wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-26 11:12:48 +02:00
Code Issues Projects Releases Wiki Activity
725 commits 5 branches 2 tags 10 MiB
Commit graph

57 commits

Author SHA1 Message Date
Jack Ivanov
4e4440a318 Exclude CA from P12 (#835) 2018-03-17 17:16:22 -04:00
Jack Ivanov
02427910de Ansible 2.4, Lightsail, Scaleway, DreamCompute (OpenStack) integration (#804) 
* Move to ansible-2.4.3

* Add Lightsail support #623

* Fixing the EC2 deployment

* Scaleway integration #623

* OpenStack cloud provider (DreamCompute optimised) #623

* Remove the security role

* Enable unattended-upgrades for clouds

* New requirements to make Azure and GCE work
 2018-03-02 07:55:54 -05:00
Jack Ivanov
f18c1a0d67 Certificate revocation fix (#719) 2017-11-12 17:09:57 -05:00
Jack Ivanov
6b803e069f LibreSSL fix #625 (#685) 2017-10-01 16:40:08 -04:00
Jack Ivanov
9d8e39f63d Move back to the Xenial repo (#606) 2017-06-21 13:39:29 -04:00
Jack Ivanov
f0283856ad fix revocation (#586) 2017-06-06 12:42:23 +02:00
Jack Ivanov
26c202ded5 Generate p12 each deployment. Generate ps1 scripts if windows supported. Define become for all the section. (#580) 2017-06-04 12:18:55 -04:00
Jack Ivanov
ba7859ba5f Revoke non-existing users fix 2017-06-04 11:30:55 +02:00
Jack Ivanov
ee6db37428 Change the P12 and SSH passwords only for new users (#550) 2017-05-21 22:28:18 -04:00
Jack Ivanov
40e0363b18 Add html helper for Android (#554) 
* add html helper #280

move to the new local schema

fix a typo

* Update client-android.md
 2017-05-21 22:27:53 -04:00
Ruben Jongejan
e9e6c6e383 cleaner syntax for local actions (#536) 
* refactored local actions to cleaner syntax

* openssl commands folded

* removed unnecessary local_action's
 2017-05-17 02:30:04 -04:00
tetov
ac6db06a19 grammar edit (#540) 
* grammar edit

* Update openssl.yml
 2017-05-10 10:06:19 -04:00
Jack Ivanov
58d5a06e87 delete tasks and move to roles (#519) 2017-05-08 16:34:45 -04:00
Ruben Jongejan
07ddb5863b improved readability with native yaml (#530) 2017-05-08 16:34:24 -04:00
Jack Ivanov
9f698fdd68 Get strongswan from the Zesty repo on Xenial (#515) 2017-05-03 16:03:10 -04:00
Jack Ivanov
bd348af9c2 Implementing blocks and additional fail hints #487 (#497) 
change the troubleshooting url
 2017-04-29 10:48:25 -04:00
Jack Ivanov
c3fcfe5d0d Let users choose the distro version #449 (#466) 
Make dpdaction great again

add 1704 to travis

Make EC2 image name more convenient

modify apparmor profile
 2017-04-22 17:06:10 -04:00
Jack Ivanov
a7b06058cb remove the proxy role #440 (#457) 
* remove the proxy role #440

* Separate facts. Make roles more independent from each other

move openssl to local tasks

move unneeded tasks
 2017-04-20 18:00:17 -04:00
MiWCryptAnalytics
04b61ca3d2 Increase CA key entropy to 128bit (#415) 
Changes the default CA key size from 48 bit to 128bit with OpenSSL usermode CSPRNG with hex encoding
 2017-04-15 16:23:15 -04:00
brad2014
09e5d87c7b Minor name and documentation edits (#327) 2017-04-01 00:19:10 -04:00
Dan Guido
655a917dd2 iptables filter table fix (#285) 2017-03-27 00:04:46 -04:00
Jack Ivanov
6facb6cb4f FreeBSD / HardenedBSD (#262) 
* FreeBSD draft

ifconfig fix

Pre-tasks fixes

fix hardcoded IP

some refactoring

disable system-based tags

disable freebsd tags

FreeBSD vpn role

add defaults

ssh role freebsd

default fix

dns_adblocking freebsd

ubuntu dict fix

* HardenedBSD

update-users BSD

* Rebuild the kernel

docs changing
 2017-03-18 12:22:07 +03:00
Jack Ivanov
237fcc7a7f additional variables 2017-03-05 10:58:42 +03:00
Jack Ivanov
8eb208c5b7 enable ipv6 if the default gateway is defined. Fixes #244 2017-02-26 20:17:12 +03:00
Craig
43c2f5c31a Installs the recommended packages with strongswan, because we need the OpenSSL (#260) 
plugin from libstrongswan-standard-plugins for ECDH to work.
 2017-02-25 21:07:32 +03:00
Jack Ivanov
e31f10da6d Fixes #255 2017-02-23 18:25:46 +03:00
Jack Ivanov
aca036142f AndroidVPNClientProfiles #240 2017-02-17 00:30:21 +03:00
Jack Ivanov
35faf4bca7 Local openssl tasks (#169) 
* Draft

works with ECDSA

RSA support for Windows

* update-users with local_openssl_tasks

* move prompts to the algo script

* additional directory for SSH keys

* move easyrsa_p12_export_password to pre_tasks

* update-users testing

* Fix hardcoded vars

* Delete the CA key

* Hardcoded IP. Fixes #219

* Some fixes
 2017-02-03 14:24:02 -05:00
Jack Ivanov
2798f84d3f ensure that apparmor is supported by the kernel #215 2017-01-16 00:19:57 +03:00
Jack Ivanov
a50a396b94 addtiional fixes 2017-01-11 20:55:44 +03:00
Jack Ivanov
f246165298 Fix a typo 2017-01-04 17:45:42 +03:00
Jack Ivanov
abf94989fc the password for the CA private key #75 2016-12-15 13:33:29 +03:00
Jack Ivanov
f1715c4e0b random password for the p12 certificates #135 2016-12-14 18:49:47 +03:00
Jack Ivanov
3d53dde6ca Fixed. #137 2016-12-06 20:14:08 +03:00
Jack Ivanov
8a0c5ab971 Windows support implemented 2016-11-29 23:00:01 +03:00
fkt
27ea98e7a8 Show congrats message at the end - #115 2016-11-26 18:05:06 +00:00
Jack Ivanov
5383c71499 Fixed #108 2016-11-03 17:21:18 +03:00
Jack Ivanov
8c284a16e3 Done. #96 2016-10-16 17:36:01 +03:00
Jack Ivanov
062426e0ec client configuration templates #43 2016-10-16 15:27:05 +03:00
Jack Ivanov
c43ccc3898 iptables moved to the vpn role #61 2016-10-14 18:50:24 +03:00
Jack Ivanov
4db428a86e Disable unneeded plugins in StrongSwan #84 2016-10-10 15:42:32 +03:00
Jack Ivanov
8e0cca6b66 some fixes 2016-09-26 15:43:19 +03:00
Jack Ivanov
00e4bcc1ec security role and SSH fixes #77 2016-08-26 00:35:07 +03:00
Dan Guido
27421070b9 linting 2016-08-24 09:22:04 +02:00
Jack Ivanov
19797bc020 CPU and memory limitations of the services #63 2016-08-23 16:10:42 +03:00
Evgeniy Ivanov
468d5af23d service fixes 2016-08-23 09:00:32 +03:00
Defunct
50f43dc601 revert systemd changes (2.2 only), identation normalization; 2016-08-23 02:02:57 +00:00
Evgeniy Ivanov
09c39627d9 Memory limits #63 2016-08-22 23:01:43 +03:00
Evgeniy Ivanov
c51fe5dac0 run charon as non-root user #66 2016-08-21 20:32:31 +03:00
Evgeniy Ivanov
3fa75a081d new iptabes deployment #61 2016-08-20 16:22:14 +03:00