Merge pull request #33 from snonux/master

Release v4.2.0

Makefile

@@ -33,7 +33,7 @@ clean:
 	  test -f $$cmd && rm $$cmd; \
 	done
 vet:
-	find . -type d | egrep -v '(./samples|./log|./doc)' | while read dir; do \
+	find . -type d | egrep -v '(./examples|./log|./doc)' | while read dir; do \
 	  echo ${GO} vet $$dir; \
 	  ${GO} vet $$dir; \
 	done

doc/installation.md

@@ -53,18 +53,18 @@ uid=1001(dserver) 1001=670(dserver) groups=1001(dserver)
 % sudo chown -R dserver:dserver /var/run/dserver
 ```
 
-4. Install the ``dtail.json`` config to ``/etc/dserver/dtail.json``. An example can be found [here](../samples/dtail.json.sample).
+4. Install the ``dtail.json`` config to ``/etc/dserver/dtail.json``. An example can be found [here](../examples/dtail.json.example).
 
 ```console
 % sudo mkdir /etc/dserver
-% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dtail.json.sample |
+% curl https://raw.githubusercontent.com/mimecast/dtail/master/examples/dtail.json.example |
     sudo tee /etc/dserver/dtail.json
 ```
 
-5. It is recommended to configure DTail server as a service to ``systemd``. An example unit file for ``systemd`` can be found [here](../samples/dserver.service.sample).
+5. It is recommended to configure DTail server as a service to ``systemd``. An example unit file for ``systemd`` can be found [here](../examples/dserver.service.example).
 
 ```console
-% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver.service.sample |
+% curl https://raw.githubusercontent.com/mimecast/dtail/master/examples/dserver.service.example |
     sudo tee /etc/systemd/system/dserver.service
 % sudo systemctl daemon-reload
 % sudo systemctl enable dserver
@@ -97,15 +97,15 @@ To start the DTail server via ``systemd`` run:
 
 The DTail server now runs as a ``systemd`` service under system user ``dserver``. However, the system user ``dserver`` has no permissions to read the SSH public keys from ``/home/USER/.ssh/authorized_keys``. Therefore, no user would be able to establish an SSH session to DTail server. As an alternative path DTail server also checks for public SSH key files in ``/var/run/dserver/cache/USER.authorized_keys``.
 
-It is recommended to execute [update_key_cache.sh](../samples/update_key_cache.sh.sample) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job or a systemd timer to run every once in a while, e.g. every 30 minutes:
+It is recommended to execute [update_key_cache.sh](../examples/update_key_cache.sh.example) periodically to update the key cache. In case you manage your public SSH keys via Puppet you could subscribe the script to corresponding module. Or alternatively just configure a cron job or a systemd timer to run every once in a while, e.g. every 30 minutes:
 
 ```console
-% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/update_key_cache.sh.sample |
+% curl https://raw.githubusercontent.com/mimecast/dtail/master/examples/update_key_cache.sh.example |
     sudo tee /var/run/dserver/update_key_cache.sh
 % sudo chmod 755 /var/run/dserver/update_key_cache.sh
-% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver-update-keycache.service.sample |
+% curl https://raw.githubusercontent.com/mimecast/dtail/master/examples/dserver-update-keycache.service.example |
     sudo tee /etc/systemd/system/dserver-update-keycache.service
-% curl https://raw.githubusercontent.com/mimecast/dtail/master/samples/dserver-update-keycache.timer.sample |
+% curl https://raw.githubusercontent.com/mimecast/dtail/master/examples/dserver-update-keycache.timer.example |
     sudo tee /etc/systemd/system/dserver-update-keycache.timer
 % sudo systemctl daemon-reload
 % sudo systemctl start dserver-update-keycache.service
@@ -119,7 +119,7 @@ Now you should be able to use DTail client like outlined in the [Quick Starting
 
 # Monitor it
 
-To verify that DTail server is up and running and functioning as expected, you should configure the Nagios check [check_dserver.sh](../samples/check_dserver.sh.sample) in your monitoring system. The check has to be executed locally on the server (e.g. via NRPE). How to configure the monitoring system in detail is out of scope of this guide.
+To verify that DTail server is up and running and functioning as expected, you should configure the Nagios check [check_dserver.sh](../examples/check_dserver.sh.example) in your monitoring system. The check has to be executed locally on the server (e.g. via NRPE). How to configure the monitoring system in detail is out of scope of this guide.
 
 ```console
 % ./check_dserver.sh

samples/dtail.schema.json → examples/dtail.schema.json

@@ -347,6 +347,24 @@
         "SSHBindAddress": {
           "type": "string"
         },
+        "KeyExchanges": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "Ciphers": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "MACs": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
         "HostKeyFile": {
           "type": "string"
         },

go.mod

@@ -5,9 +5,6 @@ go 1.20
 require (
 	github.com/DataDog/zstd v1.5.5
 	golang.org/x/crypto v0.10.0
-)
-
-require (
 	golang.org/x/sys v0.9.0 // indirect
 	golang.org/x/term v0.9.0 // indirect
 )

go.sum

@@ -1,8 +1,8 @@
-github.com/DataDog/zstd v1.5.5 h1:oWf5W7GtOLgp6bciQYDmhHHjdhYkALu6S/5Ni9ZgSvQ=
 github.com/DataDog/zstd v1.5.5/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
+github.com/DataDog/zstd v1.5.5 h1:oWf5W7GtOLgp6bciQYDmhHHjdhYkALu6S/5Ni9ZgSvQ=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
+golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
 golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=

internal/clients/stats.go

@@ -34,7 +34,7 @@ func newTailStats(servers int) *stats {
 	}
 }
 
-// Start starts printing client connection stats every time a signal is recieved or
+// Start starts printing client connection stats every time a signal is received or
 // connection count has changed.
 func (s *stats) Start(ctx context.Context, throttleCh <-chan struct{},
 	statsCh <-chan string, quiet bool) {

internal/config/server.go

@@ -61,6 +61,12 @@ type ServerConfig struct {
 	Schedule []Scheduled `json:",omitempty"`
 	// Continuous mapreduce jobs
 	Continuous []Continuous `json:",omitempty"`
+	// The allowed key exchanges algorithms.
+	KeyExchanges []string `json:",omitempty"`
+	// The allowed cipher algorithms.
+	Ciphers []string `json:",omitempty"`
+	// The allowed MAC algorithms.
+	MACs []string `json:",omitempty"`
 }
 
 // Create a new default server configuration.

internal/server/server.go

@@ -39,11 +39,17 @@ func New() *Server {
 	dlog.Server.Info("Starting server", version.String())
 
 	s := Server{
-		sshServerConfig: &gossh.ServerConfig{},
-		catLimiter:      make(chan struct{}, config.Server.MaxConcurrentCats),
-		tailLimiter:     make(chan struct{}, config.Server.MaxConcurrentTails),
-		sched:           newScheduler(),
-		cont:            newContinuous(),
+		sshServerConfig: &gossh.ServerConfig{
+			Config: gossh.Config{
+				KeyExchanges: config.Server.KeyExchanges,
+				Ciphers:      config.Server.Ciphers,
+				MACs:         config.Server.MACs,
+			},
+		},
+		catLimiter:  make(chan struct{}, config.Server.MaxConcurrentCats),
+		tailLimiter: make(chan struct{}, config.Server.MaxConcurrentTails),
+		sched:       newScheduler(),
+		cont:        newContinuous(),
 	}
 
 	s.sshServerConfig.PasswordCallback = s.Callback

internal/version/version.go

@@ -13,7 +13,7 @@ const (
 	// Name of DTail.
 	Name string = "DTail"
 	// Version of DTail.
-	Version string = "4.1.1"
+	Version string = "4.2.0"
 	// Additional information for DTail
 	Additional string = "Have a lot of fun!"
 )