lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 01:24:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
9,093 Commits 1 Branch 0 Tags
Commit Graph

8374 Commits

Author SHA1 Message Date
Robin Schneider
d1e90d3cee Print SSH and X.509 fingerprints in console banner without need to login (#2481) 
Example output:

```
$ /usr/local/etc/rc.initial.banner

*** test-fw.localdomain: OPNsense 18.1.10 (amd64/OpenSSL) ***

 WAN (vtnet0)    -> v4/DHCP4: 172.30.23.2/24

 SSH: 256 SHA256:fcMIAgT/vZR/TWP0j8AFROTNnudkU1tP9sRhbsIa8vM (ECDSA)
 SSH: 256 SHA256:lDenOc5wy2WU0e6sSz2hR9nEFnMqx5c3u1F/pHxgJlY (ED25519)
 SSH: 2048 SHA256:dsw9srlQHL0hPJlEdR9rL769N30BTZgXG9gXbdZGOkU (RSA)
 HTTPS X.509 cert: SHA256 Fingerprint=F0:E6:EB:31:E8:87:AF:52:16:4E:84:05:3B:6C:03:2C:C1:DF:5A:E7:36:F4:32:44:3B:B5:57:63:97:45:C3:77
```

The list of fingerprints is appended after the interface list because
the interface list might be pretty long and thus would move the
fingerprints out of the screen which we don’t want.

Previously (#2427) I suggested to extract the X.509 certificate from the
xml config but the difficult part for me who is not so familiar with the
implementation of OPNsense is to find the certificate which is actually
used by the local web server. I found that `/var/etc/cert.pem` is used
in the configuration of the local web server and assume that this is the
easier way to implement this in the expectation that the file name does
not change without being also changed in this script and that the file
exists. If it does not exist, OpenSSL would complain with a useful error
message.

This commit is one piece to make fully trusted bootstrapping easier.
Related to: https://github.com/opnsense/core/issues/2427
Tested on: OPNsense 18.1.10-amd64
 2018-07-06 21:55:15 +02:00
Franco Fichtner
e8721cd9cc mvc: whitespace and style sweep 2018-07-06 19:48:38 +00:00
Fabian Franz BSc
095c7ae491 Unbound: add WPAD (#2097) 2018-07-06 21:41:24 +02:00
Fabian Franz BSc
8257d1abfa add WPAD to dhcp server (#2088) 2018-07-06 21:38:51 +02:00
Fabian Franz BSc
7386a5fe73 Add PAC support to proxy (#2018) 2018-07-06 21:32:26 +02:00
Ad Schellevis
c2e75d2606 firewall/alias, forgot to select external aliases in legacy_list_aliases() 2018-07-06 16:57:18 +02:00
Franco Fichtner
c0838ddfc0 mvc: multiselect may allow empty option, no need to give blank item too 2018-07-05 12:24:17 +00:00
Frank Brendel
20f41070bc monit: fix UI issues 2018-07-05 13:49:29 +02:00
Franco Fichtner
dc3df43a97 importer: clear DEV after use always 2018-07-04 17:05:14 +02:00
Franco Fichtner
c72b50a7a9 importer: simplify the loop 2018-07-04 16:44:16 +02:00
Franco Fichtner
faa2663e60 importer: it's complicated... 2018-07-04 16:33:50 +02:00
Franco Fichtner
8e57dfd58c installer: minor hiccup in setup 2018-07-04 16:23:35 +02:00
Franco Fichtner
8102296a90 importer: loop as long as mount is not successful 2018-07-04 15:40:32 +02:00
Ad Schellevis
0abd42c06d pull in 533d59f5fd 2018-07-04 14:07:40 +02:00
João Vilaça
68f53ef004 Fix CaptivePortal model documentation (#2510) 2018-07-03 11:57:19 +02:00
Frank Brendel
d30547ac26 monit: run reconfigure after test cleanup 2018-07-03 10:48:53 +02:00
Frank Brendel
677f6a4a19 monit: generate template when disabling monit 2018-07-03 09:34:57 +02:00
Frank Brendel
11903e7478 monit: create template before stopping Monit for ServiceController test 2018-07-03 09:04:46 +02:00
Franco Fichtner
a9159026dc firewall: properly extract first error from pfctl 
While here, we no longer need the ALTQ trickery.
 2018-07-02 17:25:27 +00:00
Franco Fichtner
bd59d9a5ad unbound: reformat, bump copyright after recent changes 2018-07-02 18:31:04 +02:00
Franco Fichtner
ad6c7384e4 dnsmasq: second part of slurp rework 
Align this code with Unbound, slowly ridding ourselves of
get_possible_listen_ips() in the process as well.

PR: https://twitter.com/wget42/status/1009886764155260928
 2018-07-02 16:21:02 +00:00
Franco Fichtner
f344e9d447 dnsmasq: slurp all addresses for bind 
PR: https://twitter.com/wget42/status/1009886764155260928
 2018-07-02 17:58:01 +02:00
Frank Brendel
d30b55356f monit: UI improvements; phpunit tests (#2505) 2018-07-02 16:34:49 +02:00
Franco Fichtner
42daf16775 dashboard: add date to cpu widget 2018-07-02 14:25:18 +00:00
Franco Fichtner
0e26ebe473 filter: we split ":", but it can be a character in the interface :D 
"no IP address found for ovpnc2:0 - The line in question reads [0]:"

PR: https://forum.opnsense.org/index.php?topic=9030.0
 2018-07-02 16:05:02 +02:00
marjohn56
4b89ead113 Delete Tooltip 2018-07-02 16:01:30 +02:00
marjohn56
0a34458d09 Remove CPU Load Tooltip 2018-07-02 15:45:31 +02:00
Franco Fichtner
1094c805f2 firmware: revoke older fingerprints 2018-07-02 14:36:40 +02:00
Franco Fichtner
e8f3c99f82 interfaces: flip order of radvd / dhcp6c load #2394 2018-07-02 10:19:35 +02:00
marjohn56
12283a6428 dhcp: add range help; closes #2501 2018-07-02 08:52:45 +02:00
Franco Fichtner
513296572c firmware: remove trailing slash from URL 2018-07-02 08:24:34 +02:00
marjohn56
88a45c2bfe Typo in interfaces.php 2018-07-02 08:10:11 +02:00
Franco Fichtner
37f852632c wizard: tweak language 
PR: https://forum.opnsense.org/index.php?topic=8969.0
 2018-06-30 21:23:20 +02:00
Nicholas de Jong
2951d9a66e rc: unset rcvar first...; closes #2477 
to ensure any previous assignment of rcvar is unset since it
is being used in a global context not locally scoped within
the rc_enabled() function
 2018-06-30 19:41:39 +02:00
Franco Fichtner
9f1a383ed0 src: whitespace sweep 2018-06-30 12:21:31 +02:00
Franco Fichtner
d48b83e60a interfaces: whitespace sweep 2018-06-30 12:21:17 +02:00
Tian Yunhao
0ed9753b09 interfaces: check existence of status 
Check the existence of `status` before using it to avoid `Undefined index` warnings / errors.
 2018-06-30 12:19:27 +02:00
Franco Fichtner
54884afcb2 firmware: tweak message for r1 2018-06-30 12:06:27 +02:00
Franco Fichtner
548ae4ff17 firmware: add message too 2018-06-30 12:03:55 +02:00
Franco Fichtner
8fa15dd3db firmware: prepare 18.7.r1 update 2018-06-30 11:59:12 +02:00
Franco Fichtner
2d32125dae ui: tokenizer2 style like tokenizer1/selectpicker 
Was already reported by @mimugmail and found some more tweak
areas along the way.
 2018-06-30 09:39:02 +00:00
Ad Schellevis
de789117d6 Firewall/alias, missing escape. for https://github.com/opnsense/core/issues/1858 2018-06-29 19:41:52 +02:00
Ad Schellevis
4db67759eb add fix for Tokenize2, include source for safety, closes https://github.com/opnsense/core/issues/2491 2018-06-29 19:28:35 +02:00
Ad Schellevis
66191476dd ipsec, add mutual rsa + EAP-MSCHAPV2 for https://github.com/opnsense/core/issues/1961 2018-06-29 18:07:31 +02:00
Franco Fichtner
78d84c70a6 filter: change %d to %s, we can print a number as string too 
PR: https://forum.opnsense.org/index.php?topic=9030.0
 2018-06-29 13:06:29 +02:00
Franco Fichtner
c3a4e45a86 interfaces: allow private addresses in 6RD, cleanups #1501 2018-06-29 08:20:29 +02:00
Ad Schellevis
9e1a4ce83b Firewall/alias, work in progress. add area select/deselect (https://github.com/opnsense/core/issues/1858) 2018-06-28 22:54:53 +02:00
Ad Schellevis
6cd5d60547 tokenizer2, "Clear All" broken after https://github.com/opnsense/core/issues/2227 2018-06-28 22:41:24 +02:00
Ad Schellevis
e62d1ef31b remove unused .htaccess file and switch from _url to REQUEST_URI usage, for https://github.com/opnsense/core/issues/2494 2018-06-28 11:54:33 +02:00
Frank Brendel
6c373e50b6 monit: fix widget issues 2018-06-28 11:15:58 +02:00