fix: stuff

alterway · Aug 25, 2023 · fe49c9a · fe49c9a
1 parent 3f69948
commit fe49c9a
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 25 deletions.
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -42,10 +42,5 @@ nfpms:
       type: tree
 
   scripts:
-    postinstall: "packaging/post-install.sh"
-    postremove: "packaging/post-remove.sh"
-
-  rpm:
-      scripts:
-          postinstall: "packaging/post-install.sh"
-          postremove: "packaging/post-remove.sh"
+    postinstall: "packaging/postinstall.sh"
+    postremove: "packaging/postremove.sh"
diff --git a/README.md b/README.md
@@ -1,20 +1,19 @@
 # sshportal
 
 [![Go Report Card](https://goreportcard.com/badge/moul.io/sshportal)](https://goreportcard.com/report/moul.io/sshportal)
-[![License](https://img.shields.io/github/license/moul/sshportal.svg)](https://github.com/libvoid/sshportal/blob/master/LICENSE)
-[![GitHub release](https://img.shields.io/github/v/release/libvoid/sshportal.svg)](https://github.com/libvoid/sshportal/releases)
+[![License](https://img.shields.io/github/license/alterway/sshportal.svg)](https://github.com/alterway/sshportal/blob/master/LICENSE)
+[![GitHub release](https://img.shields.io/github/v/release/alterway/sshportal.svg)](https://github.com/alterway/sshportal/releases)
 
 Jump host/Jump server without the jump, a.k.a Transparent SSH bastion
 
 ## IMPORTANT NOTE
-**The [original project](https://github.com/moul/sshportal) is no longer being maintained. This fork includes some bugfixes and features but it is on MAINTENANCE mode and only security issues and major bugs will be fixed. You should consider using [Teleport](https://github.com/gravitational/teleport) instead.**
+**The [original project](https://github.com/moul/sshportal) is no longer being maintained. This fork includes important security fixes, some bugfixes and features but it is on MAINTENANCE mode and only security issues and major bugs will be fixed. You should consider using [Teleport](https://github.com/gravitational/teleport) instead.**
 
 <p align="center">
-  <img src="https://raw.githubusercontent.com/libvoid/sshportal/master/.assets/bastion.jpg" width="45%">
+  <img src="https://raw.githubusercontent.com/alterway/sshportal/master/.assets/bastion.jpg" width="45%">
 </p>
 
-
-![Flow Diagram](https://raw.githubusercontent.com/libvoid/sshportal/master/.assets/flow-diagram.png)
+![Flow Diagram](https://raw.githubusercontent.com/alterway/sshportal/master/.assets/flow-diagram.png)
 
 ---
 
@@ -43,12 +42,15 @@ Packaged installation is privileged as it comes with a hardened systemd service
 
 ### Debian-based distributions
 
-1) Get the latest version from https://github.com/libvoid/sshportal/releases
+1) Get the latest version from https://github.com/alterway/sshportal/releases
 
 ```bash
 apt install ./sshportal.deb
 ```
 
+This will install sshportal as a systemd service, configure logrotate to keep 1 year of audit logs and add a dedicated cron for session logs. See [`packaging`](https://github.com/alterway/sshportal/tree/master/packaging).
+
+
 2) Get the invite token
 
 ```bash
@@ -60,7 +62,7 @@ cat /var/log/sshportal/audit/audit.log
 ```bash
 ssh localhost -p 2222 -l invite:xxxxxxx
 
-Welcome root!
+Welcome sshportal!
 
 Your key is now associated with the user "sshportal@localhost".
 ```
@@ -73,11 +75,11 @@ ssh sshportal@localhost -p 2222
 
 ### Docker
 
-An [automated build is setup on the Github registry](https://github.com/libvoid/sshportal/pkgs/container/sshportal).
+An [automated build is setup on the Github registry](https://github.com/alterway/sshportal/pkgs/container/sshportal).
 
 ```bash
 # Start a server in background
-#   mount `pwd` to persist the sqlite database file
+# mount `pwd` to persist the sqlite database file
 docker run -p 2222:2222 -d --name=sshportal -v "$(pwd):$(pwd)" -w "$(pwd)" ghcr.io/alterway/sshportal:latest
 
 # check logs (mandatory on first run to get the administrator invite token)
@@ -141,7 +143,7 @@ To associate this account with a key, use the following SSH user: 'invite:NfHK5a
 ```
 
 Demo gif:
-![sshportal demo](https://github.com/libvoid/sshportal/raw/master/.assets/demo.gif)
+![sshportal demo](https://github.com/alterway/sshportal/raw/master/.assets/demo.gif)
 
 ---
 
@@ -230,7 +232,7 @@ ssh root@portal.example.org host inspect toto
 
 You can enter in interactive mode using this syntax: `ssh root@portal.example.org`
 
-![sshportal overview](https://raw.github.com/libvoid/sshportal/master/.assets/overview.png)
+![sshportal overview](https://raw.github.com/alterway/sshportal/master/.assets/overview.png)
 ---
 
 ## Shell commands
@@ -343,13 +345,13 @@ config>
 
 ---
 
-## portal alias (.ssh/config)
+## Portal alias (.ssh/config)
 
 Edit your `~/.ssh/config` file (create it first if needed)
 
 ```ini
 Host portal
-  User      root
+  User      root       # or 'sshportal' if you use the packaged binary
   Port      2222       # portal port
   HostName  127.0.0.1  # portal hostname
 ```
@@ -376,16 +378,16 @@ By default, `sshportal` uses a local [sqlite](https://www.sqlite.org/) database
 
 You can run multiple instances of `sshportal` sharing the same [MySQL](https://www.mysql.com) database, using `sshportal --db-conn=user:pass@host/dbname?parseTime=true --db-driver=mysql`.
 
-![sshportal cluster with MySQL backend](https://raw.github.com/libvoid/sshportal/master/.assets/cluster-mysql.png)
+![sshportal cluster with MySQL backend](https://raw.github.com/alterway/sshportal/master/.assets/cluster-mysql.png)
 
-See [examples/mysql](http://github.com/libvoid/sshportal/tree/master/examples/mysql).
+See [examples/mysql](http://github.com/alterway/sshportal/tree/master/examples/mysql).
 
 ---
 
 ## Under the hood
 
 * Docker first (used in dev, tests, by the CI and in production)
-* Backed by (see [dep graph](https://godoc.org/github.com/libvoid/sshportal?import-graph&hide=2)):
+* Backed by (see [dep graph](https://godoc.org/github.com/alterway/sshportal?import-graph&hide=2)):
   * SSH
     * https://github.com/gliderlabs/ssh: SSH server made easy (well-designed golang library to build SSH servers)
     * https://godoc.org/golang.org/x/crypto/ssh: both client and server SSH protocol and helpers
@@ -399,7 +401,7 @@ See [examples/mysql](http://github.com/libvoid/sshportal/tree/master/examples/my
     * https://github.com/mgutz/ansi: Terminal color helpers
     * https://github.com/urfave/cli: CLI flag parsing with subcommands support
 
-![sshportal data model](https://raw.github.com/libvoid/sshportal/master/.assets/sql-schema.png)
+![sshportal data model](https://raw.github.com/alterway/sshportal/master/.assets/sql-schema.png)
 
 ---
 

diff --git a/packaging/etc/logrotate.d/sshportal b/packaging/etc/logrotate.d/sshportal
@@ -0,0 +1,13 @@
+/var/log/sshportal/audit.log {
+  daily
+  missingok
+  rotate 365
+  compress
+  notifempty
+  create 640 root root
+  dateext
+  dateformat -%Y-%m-%d
+  postrotate
+    invoke-rc.d rsyslog rotate > /dev/null
+  endscript
+}
diff --git a/packaging/post-install.sh → packaging/postinstall.sh b/packaging/post-install.sh → packaging/postinstall.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 
 mkdir -p /var/log/sshportal/audit
+echo "0 1 * * 0 root find /var/log/sshportal/session/ -ctime +365 -type f -delete" > /etc/cron.d/sshportal
 systemctl daemon-reload
 systemctl enable sshportal
 systemctl start sshportal
diff --git a/packaging/post-remove.sh → packaging/postremove.sh b/packaging/post-remove.sh → packaging/postremove.sh
@@ -1,5 +1,6 @@
 #!/bin/sh
 
 systemctl is-active --quiet sshportal && systemctl stop sshportal
+rm -f /etc/cron.d/sshportal
 systemctl daemon-reload
 systemctl reset-failed