console1984 0.1.19 → 0.1.20
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +21 -0
- data/lib/console1984/shield/modes/protected.rb +5 -0
- data/lib/console1984/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f982f92b4547b0618ba7c124fde7ac1c26acc0618f77be753171fcff54e54043
|
|
4
|
+
data.tar.gz: 828b81e3719f909263a3e3ccc08a937ece36c6c4d2ea976ef7412413e6797be6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a832cb53bee3f1edd70bd5f4c469048108f4bc8cc39ef3aa452319ca1a157f145212476bc69b3ee5a215b686ed0e6f9945fb1ad497c1493a65a1531cd542b1b2
|
|
7
|
+
data.tar.gz: f6e684bf6fa011a5ba72de4a40919ffc8dc86e1d4bdcea4df2d977d85918b1871d270e2d770e9e1aae3c09dfab9af9c0f59ba4ef7d6cf6bf645851bf5881db3d
|
data/README.md
CHANGED
|
@@ -156,6 +156,27 @@ These config options are namespaced in `config.console1984`:
|
|
|
156
156
|
| `incinerate_after` | The period to keep sessions around before incinerate them. Default `30.days`. |
|
|
157
157
|
| `incineration_queue` | The name of the queue for session incineration jobs. Default `console1984_incineration`. |
|
|
158
158
|
|
|
159
|
+
### SSH Config
|
|
160
|
+
|
|
161
|
+
To automatically set the `CONSOLE_USER` env var for sessions, you'll need to configure SSH on the server to accept the environment variable.
|
|
162
|
+
|
|
163
|
+
On the server, edit `/etc/ssh/sshd_config` to accept the environment variable:
|
|
164
|
+
```
|
|
165
|
+
AcceptEnv LANG LC_* CONSOLE_USER
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
Restart the SSH server to use the new config:
|
|
169
|
+
```bash
|
|
170
|
+
service sshd restart
|
|
171
|
+
```
|
|
172
|
+
|
|
173
|
+
On the client side, you can provide this env var from your clients by adding the variable to the ssh config:
|
|
174
|
+
|
|
175
|
+
```
|
|
176
|
+
Host *
|
|
177
|
+
SetEnv CONSOLE_USER=david
|
|
178
|
+
```
|
|
179
|
+
|
|
159
180
|
## About built-in protection mechanisms
|
|
160
181
|
|
|
161
182
|
`console1984` adds many protection mechanisms to prevent tampering. This includes attempts to alter data in auditing tables or monkey patching certain classes to change how the system works. If you find a way to circumvent these tampering controls, please [report an issue](https://github.com/basecamp/console1984/issues).
|
|
@@ -6,6 +6,11 @@ class Console1984::Shield::Modes::Protected
|
|
|
6
6
|
|
|
7
7
|
thread_mattr_accessor :currently_protected_urls, default: []
|
|
8
8
|
|
|
9
|
+
# Materialize the thread attribute before freezing the class. +thread_mattr_accessor+ attributes rely on
|
|
10
|
+
# setting a class variable the first time they are referenced, and that will fail in frozen classes
|
|
11
|
+
# like this one.
|
|
12
|
+
currently_protected_urls
|
|
13
|
+
|
|
9
14
|
def execute(&block)
|
|
10
15
|
protecting(&block)
|
|
11
16
|
end
|
data/lib/console1984/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: console1984
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.20
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jorge Manrubia
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-12-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|