Skip to content

v3.01.00
Compare
Choose a tag to compare
@speed47 speed47 released this 20 Nov 16:45
· 579 commits to master since this release
v3.01.00
d1ed88e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changelog:

  • feat: add FreeBSD 12.1 to automated tests, and multiple fixes to get back proper FreeBSD compatibility/experience
  • feat: partial MFA support for FreeBSD
  • feat: add interactiveModeByDefault option (#54)
  • feat: install: add SELinux module for TOTP MFA (#26)
  • enh: httpproxy: add informational headers to the egress side request
  • fix: osh.pl: validate remote user and host format to fail early if invalid
  • fix: osh-encrypt-rsync.pl: allow more broad chars to avoid letting weird-named files behind
  • fix: osh-backup-acl-keys.sh: don't exclude .gpg, or we miss /root/.gnupg/secring.gpg
  • fix: selfListSessions: bad sorting of the list
  • misc: a few other fixes here and there

How to upgrade

Specific upgrade instructions:

A new bastion.conf option was introduced: interactiveModeByDefault. If not present in your config file, its value defaults to 1 (true), which changes the behavior of The Bastion when a user connects without specifying any command. When this happens, it'll now display the help then drop the user into interactive mode (if this mode is enabled), instead of displaying the help and aborting with an error message. Set it to 0 (false) if you want to keep the previous behavior.

An SELinux module has been added in this version, to ensure TOTP MFA works correctly under systems where SELinux is on enforcing mode. This module will be installed automatically whenever SELinux is detected on the system. If you don't want to use this module, specify --no-install-selinux-module on your /opt/bastion/bin/admin/install upgrade call (please refer to the generic upgrade instructions for more details).

Assets 2
Loading