Delete unneeded option RSAAuthentication
Fixes #272
 2017-04-09 20:41:45 +02:00
Dan Guido
e55ce03906 URLStringProbe with this URL does not work as intended 2017-04-09 10:44:32 -04:00
Dan Guido
5e22b79033 Add configuration for URL probes to Apple profile 
Chrome and Android both request a known URL that generates HTTP 204 No Content responses to determine if they have internet connectivity. In Apple profiles, we can use the same URL to determine whether the VPN needs to connect. Using this feature will help save battery life for lots of users.
 2017-04-09 09:52:23 -04:00
Jack Ivanov
47515154bb add mtu in the sswan profile 2017-04-08 10:39:04 +02:00
Casey Lang
8b977afd99 Modify creation of GCE Instance (#363) 
Update deprecated GCE metadata options
 2017-04-07 10:51:30 -04:00
Jack Ivanov
3b8d04d06c remove the logging role 2017-04-05 16:25:56 +02:00
Jack Ivanov
6e61a51aca rewrite the sysctl task 2017-04-04 17:02:11 +02:00
Jack Ivanov
c0f4b5fa41 Enable default values if the role is skipped #313 2017-04-04 16:57:39 +02:00
Josh Soref
84bbcb88d0 Spelling fixes (#342) 
* spelling: algorithm

* spelling: bertrand

* spelling: between

* spelling: checking

* spelling: conjunction

* spelling: contributor

* spelling: delimited

* spelling: fashion

* spelling: droplet

* spelling: javascript

* spelling: nameserver

* spelling: obligatory

* spelling: official

* spelling: overridden

* spelling: overwrite

* spelling: parameter

* spelling: suppressing
 2017-04-02 19:14:38 -04:00
James Hale
41ed682213 Reduce VPC CIDR size to /16 (#341) 2017-04-02 15:48:44 -04:00
Josh Meisels
d37c6b72c5 Add new Azure regions and allow user to select VM size (#332) 
* Update Azure Region List

Included several additional regions in the Azure list.

In a future version we may want to ask users to choose a continent, then present region options since this list is getting long.

* Add VM size selection

Added prompt for user to choose VM size. Useful because the default size is not available in all regions, and there are cheaper sizes.

* Handle vm_size choice in "Create an Instance" step

Use the variable passed in that the user chose for vm_size.

* Differentiate Basic A0 and Standard A0

* Remove vm_size D1 since it's being deprecated

* Fix syntax issue - missing semicolons

* Remove note to self comment

* Remove changes to let user select VM size

Removing my previous additions that let the user select their Azure VM size.

* Hard code VM size to cheapest size

Remove my usage of a variable for VM size. Update to use the Basic_A0, which is the cheapest size of VM.
 2017-04-02 12:34:09 -04:00
Matt Mankins
b8d2dc68bb Change EC2 VPC CIDR blocks to uncommon non-routable addresses (#335) 2017-04-02 00:53:53 -04:00
Josh Watson
84a3b5f675 Change EC2 VPC CIDR blocks to non-routable addresses. (#330) 
The previous address ranges were actually routable addresses, which caused some concern for some people because it looked suspicious in tracert. The new CIDR blocks are non-routable addresses, which resolves this concern.
 2017-04-01 00:20:08 -04:00
brad2014
09e5d87c7b Minor name and documentation edits (#327) 2017-04-01 00:19:10 -04:00
James Hale
3b3fb601ef Fix name tag key (#282) 2017-03-28 21:18:33 -04:00
Dan Guido
655a917dd2 iptables filter table fix (#285) 2017-03-27 00:04:46 -04:00
Jack Ivanov
6facb6cb4f FreeBSD / HardenedBSD (#262) 
* FreeBSD draft

ifconfig fix

Pre-tasks fixes

fix hardcoded IP

some refactoring

disable system-based tags

disable freebsd tags

FreeBSD vpn role

add defaults

ssh role freebsd

default fix

dns_adblocking freebsd

ubuntu dict fix

* HardenedBSD

update-users BSD

* Rebuild the kernel

docs changing
 2017-03-18 12:22:07 +03:00
Jack Ivanov
49ba1f76b4 Some improvements in the mobileconfig. Fixes #270 2017-03-18 11:07:56 +03:00